Shibboleth Access to Resources on the National Grid Service
Aims and objectives
In this project (SARoNGS) it is proposed to take the first two components from SHEBANGS and deliver a production quality service for use by National Grid Service (NGD) users and resource providers. The project will deliver a standard platform for integrating external resource providers into the NGS using Shibboleth authentication mechanisms. This will be in the form of a production quality CTS service, developed to work with standard VOMS services and provisioned with web service interfaces such that external resource providers can interface with the NGS with minimal development effort required. At the Shibboleth authentication level the service delivered as part of this project will interface with the UK Access Management Federation and thus provide a transparent and seamless access to grid resources for users who already have access to a Shibboleth identity.
Project methodology
The project has been divided into 7 work packages, each is described below:
- WP1: Management
- WP2: Shibboleth based Certificate Authority
- WP3: Shibboleth based VOMS Front-end
- WP4: VO Registration Interface
- WP5: CTS based Virtual Organisations
- WP6: Developing VOMS-aware services
- WP7: Future recommendations: Access Management Federation Scoping
Anticipated outputs and outcomes
Outputs:
-
Project management work plan and final report
-
Interim requirements report after 2 months of project start, final report within 1 month of the end of the project
-
A Modified Credential Translation Service (CTS) which works with the “Shibbolised” MyProxy
-
A modified MyProxy Server
-
One instance of CTS registered as an SP in the UK Federation, to permit every user from every institution with an IdP access to the NGS.
-
Software, including various integrated upload and download tools supporting non-portal access.
-
Secure website service for use with Shibboleth (to host the CTS).
-
Production Deployment of PERMIS from the VPMan project.
-
Exemplar service for accessing MIMAS data sets hosted on NGS Production hardware.
-
Project website, documentation and international workshop on usage of VO enabled Shibboleth within a grid environment.
-
Outputs submitted to e-Framework.
The main outcome will be greater uptake of grid computing within the UK.
Technology / Standards used
|
Name of standard or specification |
Version |
Notes |
|
X.509 proxy certificates |
RFC 3820 |
Use as is |
|
X.509 attribute certificates |
X.509 |
Use VOMS variants |
|
SAML (attribute assertions) |
SAMLv1.1 or 2.0 |
Use to pull attributes from a VOMS server |
|
XACML (request context) |
V2 |
Use in GT4 to interface to PERMIS PDP |
Lead institution
Project partners
Project Staff
Project Manager
- Dr Andrew Richards, STFC e-Science Centre, Rutherford Appleton Laboratory, Harwell Science and Innovation Campus, Chilton, Didcot, Oxfordshire, OX11 0QX
Project team
- Dr Jens Jensen, STFC e-Science Centre, Rutherford Appleton Laboratory, Harwell Science and Innovation Campus, Chilton, Didcot, Oxfordshire, OX11 0QX, Tel: 01235 446104, Fax: 01235 445945 j.jensen@rl.ac.uk
- Dr David Wallom, OeRC, c/o 13 Banbury Road, Oxford, OX2 6NN, Tel: 01865 610601, Fax: 01865 283375 david.wallom@oerc.ox.ac.uk
- Dr Mike Jones, Research Computing Services, University of Manchester, Oxford Road, Manchester, M13 9PL, Tel: 0161 275 7038, Fax: 0161 275 0637 mike.jones@manchester.ac.uk