Umbrella IT Needs of and Vision for Photon

Umbrella IT Needs of and Vision for Photon / Neutron Community 2 nd workshop, federated identity systems, Oxford November 2/3, 2011 11

Umbrella The user community I q Photon facilities ü Synchrotrons and Free Electron Lasers (FELs) ü Light of highest brightness ü Typical range from infra-red to Xrays ü Facility size hundreds of meters ü About 15 synchrotrons in EU (ESRF + national) q FELs, even 103 to 106 times brighter ü SLAC/Stanford, DESY/Hamburg, FEL/Spring-8/Japan, PSI/Villigen ü Membrane proteins; microscopic movies of chemical reactions q Neutron facilities ü Complementary ü Similar user community q Small teams, visit for ü Few hours (structural biology) to ü Few weeks (superconductivity, nano investigations) 2 nd workshop, federated identity systems, Oxford November 2/3, 2011 2

Umbrella The user community II q In EU >> 30’ 000 visiting users /y ü Large overbooking (≥ 3: 1), low chance to be accepted ü Important to minimize administrative load (Local user offices) q On-site visits ü Short duration ü In part spontaneous (keep that attraction) ü Part-time users q Decentralized structure (compare e. g. to CERN) ü Manifold research fields ü Many data sources facilities ü National character of facilities, report to own governments q Zoo of research areas ü Archaeology, chemistry, materials + analytical sciences, life sciences ü Physics is minority ü Linking element is common use of large facilities (not science field) ! 2 nd workshop, federated identity systems, Oxford November 2/3, 2011 3

Umbrella What are the IT requests? q Huge datasets ü Novel 2 D detectors, quantum leap in data quality, but also data volumes ü multi-image techniques (tomography, lens-less imaging) ü molecular movies at FELs ü ‘Petabyte’ ‘normal’ unity; time over for ‘hard-disk in the trouser pocket’ q Trans-facility experiments ü Standardize proposal procedures on EU scale q Remote data access ü analyze data remotely at facility ü combine datasets taken at different facilities ü clouds (commercial, community-based) ü respect confidentiality restrictions q Remote experiment access ü basic: passive online access to measured data ü advanced: active control q PR Issues ü Improve corporate identity ü Improve public lobbying 2 nd workshop, federated identity systems, Oxford November 2/3, 2011 4

Umbrella Vision, Solution Characteristics q Incorporate confidentiality aspects ü High competition, especially structural biology ü Time-window structured access to experiments and data q Rely on existing local user office structure ü Great experience ü DIY (Do It Yourself) operation § Users: manage their personal entries § User offices: supervising; manage authorizations q Base system on professional authentication standard ü Shibboleth, federated Single-Sign-On System (SAML), widely used ü special photon / neutron user federation ü only one identity provider ü supervising by local User Offices q Umbrella prototype concept ü-> 2 nd workshop, federated identity systems, Oxford November 2/3, 2011 5

Umbrella as Prototype q Incorporate confidentiality aspects ü High competition, especially structural biology ü Time-window structured access to experiments and data q Rely on existing local user office structure ü Great experience ü DIY (Do It Yourself) operation § Users: manage their personal entries § User offices: supervising; manage authorizations q Base system on professional authentication standard ü Shibboleth, federated Single-Sign-On System (SAML), widely used ü special photon / neutron user federation ü only one identity provider ü supervising by local User Offices q Concept ü Unique user identification on EU scale ü Hybrid information storage ü No automatic cross-facility information exchange ü Multi-level identification (maximum autonomy to facilities) ü Waterproof but slim data protection system 2 nd workshop, federated identity systems, Oxford November 2/3, 2011 6

Umbrella Use case: Remote data access q Embargo vs. post-embargo period üEmbargo (first 3 y): confidentiality, access to own team only ü Post-embargo: free access, possibly via registration q Standardized / automatized access rights ü manual central authorization impossible ü 1‘ 000 s of experiments, 10‘ 000 s of users q. Identity by Umbrella ü Unique, EU-wide user authentication q Keep Role of proposal as organizing element ü Users convene for a short time slot for performing an experiment ü Principal investigator / main proposer ü Who participates in experiment, has access right to data ü Proposal officially accepted by facility, PI is official contact ü PI defines experiment participants (practically existing WUO tool) 2 nd workshop, federated identity systems, Oxford November 2/3, 2011 77

Umbrella The Umbrella Concept User UOffice 3 UOffice 2 UOffice 1 Fig. 1 2 nd workshop, federated identity systems, Oxford November 2/3, 2011 8

Umbrella Hybrid concept (central and federated) Answer to conflicting requests: ØEfficient technology ØConfidentiality ØConsequent distinction of authentication and authorisation User info Proposal Modules Affiliation info Central (common) part o Identification o Registration for central serv. o Modules with general, scientific info o Department o Postal address Central phone Local facility part o Detailed info o Roles at facilities o Proposer info o Roles at facilities o Facility specific city code (e. g. for EU reimbursement 2 nd workshop, federated identity systems, Oxford November 2/3, 2011 99

European Proposal Handling (EPH) Umbrella EPH characteristics q Present situation: ü heavy administrative load on users ü no synchronization in call for proposals ü no EU proposal standard ü start always from scratch in spite of iterative character q Umbrella answer: subdivision into different parts ü Statistical ü Facility ü General (science) q Umbrella solution characteristics ü Federated proposal storage at facilities ü Compatibility with existing proposal handling ü Federated hybrid user database ü No Cross / trans-facility actions ü User: significant reduction of administrative load ü Facilities: no change in proposal handling work flow ü Proposals are key elements for remote data access 2 nd workshop, federated identity systems, Oxford November 2/3, 2011 10

Umbrella Friendly user phase Applications to test v EAA: registration, mutation v European Proposal Handling (EPH) v Remote Data Access (i. Cat as possibility) v Remote Experiment Access (Moonshot as possibility) v Standard Affiliation Database? q Environment offered v Prototype of central web site v Umbrella + WUO test versions (DESY, PSI, ESRF, ? ? ) q System users v External expert users (ESUO, ETH, Bio. Struct, ? ? ) v Local facility experts (DESY) 2 nd workshop, federated identity systems, Oxford November 2/3, 2011 11 11

Umbrella road map q till January, 31: Umbrella preparation v Definition of active participants v Definition of elements to offer to users v Definition of web portal v Documentation v Final developments q from February 1, Friendly user phase v Contact of users v Umbrella + WUO test versions (DESY, PSI, ESRF, ? ? ) q from May 31 v Workshop with all participants v Concluding feedback document v Implementation of feedback q from September 1, Implementation 2 nd workshop, federated identity systems, Oxford November 2/3, 2011 12 12

Umbrella collaborators q DESY v Frank Schluenzen, Rolf Treusch, Jan-Peter Kurz, Ulrike Lindemann q Fermi/Elettra v Ornela Degiacomo, Giorgio Paolucci q ESRF v Rudolf Dimper, Dominique Porte, Stefan Schulze q European XFEL v Krzysztof Wrona q HZB v Thomas Gutberlet, Dietmar Herrendoerfer, Olaf Schwarzkopf q IPJ (Poland) v Robert Nietubic q Max. LAB v Ulf Johansson q PSI v Bjoern Abt, Stephan Egli, Stefan Janssen, Markus Knecht, Mirjam van Daalen, Heinz J Weyer q Soleil v Frederique Fraissard q STFC v Anthony Gleeson, Bill Pulford 2 nd workshop, federated identity systems, Oxford November 2/3, 2011 13 13

Umbrella Conclusion q Demands at large photon / neutron facilities very clear to IT responsibles v Unique user ID v Remote data and experiment access v Need for user and facility friendliness v Very large number of visiting scientists: Need slim and efficient system q Reduced excitement on management (and user? ) side v Resources v Confidentiality v Scientific competition q Overlapping IT communities v Large facilities and universities (educational sector) v Large facilities and university labs q Umbrella as prototype v common web portal v Slim solution, no top down organization, self service elements v Build on existing infrastructure, clear topology, no double worlds 2 nd workshop, federated identity systems, Oxford November 2/3, 2011 14 14