Design and I m plem entation of GEO Grid Design and I m plem - - PowerPoint PPT Presentation

design and i m plem entation of geo grid design and i m
SMART_READER_LITE
LIVE PREVIEW

Design and I m plem entation of GEO Grid Design and I m plem - - PowerPoint PPT Presentation

Feb 14, 2024 267 likes •466 views

www.geogrid.org Design and I m plem entation of GEO Grid Design and I m plem entation of GEO Grid Security Security Yoshio Tanaka National Institute of Advanced Industrial Science and Technology (AIST) Japan 1 www.geogrid.org W hat is the

slide-1
SLIDE 1

www.geogrid.org

1

Design and I m plem entation of GEO Grid Design and I m plem entation of GEO Grid Security Security

Yoshio Tanaka National Institute of Advanced Industrial Science and Technology (AIST) Japan

slide-2
SLIDE 2

www.geogrid.org

2

W hat is the GEO Grid ? W hat is the GEO Grid ?

The GEO (Global Earth Observation) Grid is aiming at providing an E-Science Infrastructure for worldwide Earth Sciences communities to accelerate GEO sciences based on the concept that relevant data and computation are virtually integrated with a certain access control and ease-of-use interface those are enabled by a set of Grid and Web service technologies.

Geo* Contents Applications Satellite Data Satellite Data Map Map

Geology Geology

GIS data GIS data Field data Field data

Environment Environment

Resources Resources Grid Technologies Grid Technologies

Disaster mitigation Disaster mitigation

AIST: OGF Gold sponsor (a founding member) AIST: OGC Associate member (since 2007)

slide-3
SLIDE 3

www.geogrid.org

3 GEO Grid Contents Applications IT Infrastructure Satellite Imagery Geology archives Disaster mitigation Environment monitoring Software Hardware Japan, SE Asia Land slides, flood Security, data access, service registry, resource mgmt., Weg GIS, Workflow, U/I Portal, etc. Full L0 ASTER on disk MODIS on disk (East Asia) Sensors AsiaFlux, Field server Oil, Gas Storage, Servers Cluster computers Natural resource exploration Global warming, CO2 flux estimation

slide-4
SLIDE 4

www.geogrid.org

4 High resolution DEM provided from ASTER In-situ observations e.g. growth of a lava dome Simulation of lava and/ or pyroclastic flow on GEO Grid Hazard Map for Evacuation planning Monitoring of crustal deformation by PALSAR

A W orkflow exam ple A W orkflow exam ple “ “Disaster prevention and Disaster prevention and m itigation ( Volcano) m itigation ( Volcano) ” ”

ASTER PALSAR

slide-5
SLIDE 5

www.geogrid.org

5

Functional requirem ents for the I T infrastructure Functional requirem ents for the I T infrastructure Size scalability in near-real-time data handling and distribution Need to manage hundreds tera-bytes to peta-byte

  • f data.

Such data will be made available with minimum time delay and at minimum cost. Handling wide diversification of data types, associated metadata, products and services. Research communities wish to integrate various data according to their interests. IT infrastructure must support

the creation of user groups which represent various types

  • f virtual research/ business communities

Federation of distributed and heterogeneous data resources which is shared in such communities

slide-6
SLIDE 6

www.geogrid.org

6

Functional requirem ents for the I T infrastructure Functional requirem ents for the I T infrastructure ( cont ( cont ’ ’d) d)

Respecting data owner’s publication policies Some data are not freely accessible.

E.g. commercial data.

IT infrastructure must provide a security infrastructure which supports flexible publication policies for both data and computing service providers. Smooth interaction and loose coupling between data services and computing services A desirable IT architectural style would achieve loose coupling among interacting software agents to allow users both to create services independently, and to produce new application from them. IT infrastructure must support sharing, coordination, and configuration of environments for application programs and resources, depending on the user’s requirements.

slide-7
SLIDE 7

www.geogrid.org

7

Functional requirem ents for the I T infrastructure Functional requirem ents for the I T infrastructure ( cont ( cont ’ ’d) d) Ease of use End users should be able to access data and computing resources without the burden of installing special software and taking care of security issues (e.g. certificate mgmt.). Data and service providers should be able to easily make their resources available as services with desired access control. Administrators and leaders of communities should be able to create virtual communities easily by configuring appropriate access control. We must provide an ease-of-use framework for publishing services and user interfaces.

slide-8
SLIDE 8

www.geogrid.org

8

Design Policy Design Policy Introduces a concept of VO (Virtual Organization) Data and computation are provided as “services” via standard protocols and APIs. A VO is created dynamically by integrating available services and resources according to the interests and requirements of the VO. User-level Authentication and VO-level Authorization User’s right is managed (assigned) by an administrator of his belonging VO. Access control to a service is configured by the service provider according to the publication

  • policy. There are some options of the access

control

VO-level, Group/ Role-based, User-level, etc.

Scalable architecture for the number of users.

slide-9
SLIDE 9

www.geogrid.org

9

Overview and usage m odel of the GEO Grid Overview and usage m odel of the GEO Grid system system

slide-10
SLIDE 10

www.geogrid.org

10

Key Technologies: GSI and VOMS Key Technologies: GSI and VOMS Grid Security Infrastructure (GSI) is standard security technology used in the current Grid communities. Based on Public Key Infrastructure (PKI) and X.509 Certificates. Virtual Organization Membership Services (VOMS) is a software for creating/ managing VOs. Developed by European Communities Based on GSI End users of GEO Grid may not be required to understand GSI, VOMS, etc, but project (VO) admin should understand these technologies correctly.

slide-11
SLIDE 11

www.geogrid.org

11

Overview and usage m odel of the GEO Grid Overview and usage m odel of the GEO Grid system system

User-level Authentication and VO-level Authorization User’s right is managed (assigned) by an administrator of his belonging VO. Access control to a service is configured by the service provider according to the publication policy. There are some options of the access control

VO-level, Group/ Role-based, User-level, etc.

Scalable architecture for the number of users.

slide-12
SLIDE 12

www.geogrid.org

12

CA CA Account DB VOMS VOMS server server

A A

MyProxy

A A X.509 long-lived certificates X.509 proxy certificates w/ VOMS attributes GEO Grid Admin

login by username / password account creation

Project Admin

User A w/o certificate User B w/ certificate

B B

login by certificate

A A B B B B X.509 proxy certificates

Anonymous User anonymous login

request Service Provider

GEO Grid Portal

credential repository

GAMA Data / Computation Service PEP

GridMapAuthZ PDP BlackList PDP PDP #n WhiteList PDP VOMS PDP

PDPs

Decision request Decision Result

Access Control by Account Mapping

  • All members are mapped to a single account
  • Users are mapped to local account based on

groups (and role)

  • Users are mapped to pool account based on

groups (and role) Data / Computation

slide-13
SLIDE 13

www.geogrid.org

13

Portal server 2

GAMA architecture GAMA architecture

Portal server 1 GAMA server

CACL MyProxy CAS

AXIS Web Services wrapper

Servlet container

import user retrieve credential

Stand-alone applications

retrieve credential

DB DB gridportlets Java keystore Java keystore Java keystore Java keystore gama GridSphere Servlet container

create user

slide-14
SLIDE 14

www.geogrid.org

14

Account DB (GAMA) VO (VOMS) VO (VOMS) VO portal (gridsphere) VO portal (gridsphere) Account Portal (gridsphere)

Portal Portal v.s v.s. Accounts . Accounts v.s v.s. VO . VO

slide-15
SLIDE 15

www.geogrid.org

15

Current status of evaluation, integration, and Current status of evaluation, integration, and developm ents developm ents

Deployed and tested GAMA, VOMS server Pre-WS GRAM w/ VOMS WS GRAM w/ VOMS GridFTP w/ VOMS Apache w/ VOMS OGSA-DAI w/ VOMS Authorization using VOMS Different levels of AuthZ

VO, Group, Role, User

Different method for account mapping

Single account, pool account, account for individual user

Developed two functions for integrating GAMA and VOMS GAMA Portal accesses VOMRS (VO Management Registration Service) to register a new user with the VO when the account is activated. GAMA Portal generate a VOMS proxy from a proxy credential from the MyProxy server. Credential Portlet

slide-16
SLIDE 16

www.geogrid.org

16

TDRS Terra/ASTER ERSDIS/NASA APAN/TransPAC GEO Grid Cluster

L0 L0 L0 L0 L0 L0 L0 L0 L0 L0 L0 L0

Data GIS server WFS WCS Maps map server WMS Meta data catalogue/ metadata server CSW OGSA DAI GRAM GridFTP gateway server Storage (DEM) portal server GSI + VOMS GSI + VOMS GSI + VOMS Account DB account (GAMA) server VO DB VO (VOMS) server

user login credential GET query exec

slide-17
SLIDE 17

www.geogrid.org

17

Dem o Environm ents Dem o Environm ents -

  • SI MS ( ASTER+ MODI S+ Form sat2 )

SI MS ( ASTER+ MODI S+ Form sat2 )

Database Server (Sybase)

FORMOSAT-2

Application Server

OGSA- DAI Globus

SQL w/ JDBC

NSPO@TW

Database Server (PostgreSQL) ASTER MODIS OGSA- DAI

SQL w/ JDBC

OGSA- DAI Globus

AIST@JP

AIST OGSA-DAI Client Integration Framework with OGSA-DAI Java Program

SQL SQL SQL SQL SQL SIMS portlet

  • query data
  • create web page which

shows thumbnail images VOMS VOMS VOMS VOMS

slide-18
SLIDE 18

www.geogrid.org

18