JISC

Final report

Overview

Research is increasingly both driven by and a generator of data on a large scale, and this data is often managed using data grid middleware, such as Storage Resource Broker or its successor (with significantly enhanced functionality) iRODS In such dynamic grid environments, access management is of key importance. Identity-based authorisation does not scale well, and does not easily support role-based access. Moreover, the complexities of using certificates discourage uptake of grids among some researchers. If a broader community is to engage with grids, access management must be addressed to their satisfaction.

Aims and objectives

The project will address two complementary aspects of access management for virtualised resources in iRODS data grids:

• access control that allows fine-grained access rights to be defined for roles, not just user identities.
• capture and recording of provenance metadata that tracks access to resources.

These issues will be addressed by integrating Shibboleth with iRODS, enabling authentication of a user to be devolved onto the user’s home institution, and authorisation to be based on Shibboleth attributes. The enhanced software will be incorporated into a prototype data grid and made available for evaluation by users, and in particular by the NGS.

Project methodology

The project will have three broad phases:

• Requirements definition, in liaison with stakeholders in various disciplines, to ensure that the implementation is grounded in authentic user needs.
• A modular approach to development, so that the enhancements can be incorporated with minimal change to the core software, and are decoupled from the iRODS architecture, to enable different implementations of authorisation or provenance services to be used by different iRODS systems.
• An iterative approach to evaluation in collaboration with potential users, and in particular with the NGS. This implies that the development and evaluation phases will overlap to a significant degree.

Anticipated outputs and outcomes

The main outputs will be:

• Use cases and requirements.
• Software modules for iRODS that support capture of Shibboleth attributes, use of Shibboleth attributes for determining access to iRODS data resources, and capture of provenance metadata.
• A prototype Shibboleth-enabled iRODS data grid, based at STFC and KCL, available as a test bed for NGS and other users.
• Case study.

ASPiS will demonstrate the utility of iRODS for managing research data, will simplify access management for iRODS data grids, and will enable data grids to be more easily integrated within the UK Access Management Federation.

Technology / Standards used

Technologies: iRODS, Shibboleth

Lead Institution

• Centre for e-Research, King’s College London

Project partners

• Science and Technology Facilities Council