Cyber- -Science Infrastructure: Science Infrastructure: Cyber - - PowerPoint PPT Presentation

cyber science infrastructure science infrastructure cyber
SMART_READER_LITE
LIVE PREVIEW

Cyber- -Science Infrastructure: Science Infrastructure: Cyber - - PowerPoint PPT Presentation

May 08, 2023 201 likes •415 views

Cyber- -Science Infrastructure: Science Infrastructure: Cyber Cyber-Science Infrastructure: the next- -generation national academic generation national academic the next the next-generation national academic information infrastructure for

slide-1
SLIDE 1

1

21st APAN e 21st APAN e-

  • Scinece

Scinece 1 1

Cyber-Science Infrastructure:

the next-generation national academic information infrastructure for interuniversity collaboration in Japan

Cyber Cyber-

  • Science Infrastructure:

Science Infrastructure:

the next the next-

  • generation national academic

generation national academic information infrastructure for interuniversity information infrastructure for interuniversity collaboration in Japan collaboration in Japan

Yasuo OKABE

Academic Center for Computing and Media Studies, Kyoto University

  • kabe@i.kyoto-u.ac.jp
slide-2
SLIDE 2

2

21st APAN e 21st APAN e-

  • Scinece

Scinece 2 2

Tohok Tohoku Univers University ty Information Synergy Center Hokkaido Uni Hokkaido University ty Information Initiative Center Un Unive iversity o

  • f To

Tokyo kyo Information Technology Center Nagoya Nagoya U Univers iversity ty Information Technology Center Kyot Kyoto U

  • University

iversity Academic Center for Computing and Media Studies Osak aka Un Univer ersity Cybermedia Center Kyushu Kyushu U Univers iversity ty Computing and Communications Center

Sapporo Sendai Tokyo Kyoto Osaka Fukuoka

Information Infrastructure Centers in the Seven Universities in JAPAN

Nagoya National Institute of Informatics (NII)

slide-3
SLIDE 3

3

21st APAN e 21st APAN e-

  • Scinece

Scinece 3 3

Brief history of the federation among the Centers Brief history of the federation among the Brief history of the federation among the Centers Centers

1968~69

Established as supercomputer

centers for nation-wide service

1981

Connected by commercial X.25

service

1986

Dedicated interuniversity X.25

network service was started by NACSIS (predecessor of NII)

Federated Identity Management (~

2004)

Unified ID Online subscription to secondary

centers

1988

JAIN (Japan Academic Inter-

university Network) project started

IP over X.25

1992

SINET, the academic Internet

backbone service was started by NACSIS

2002

Operation of SuperSINET was

started

Grid Computing WG by 8 centers

2003

NAREGI (National Research Grid

Initiative) project started

slide-4
SLIDE 4

4

21st APAN e 21st APAN e-

  • Scinece

Scinece 4 4

slide-5
SLIDE 5

5

21st APAN e 21st APAN e-

  • Scinece

Scinece 5 5

slide-6
SLIDE 6

6

21st APAN e 21st APAN e-

  • Scinece

Scinece 7 7 Fundamental Resources for Academic and Research Activities

Education and Training / Encouraging Young Talent NAREGI (National Research Grid Initiative)

NII-REO (Repository of Electronic Journals and Online Publications

NII: Toward Cyber NII: Toward Cyber-

  • Science Infrastructure

Science Infrastructure

Next-generation Academic Information Infrastructure for Interuniversity Collaboration UPKI: Authentication and Authorization Platform Cyber-Science Infrastructure

★ ★ ★ ★ ★ ★ ☆

SINET/SuperSINET

National Academic Internet Backbone

北海道大学 東北大学 東京大学 NII 名古屋大学 京都大学 大阪大学 九州大学

GeNii (Global Environment for Networked Intellectual Information)

Corporation with Industry International Collaboration

slide-7
SLIDE 7

7

21st APAN e 21st APAN e-

  • Scinece

Scinece 8 8

NAREGI NAREGI NAREGI

National Research Grid Initiative

http://www.naregi.org/ collaboration projects among industry, academic sector and the government.

slide-8
SLIDE 8

8

21st APAN e 21st APAN e-

  • Scinece

Scinece 9 9

NAREGI Grid Middleware stack NAREGI Grid Middleware stack NAREGI Grid Middleware stack

http://www.naregi.org/concept/index_e.html#05

slide-9
SLIDE 9

9

21st APAN e 21st APAN e-

  • Scinece

Scinece 10 10

NAREGI CA NAREGI CA NAREGI CA

A full-fledged CA (Certificate Authority) Software for

PKI

Originally developed for Grid computing, but can be

used for general purpose

Free open source software

available at the download site http://www.naregi.org/download/ Many universities have already installed the NAREGI middleware on their testbed and join testing it.

slide-10
SLIDE 10

10

21st APAN e 21st APAN e-

  • Scinece

Scinece 12 12

Nationwide Academic Grid Networks

  • ver SuperSINET (experimental)

Nationwide Academic Grid Networks Nationwide Academic Grid Networks

  • ver
  • ver SuperSINET

SuperSINET (experimental)

(experimental)

AIST (Tsukuba) Kyushu I. Tech.

NAREGI Grid network

Kyushu U.

  • I. Molecular Sci.

(Okazaki) Tokyo I. Tech. Osaka U. NII NAREGI core

NAREGI NII Cluster NAREGI IMS Cluster

Doshisha SD

8-center Grid Computing WG network

Hokkaido U. Tohoku U.

  • U. Tokyo

Nagoya U. Doshisha U. Kyoto U. Kyushu U.

slide-11
SLIDE 11

11

21st APAN e 21st APAN e-

  • Scinece

Scinece 13 13

UPKI ー Inter-University Authentication and

Authorization Platform for CSI

UPKI UPKI ー ー Inter

Inter-

  • University Authentication and

University Authentication and Authorization Platform for Authorization Platform for CSI CSI

UPKI national academic authentication and authorization

infrastructure project has just started.

Conducted by NII and the information infrastructure centers in 7

universities

As a “glue” of SINET/SuperSINET high-speed backbone and the

Research Grid by NAREGI

Motivation

Actually, federated identity management is unavoidable even in a

(big) university

Many political and cultural issues also exist

slide-12
SLIDE 12

12

21st APAN e 21st APAN e-

  • Scinece

Scinece 14 14

Integrated Identity Management and Federated Identity Management Integrated Identity Management and Integrated Identity Management and Federated Identity Management Federated Identity Management

Integrated Identity Management

Scalability

Campus wide … maybe possible Nation wide … almost impossible International … never!

Federated Identity Management

Solution for federation among independent organizations

Standardization in OASIS SAML WG Liberty Alliance ID-FF, by Sun… WS-Federation , by Microsoft, IBM, …

Service Model

Identity Provider; IdP Service Provider; SP

slide-13
SLIDE 13

13

21st APAN e 21st APAN e-

  • Scinece

Scinece 15 15

What is Federated ID Management?

Case study in library service

What is Federated ID Management? What is Federated ID Management?

Case study in library service Case study in library service

In campus

Integrated ID management

One can use lending service or get copy service by showing his campus-

wide ID card (personnel ID or student ID)

Inter-university

SP (Service Provider) initiated

When a student visit another university, how can he use lending service?

IdP(Identity Provider) initiated

When a professor visit a local library in his university, how can he get

remote-copy service of books in a library in some other university?

In our UPKI

PKI (public Key Infrastracture) will be utilized in

authentication among universities in Japan.

slide-14
SLIDE 14

14

21st APAN e 21st APAN e-

  • Scinece

Scinece 18 18

UPKI: requirements UPKI: requirements UPKI: requirements

Scalability

up to 800 universities in Japan

Centralized system will never work Federated ID management is indispensable

Security

against so many cyber attacks and increasing physical attacks

Privacy

Compliant to the law of privacy protection in Japan

Enforced since April 2005.

Mobility

Both students and professors may visit other universities

Cost

Each National University has become an independent agency since 2004.

slide-15
SLIDE 15

15

21st APAN e 21st APAN e-

  • Scinece

Scinece 19 19

UPKI: basic idea UPKI: basic idea UPKI: basic idea

Deployment of Grid/PKI middleware for national academic AA

infrastructure

Management of faculty members, administrative staffs and students Virtual Organizations (VO) like committees, research groups or academic

societies should be supported

Targets all of

Educational activities like E-learning Administrative works like exchange of credits among universities Research activities like Grid computing Other networking services like WLAN roaming

and a single infrastructure is by all applications

AA based on Federated Identity Management is the key

PKI solves some authentication issues, but not all PKI itself has many problems in deployment

slide-16
SLIDE 16

16

21st APAN e 21st APAN e-

  • Scinece

Scinece 20 20

Univ A EE1A EE2A EE3A Univ B EE1B EE2B EE3B Private PKI (user certs) Private PKI Private PKI (user (user certs certs) )

NII PubCA Server cert Server cert

Public PKI (server certs) Public PKI Public PKI (server (server certs certs) )

UPKI UPKI UPKI

NAREGI-CA EE1A EE2A EE3A EE1B EE2B EE3B Can be shorten the issuing process of NAREGI and S/MIME certificates when user has Private CA certificate

Proxy Cert Proxy Cert Proxy Cert Proxy Cert Proxy Cert Proxy Cert

NAREGI PKI (Grid certs) NAREGI PKI NAREGI PKI (Grid (Grid certs certs) ) ID federation

NII PubCA

Public PKI (S/MIME certs) Public PKI Public PKI (S/MIME (S/MIME certs certs) )

PubCA S/MIME cert S/MIME cert NII PubCA

slide-17
SLIDE 17

17

21st APAN e 21st APAN e-

  • Scinece

Scinece 21 21

CA RA repository

registrar

Campus Public Wireless AP

Certif.

  • Prof. A

Pub key Certf. user (Prof. A)

Policy mapping

Hokkaido Univ.

register

Authentication for campus wireless LAN PKI

Campus LAN authenticatio

authorization

(private key)

PKI token

Bridge CA CA

Mutual auth

NII

  • Prof. A is

visiting

  • ther univ.

Roaming service

Mutual auth

slide-18
SLIDE 18

18

21st APAN e 21st APAN e-

  • Scinece

Scinece 22 22

Super- Scheduler ローカル スケジューラ (NQS) Information Service Grid VM User JOB accounting monitoring DEVIAS user admin NQS ERS Grid VM ユーザJOB Local Scheduler (NQS) Supercomputer Frontend accounting D E V I A S Application Server ローカル スケジューラ (SCORE) Grid VM ユーザJOB PC cluster

Development of Grid Middleware for e Development of Grid Middleware for e-

  • Science

Science

(Osaka University) (Osaka University)

:To be developed Local Scheduler (NQS) Frontend Submitting JOB via conventional system Submitting JOB via NAREGI JOB status

User registration Policy control accounting

subCA/RA N I I UPKI (authN) License ID license ID certificate Workflow tool

Campus AAI National AAI

slide-19
SLIDE 19

19

21st APAN e 21st APAN e-

  • Scinece

Scinece 27 27

UPKI: issues UPKI: issues UPKI: issues

How various services can be provided on a single AA infrastructure

Web services Reseach Grid Network services

Existing works

Grid and Middleware Research Activities

GridShib: Shibolleth for non-web-based applications EduRoam campus wireless roaming service architecture EGEE multi-VO support and delegation via MyProxy

Governmental AAI

E-authentication by the U.S. government GPKI, LGPKI and JPKI for Japanese e-government

How we learn from and how we can collaborate with?

To be discussed in APAN middleware WG

slide-20
SLIDE 20

20

21st APAN e 21st APAN e-

  • Scinece

Scinece 28 28

Summary:

Cyber-Science Infrastructure (CSI)

Summary: Summary:

Cyber Cyber-

  • Science Infrastructure (CSI)

Science Infrastructure (CSI)

Next-generation academic information infrastructure

for interuniversity collaboration

Conducted by National Institute of Informatics (NII) and

developed by information infrastructure centers in the seven universities (Hokkaido, Tohoku, Tokyo, Nagoya, Kyoto, Osaka and Kyushu)

Includes,

SuperSINET … Academic Research High-Speed

Backbone

NAREGI … Nationwide Research Grid UPKI .. Academin National AAI