Upload
matthew-mccormick
View
219
Download
0
Tags:
Embed Size (px)
Citation preview
Digital Object Architecture
Giridhar [email protected]
Corporation for National Research Initiativeshttp://www.cnri.net/
Proposed GENI Services
• GENI Federated Clearinghouse• Security Model• GENI Experiment Management
Service
Discov
er &
Acc
ess Discover & Access
Cluster A Experimenter Cluster B Experimenter
Cluster A Cluster B
?
Resource Discovery
Discover & Access Discover & Access
AdaptAdapt
Adapt in the Backend
Interoperability Layer
GENI Federated Clearinghouse (GFC)
• Spiral 1:– Defined a basic data model of the GFC– Implemented a prototype of the GFC that federates records from ProtoGENI– Prototype is made available at http://geni.doregistry.org/GFC/– Assumed that the GFC service was part of the control framework
• Spiral 2:– Plan to integrate with other clusters and make the GFC operational– Assuming that the GFC service is an experimental service not a core control
framework component• Goals
– To allow resource (and other entities) discovery across clusters– To provide an interoperability layer between various existing clearinghouse
models by defining a common mapping model– To provide an open-source clearinghouse software that future, or existing,
GENI communities can use
UserUser IdentifierIdentifier
Public Key orX509 CertificatePublic Key or
X509 Certificate
DescriptionDescriptionHRNHRN
ContactContact
CredentialsCredentials
ResourceResource IdentifierIdentifier
ComponentIdentifier
ComponentIdentifier
RSpecRSpecDescriptionDescription
StatusStatus
CredentialsCredentials
ComponentComponent IdentifierIdentifier
ComponentManagerIdentifier
ComponentManagerIdentifier
DescriptionDescriptionHRNHRN
Resource IdentifierResource Identifier
SliceSlice
Sliver IdentifierSliver Identifier
HRNHRN
IdentifierIdentifier
DescriptionDescription
Slice AuthorityIdentifier
Slice AuthorityIdentifier
User IdentifierUser Identifier
CredentialsCredentials
Owner or NotOwner or Not
StatusStatus
TypeTypeTypeType
ServiceService IdentifierIdentifier
Access DetailsAccess Details
Public Key or X509Certificate
Public Key or X509Certificate
PoliciesPolicies
TypeType
SliverSliver
Slice IdentifierSlice Identifier
HRNHRN
IdentifierIdentifier
DescriptionDescription
ExpirationExpiration
StatusStatus
ResourceIdentifierResourceIdentifier
StatusStatus
Aggregate Manager Identifier
Aggregate Manager Identifier
HRNHRN
IdentifierIdentifier
DescriptionDescription
Component Identifier
Component Identifier
AggregateIdentifier
AggregateIdentifier
AggregateAggregate
Data Model
10510
For example, University of Wisconsin component identifier:10510.3.2/2f61b3fe-22cb-102c-a837-00304868a4be-r-c7300-32-c
10510.0(GPO)
10510.1(TIED)
10510.3(ProtoGENI)
10510.n…
10510.3.0(Sandbox)
10510.3.1(University ofUtah Node)
10510.3.2(University of
Wisconsin Node)
10510.3.3(University of
Kentucky Node)
10510.3.4(University ofWashington
Node)
Issued/Used by ProtoGENI Clearinghouse
10510.3.n…
Namespace
Global HandleRegistry
Global HandleRegistry
GFC Client
GENI Federated
Clearinghouse (GFC)
GENI Federated
Clearinghouse (GFC)
1. Which Handle Server do I ask for handle 10510.3.1/456?
2. Ask Handle Server"1"
5. Resolve User 10510.3.1/456
3. Resolve 10510.3.1/456
Organization A
GFC MirrorHandle Server “1"
Organization N
GFC MirrorHandle Server "X"
User Record for 10510.3.1/456HRN
DescriptionContactPublic Key or X509 Certificate
Credentials
6. User Record
Handle Record for 10510.3.1/456Registry InformationType of Record: "User"Stored or not
4. Handle Record
Scalability
Security: PKI
• Public Key Infrastructure, an effective and standards-based solution, allows for secure processing of identity claims
• Issues– Trust is assumed to be transitive, e.g., trusting certificate authorities
(CA) implies trusting end users– Managing trust stores and revocation lists is manual and ad hoc– Every server part of a common service, e.g., GENI service, needs to be
explicitly synchronized among each other to be effective
• Resolution– Need explicit “trust” management mechanism– Need dynamic, synchronized, and distributed management of trust
stores
Organization X10510.3.1/*
GENI Trusted Handle Services
Organization Y10510.3.2/*
GENI Service D
GENI Service B
GENI Service C
1. Claims to be 10510.3.1/456
3. Issues PKI Challenge
4. Successfully Responds
1. Falsely Claims to be 10510.3.2/789
3. Issues PKI Challenge
4. Fails the Challenge2. Trusts 10510.3.2/* & Retrieves Public Key
GENI Service A
1. Claims to be abc/123
2. Does Not Trust abc/*& Denies the Claim
1. Falsely Claims to be 10510.3.2/abc
3. Denies the Claim
2. Trusts 10510.3.2/* but fails to find the record
Revoked user claimUn-trusted user claim
Trusted user claim False claim by an intruder
2. Trusts 10510.3.1/* & Retrieves Public Key
Proposed Security Model
Proposed Security Model
• Complete details of the proposed model is available here: http://groups.geni.net/geni/attachment/wiki/DigitalObjectRegistry/ClearinghouseSecurityReqmnts.pdf
• The model allows users to claim their identifiers (handles) explicitly or implicitly using certificates
• The model requires trusting the Handle System– caBIG, a Grid application based on the Globus Toolkit (Grid
middleware), verified and experimented with the Handle System successfully for service end-point authentication
– CHI project, another Grid application using the Globus Toolkit, is currently using/experimenting with the Handle System for identifying metadata records and access controls
– Frank Siebenlist, from Argonne National Laboratory, is the POC for the Handle System effort in those two projects
Spiral 1 Integration Issues
• GFC– Other than ProtoGENI, no other cluster participated in
the federation– Possible reasons:
– Supporting the GFC to be a core control framework component may be orthogonal to the clusters’ goals
• Clusters have, or soon will have, their own clearinghouses serving the users (so why support another clearinghouse)
• Security Model– Unexplored by GENI members, so it’s still an unknown
entity
Spiral 2 Integration Plan
• GFC– Restate the role of the GFC as an experimental
service• Consequently, the GFC does not affect the clusters’
approach to clearinghouses
• Security Model– Push the model details to the OMIS group and get
it evaluated• Work with the OMIS group to integrate with
other clusters
Experiment Management• Experiments have, and result in, various resources
which are related to each other (e.g. specs, logs, software, etc.)
• Packaging those resources together (logically) is important while archiving, in order to reuse, repurpose, or reanalyze– Those resources, however, exist on multiple platforms and
environments• Solution: A unified service that establishes the
relationship between various resources and that integrates with heterogeneous repositories would meet these requirements
Experiment ID 1
Experiment ID 2
Source code ID YLogs/Results ID A
ExperimentRelationshipGraph
Source code ID YLogs/Results ID B
ExperimentRelationshipGraph
AccessLayer
I need to know about Experiment with ID
1.
ExperimentRelationship
DefinitionLayer
Tool
Logs
SourceCode
Here are thelogs.
Here is the source
code.
Graph of RelatedLogs
Graph of RelatedLogs
RepositoryInfrastructur
e
Graph of Related Documents
Graph of S/W Dependencies
Trac
File System/ Amazon S3
Digital Object Repository
Subversion
Specification ID X
Specification ID X
Regular User
Experimenter
Administrator
GENI Experiment Management Service
Spiral 2 Integration Plan
• Host an Experiment Repository for GENI members– Done!
• Develop a prototype demonstrating the GEMS capability– Done!
• Work with both the Experiment and OMIS working groups to define an interface for the GENI Experiment Management Service, involving experimenters from various clusters