View
215
Download
0
Category
Tags:
Preview:
Citation preview
All Hands Meeting 2005
BIRN Portal Architecture: Security
Jana Nguyen
jnguyen@ncmir.ucsd.edu
Current BIRN Portal Architecture
Based on Perl Limited extensibility Not easy to setup distributed collaborative
environment development
How can BIRN portal benefit from GridSphere?
With portlets easy to extend Modular development model Built-in features including user management, role
based access control Supports credential management
• Interfaces to on-line credential repositories
Community development of portlets, e.g. gridportlets, GAMA (GEON/Telescience/BIRN)
Credential management provides distributed development environment
BIRN Portal Architecture
Portal server 2
BIRN Portal server
retrieve credential
DBDB
gridportlets
gama
GridSphere
Servlet container
projectportlets
siteportlets
Grid Account Management Architecture
(GAMA) server
Distributed portalenvironment
gridportlets
Account Management Goals
Currently centralized user management• Done through BIRN CC
Move to distributed Registration Authority (RA’s)• Local site to add, modify and delete its users
Why we need RA’s?• Avoid bottleneck• Local sites know their users• Improves auditing • Local sites have control of their users
Site Registration
Site Registration & Management• Site tracking system• Require approval
Site Management
Portal Security
Why GAMA?• Complete GSI credential
management system • Dedicated security server• Portlets for handling
accounts
Releases• 3.0 – Accounts approved
as in current Portal • 4.0 – Distributed RA’s
Online Credential Repository
Myproxy Online Credential Repository Component of GAMA Stores credentials securely online Credentials available at anytime or anywhere
Myproxy usability
Portal Security / GAMA Architecture
Portal server 2
GAMA server
CA
MyProxy
AX
IS W
eb S
ervi
ces
wra
pper
….
Servlet container
import user
retrieve credential
Stand-alone applications
retrieve credential
DBDB
BIRN Portal
Java keystoreJava keystore
Servlet container
create user
Java keystoreJava keystore
Storage Resource Broker (SRB) Portlets
SRB Portlets• Adapted
from Telescience
• Provides a uniform interface
• Auditing: Logs,
read, and writes
What has been done?
Setup Gridsphere and GAMA• Hibernate mapping to Postgres database persists
gridsphere and GAMA data
Data Migration• Users won’t need to apply for new accounts
Site Registration and Project Management • Portlets developed
Recommended