PaN-data ODI WP3 User AAA Service (Umbrella System)

Heinz J Weyer, PSI 1

Umbrella

PaN-data ODI Kickoff meeting, STFC November 3/4, 2011 1

PaN-data ODI WP3 User AAA Service(Umbrella System)


Umbrella

PaN-data ODI Kickoff meeting, STFC November 3/4, 2011

What are the IT requests?

Huge datasets Novel 2D detectors, quantum leap in data quality, but also data volumes multi-image techniques (tomography, lens-less imaging) molecular movies at FELs ‘Petabyte’ ‘normal’ unity; time over for ‘hard-disk in the trouser pocket’

Trans-facility experiments Standardize proposal procedures on EU scale

Remote data access analyze data remotely at facility combine datasets taken at different facilities clouds (commercial, community-based)

Remote experiment access basic: passive online access to measured data advanced: active control

PR Issues Improve corporate identity Improve public lobbying


Umbrella


Incorporate confidentiality aspects High competition, especially structural biology Time-window structured access to experiments and data

Rely on existing local user office structure Great experience DIY (Do It Yourself) operation

Users: manage their personal entries User offices: supervising; manage authorizations

Base system on professional authentication standard Shibboleth, federated Single-Sign-On System (SAML), widely used special photon / neutron user federation only one identity provider supervising by local User Offices

Umbrella concept Unique user identification on EU scale Hybrid information storage No cross-facility information exchange Multi-level identification and trust (maximum autonomy to facilities)

Required Solution Characteristics


Umbrella


Description of work: To deploy, operate, and evaluate a system for pan-European user identification across the participating facilities and implement common processes for the joint maintenance of that system.

This is a necessary baseline for enabling seamless cross-facility data access and integration by individual users.

Deliverables: (m06) Specification of AAA infrastructure (m12) Pilot deployment of initial AAA service infrastructure (m18) Production deployment of AAA service infrastructure

Final goal: Completion of project delivering integrated services as planned

Tool:Umbrella

WP3: User Catalogue and AAA Service


Umbrella


The Umbrella Concept

User

UOffice2 UOffice1UOffice3

Fig.1


Umbrella


LocalWUOs

Userdatabase

User Interface

User portal

User

Remote accessservices

CommonUser

services

User

Traditional user office topology Planned Umbrella user office topology

ExperimentAccess

Dynamic beamline information

Coaching

FAQ Support

European proposal submission

Use

r In

terf

ace

=

6

Central portal


Umbrella


User

EUU

CoachingRef. DatabaseProp. Modules

Communitybranded

WUO1

Cen

tral

Par

tLo

cal P

art

Shibboleth IdPUser db

Affiliation db Facility neutral

EAA

WUO2 WUO3

A

A

A A A

A

User

A

7


Umbrella


Authentication (EU-unique (identification)

Proposal handling (thousands of proposals / year)

Coaching (support of novice users)

Prototypes: Umbrella + DUO (PSI): + SMIS (ESRF): + CAS (Diamond): + DOOR (DESY): +

Remote data access (petabytes of data): CRISP But more than authentication (e.g. data format, catalogues …)

Remote experiment login (young scientists; Fedex-style experiments)

But more than authentication (e.g. fire wall, experiment standardization, component protocols …)

EuroFEL(UmbrellaPrototype)

NextGeneration(Umbrella+)

User access, IT projects

8


Umbrella

PaN-data ODI Kickoff meeting, STFC November 3/4, 2011 9

Umbrella architecture


Umbrella


Hybrid concept (central vs. Federated)

Answer to conflicting requests:Efficient technologyConfidentialityConsequent distinction of authentication and authorisation

User info Proposal Modules

Central

(comm

on)part

Localfacilitypart

o Modules with general, scientific info

o Detailed infoo Roles at facilities

o Identificationo Registration for central serv.

Affiliation info

o Departmento Postal address Central phone

o Proposer infoo Roles at facilities

o Facility specific city code (e.g. for EU reimbur- sement

10


Umbrella


EPH characteristics

Present situation: heavy administrative load on users no synchronization in call for proposals no EU proposal standard start always from scratch in spite of iterative character

Umbrella answer: subdivision into different parts Statistical Facility General (science)

Umbrella solution characteristics Federated proposal storage at facilities Compatibility with existing proposal handling Federated hybrid user database No Cross / trans-facility actions User: significant reduction of administrative load Facilities: no change in proposal handling work flow

European Proposal Handling (EPH)


Umbrella


Statistics• Prop. info

Facility• Safety info• Shifts• Beaml. data• Referee info• Ranking• Sample info• …

General• Motivation• Curr. status• Results exp.• Technique• References• …

Lo

cal

f

acil

ity

WU

O

d

atab

ase

General• Motivation• Curr. status• Results exp.• Technique• References•…

PC

Co

py

Get local copy

Submissionportal• Search / locate• Alerts• Info service• Submission•…

Edit moduleLocate proposal


PC

Co

py

Curr. Status Lorem ipsum lorem ipsum Lorem ipsum lorem ipsum Lorem ipsum lorem ipsum Lorem ipsum lorem ipsum Lorem ipsum lorem ipsum


PC

Co

py

Statistics• Prop. info

Facility• Safety info• Shifts• Beaml. data• Referee info• Ranking• Sample info• …

General• Motivation• Curr. status• Results exp.• Technique• References• …

Lo

cal

f

acil

ity

WU

O

d

atab

ase

Update generalpart

Merge &Submit

EPH work flow

European Proposal Handling (EPH)


Umbrella


Embargo vs. post-embargo periodEmbargo (first 3y): confidentiality, access to own team only Post-embargo: free access, possibly via registration

Standardized / automatized access rights manual central authorization impossible 1‘000s of experiments, 10‘000s of users

Identity by Umbrella Unique, EU-wide user authentication

Keep Role of proposal as organizing element Users convene for a short time slot for performing an experiment Principal investigator / main proposer Who participates in experiment, has access right to data Proposal officially accepted by facility, PI is official contact PI defines experiment participants (practically existing WUO tool)

Remote data access, concept proposed

13


Umbrella


Pjxx

User3

User4

User1

User2

User5

PpA1Data1

PpA1User1User3User5

PpB1User1User3User5

PpB2User1User2

PpC1User3User4User5

Pjyy

User2

Pjzz

User4User5

PpA1DataN

….

PpB1Data1

PpB1DataN

….

PpB2Data1

PpB2DataN

….

PpC1Data1

PpC1DataN

….

Facility A

Facility B

Facility C

UsersUser Level

ProjectsProject Level

Proposals Experiments / DataFacility Level

User3

User1

User1

User3

User5


Umbrella


Applications to test EAA: registration, mutation European Proposal Handling (EPH) Remote Data Access (iCat as possibility) Remote Experiment Access (Moonshot as possibility) Standard Affiliation Database?

Environment offered Prototype of central web site Umbrella + WUO test versions (DESY, PSI, ESRF, ??)

System users External expert users (ESUO, ETH, BioStruct, ??) Local facility experts (DESY)

Roadmap Start February 1, 2012 Duration about 1/4y Concluding workshop Concluding document

Friendly user phase

15


Umbrella


EuroFEL WP2 Prototype developments for FEL facilities (March 2011)

Authentication: unique user ID Umbrella proposal system

CRISP WP16 PSI + ESRF, ESS, GSI, ILL, EU-XFEL Authentication for management of local and remote access to facilities,

experiments, data, and IT resources Prototype development

CRISP WP17 ILL + ESRF, CERN, DESY + Metadata management and mining service; data continuum Dual local / Umbrella operation possible

CRISP WP18 EU-XFEL + DESY, ESRF, ILL + High-speed Recording of Data

PaN-Data PSI + almost all European Photon / Neutron facilities Authentication implementation for Photon / Neutron facilities

FP7 Programs, Job Sharing

16


Umbrella


DESY Frank Schluenzen, Rolf Treusch, Jan-Peter Kurz, Ulrike Lindemann

DiamondBill Pulford

ESRF Rudolf Dimper, Dominique Porte, Stefan Schulze

European XFEL Krzysztof Wrona

Fermi/ElettraOrnela Degiacomo, Giorgio Paolucci

HZB Thomas Gutberlet, Dietmar Herrendoerfer, Olaf Schwarzkopf

IPJ (Poland) Robert Nietubic

MaxLAB Ulf Johansson

PSI Bjoern Abt, Stephan Egli, Stefan Janssen, Markus Knecht, Mirjam van Daalen, Heinz J Weyer

Soleil Frederique Fraissard

STFC Anthony Gleeson

Umbrella collaborators

17


Umbrella


React to increased access to facilities by non-classic users User friendliness Coaching Facility friendliness

Huge data rates for acquisition, transfer, storage Central federated identification Remote data and experiment access tools Umbrella: Tools independent from local tools

Increased need for common science-political visibility (funds)

Lobbying, Corporate identity Common web-portal

User management Common solutions: no special solutions, advantage for all Central vs. local: keep local where possible, central as umbrella

Umbrella >>> It’s time to open the Umbrella

Conclusion

18

Documents

PaN-data ODI WP3 User AAA Service (Umbrella System)