Information Technology Reference
In-Depth Information
computing infrastructure is necessary. In such cases, properly con
firewalls
should be set up to grant access to the Storage service only from the given com-
puting infrastructures.
gured
6.5 User Credentials
Once logged in, the users are able to run experiments on different computing
infrastructures, some of which require users to provide credentials. These credentials
can, for example, be a username and a password, or an X.509 [X509] certi
cate.
Thus, in order to be able to run the experiments, the user somehow has to present the
necessary credentials.
For this, two basic possibilities are available: either the user has to de
ne these
credentials on the user interface of the e-Science gateway, or the e-Science gateway
should include some prede
ned credentials (robot credentials) for running different
applications on the different computing infrastructures.
In the
first case (when the users have to provide their credentials) the gateway
assumes that its users are familiar with the security concepts of the different
computing infrastructures attached to the experiments, and that the users already
posses the necessary credentials. This means that the entry level to gateways
offering such experiments is higher; the users not only need to be familiar with the
targeted science domain, but the used infrastructure
s security concept as well.
On the other hand, in the case of using robot credentials, the whole back-end
infrastructure can be hidden from the e-Scientists. This means, that the users only
have to focus on their experiments, and no knowledge beyond their science domain
is needed in order to use the e-Science gateway
'
is services. However, applying the
robot credential concept on the gateway assumes that the gateway records all the
necessary information that is needed to connect any interaction with the computing
infrastructure to a gateway user. The policy for e-Science gateways that would like
to expose robot certi
'
cates in the EGI infrastructure is described in the EGI VO
Portal Policy document [EGIVO].
Of course, gateways have the freedom to offer these two possibilities simulta-
neously if needed. For example, some experiments can be run with robot creden-
tials, while some others may ask the users to enter their own credentials.
Additionally, if the gateway experiments are built on workflows, mixing these two
usage scenarios within an experiment is also possible.
6.5.1 User-Defined Credentials
The
first possibility of using credentials as presented in the introduction part of this
section is when users provide their own credentials for running the experiments. We
are going to discuss the following topics related to this possibility: a user interface
Search WWH ::
Custom Search