Information Technology Reference
In-Depth Information
3. The plugin asks the WS-PGRADE component
s CredentialProvider service for
the credential belonging to the given user and given resource.
4. The CredentialProvider service serves the credential for the DCI Bridge plugin.
5. The plugin can submit
'
the job to the selected computing infrastructure
'
s
resource, given that the credential is a valid one.
6.5.2 Robot Credentials
If a gateway administrator is about to offer the gateway
is services for end-user
scientists, then it is recommended to hide the computing infrastructure details from
the users. (The complicated procedure to get X.509 certi
'
cates often distracts end-
users from using DCIs even in the case of science gateways.) This also includes the
necessity to hide any credential-related interface; otherwise the users will have to
take care of acquiring and providing credentials to run their experiments on the
gateway. Only a user interface presenting solely experiment-related interfaces is
really handy for the e-Scientists.
The need to provide user credentials for using the computing infrastructures
behind the experiments can be solved by applying the robot credential concept. In
this concept, the developer who sets up the experiments for the end users is
responsible for attaching any necessary credential for running the experiments
(workflows) on the targeted computing infrastructures. The attached credentials
later can be used transparently by the end-users to actually run the experiments,
meaning they do not have to take care of providing their own credentials.
The EGI VO Portal Policy document [EGIVO] describes policies that should be
followed by e-Science gateways, assuming they would like to use robot certi
cates
(credentials) in the EGI infrastructure. In this section we give a brief overview of
this document, and present how WS-PGRADE/gUSE has applied this policy when
implementing robot credentials.
6.5.2.1 The Concept of Robot Credentials
As described previously,
cate provided by the users is used by the
computing infrastructure to identify any interaction with the infrastructure selected
by the user. The robot credentials are also used to identify some entity, but are more
related to a community, an application, or a science gateway, than a user. It follows
from this, that a robot credential can be used by a number of users to run appli-
cations on computing infrastructures. As a consequence, the entity offering the
usage of the robot credentials must keep track of the credentials
the certi
'
usage, so that any
interaction with the computing infrastructure performed with the robot credentials
can be tracked back to a user.
Search WWH ::
Custom Search