Upload
charity-franklin
View
213
Download
0
Embed Size (px)
Citation preview
Climate Sciences: Use Case and Vision Summary
Philip Kershaw [[email protected]]CEDA, RAL Space, STFC
Overview
• Update on developments since last workshop• Federated Identity for the Cloud
– Use case from two contrasting scenarios
• Vision Summary– What is the vision for this community– What are the issues we face and challenges we wish to address
Philip Kershaw [[email protected]]
Update from Last Workshop
• Earth System Grid Federation (ESGF): – a software infrastructure deployed in the first instance to support CMIP5
• CMIP5, a globally co-ordinated set of climate model experiments organised under the WCRP
• ESGF– Globally federated archive ~2.5Pb– 25k users worldwide (not just CMIP5)
• Security Architecture– Dual SSO methods supported: OpenID and MyProxyCA– SAML interfaces for attribute and authorisation queries
• ESGF now being deployed for other Earth science data– Earth observation and regional model data
• EGI – INSPIRE:– Project to enable access to ESGF resources via EGI– An inter-federation trust challenge
Philip Kershaw [[email protected]]
Federated Identity for Cloud: two contrasting scenarios
• CEMS (Climate and Environmental Monitoring from Space)– A UK facility for climate change and
environmental science using satellite data and services.
– Builds on ISIC (International Space Innovation Centre) public private partnership
– A focal point for science, government and commercial user communities.
– Data quality and integrity services and expertise
– Data hosting and processing facilities
• FP7 funded project over three years• Develop Federated cloud
infrastructure:– An abstraction layer to manage
resources over multiple cloud providers
• Platform as a Service solutions• Virtual Infrastructure Networks• Federated file system• SLA negotiation• Federated security• Build on Open Source cloud
solutionsPhilip Kershaw [[email protected]]
CEMS Architecture
Public and Commercial Cloud Infrastructure
Hardware – data storage [NCEO and Commercial Data] and processing
App 2 App 3 App NApp 1…
Business and researchuser communities
Data Access Quality Services
Core
Se
rvic
esAp
plic
ation
s
Clou
d M
anag
emen
t Se
rvic
es
Data Processing
CEMS: Federated Identity Challenges
• Access control is needed to enforce:– Licence agreements– Project restrictions– pay-for services?
• Federate identity needed to bridge:– academic and commercial organisations
• Bridging independent domains:– How to manage trust?– Communication of levels of assurance– Middleware to bridge independent access control infrastructures
• Integration with off-the-shelf cloud infrastructure
Philip Kershaw [[email protected]]
CONTRAIL: Federated Identity Challenges
• Layered architecture: federation abstracts individual providers and their resources• Single sign-on on two axes: external to federation and federation to provider• Credential management challenge: Resources may be long lived (e.g. a VM) but
dynamically provisioned– Virtual infrastructure networks may require dynamic creation of CAs
Philip Kershaw [[email protected]]
Climate Sciences: Vision Statement
• Project-oriented vs. ‘national’ federated identity management infrastructure– Projects require attributes scoped within the project’s domain covering multiple IdPs and possibly
federations– Can IdPs be expected to support attributes needed for multiple projects?– Project-wide attribute authorities needed to manage project attributes– Challenging to leverage national infrastructure for international projects!
• Inter-federation and bridging technologies– Management of levels of assurance between independent domains– Provenance of credentials
• Policies and trust– The lack of clear policy statements can inhibit the ability to interoperate with other established
systems.– Newer communities need to see the value of policies
• Cloud and virtualisation are creating new challenges– Dynamic provision of credentials for long lived resources
Philip Kershaw [[email protected]]