Jim Basney NCSA Marty Humphrey University of Virginia
-
Upload
aaron-simpson -
Category
Documents
-
view
33 -
download
2
description
Transcript of Jim Basney NCSA Marty Humphrey University of Virginia
National Center for Supercomputing ApplicationsNational Computational Science
National Computational Science
National Computational Science
Integration of the MyProxy Online Credential Repository
into the NSF Middleware Initiative
Software Infrastructure
Jim BasneyNCSA
Marty HumphreyUniversity of Virginia
National Center for Supercomputing Applications National Computational Science
National Computational Science
MyProxy
• Provides a repository for Grid (GSI) proxy credentials– Per-credential policy controls how the credential can
be retrieved
• Uses– Retrieve a proxy credential on demand from any
machine without distributing long-term credentials– Delegate a proxy credential without modifying existing
protocols (example: https to Grid portals)– Allow monitored, controlled renewal of delegated
proxy credentials rather than delegating long-lived proxy credentials directly
National Center for Supercomputing Applications National Computational Science
National Computational Science
MyProxy
Upload ProxyMyProxy Server
Web Portal
LoginFetch Proxy
Grid Resources
Scheduler
SubmitJobs
SubmitJobs
Renew Proxy
Fetch Proxy
Renew
Proxy
National Center for Supercomputing Applications National Computational Science
National Computational Science
MyProxy Status
• Initially developed at NCSA in 2000 by Jason Novotny and Von Welch for delegating credentials to Grid portals
• Updated to support per-credential authorization, direct retrieval, renewal, and Globus 2.0 in the last year
• Latest version available from http://www.ncsa.uiuc.edu/Divisions/ACES/MyProxy/
• NMI supporting continued NCSA/UVA development July 2002 - June 2004
National Center for Supercomputing Applications National Computational Science
National Computational Science
NMI Deliverables: Year 1
• Prepare for NMI distribution
• Support multiple credentials per user
• Provide a thread-safe C API library
• Integrate with Condor-G
• Support Kerberos authentication and storing Kerberos credentials
• Support audit functions
National Center for Supercomputing Applications National Computational Science
National Computational Science
NMI Deliverables: Year 2
• Submit OGSA-compliant protocol draft for credential retrieval services (a.k.a. token services) to GGF
• Provide an OGSA-compliant protocol implementation
• Develop and implement an authorization framework for credential repositories
• Develop mechanisms to reduce complexity for users managing multiple credentials