Information Technology Reference
In-Depth Information
Once the workflow developer saves the workflow, the following process is
performed for each workflow node with a robot credential association:
1. The WS-PGRADE portlet connects the DCI Bridge service, sending the node
'
s
executable and the robot credential
information entered by the workflow
developer.
2. The DCI Bridge generates a robot credential identi
er (a universally unique
identi
er, UUID), stores the information provided by the portlet in a
file using
er to the caller.
3. The WS-PGRADE portlet stores the returned identi
the generated identi
er, and returns the identi
er in the workflow node
'
s
description.
Using Robot Credentials for Job Execution
The concluding step of using robot credentials in WS-PGRADE/gUSE happens
during workflow node execution. In this case the workflow interpreter (WFI) is
interacting with the job submission component (DCI Bridge) based on the work-
flow
'
s description, where the WFI inserts the identi
er of the robot credential to be
'
used for the job
is submission if the job is set to be run using robot credentials. Once
the DCI Bridge receives the job description, it fetches any input file and executable
de
ned in the job
description. If yes, the DCI Bridge checks if there is a robot credential stored with
the given identi
ned for the job, and checks if a robot credential identi
er is de
er. If the requested credential exists, then it checks if the exe-
cutable de
ned for the robot credential is the same as the one provided within the
job description. If everything matches, then the DCI Bridge prepares the credentials
based on the information stored in the relevant robot credential, and arranges the
job
s execution on the selected target resource. In case of any problem (for
example, a different executable is provided or the robot credentials with the given
identi
'
t exist), the DCI Bridge checks if the user has provided his or her own
credential, and makes use of that one to execute the job. If the user hasn
er don
'
'
t provided
any credentials, the job fails.
6.6 Conclusions
Security is very important in case of publicly available services, like an e-Science
gateway. The gateway not only has to make sure that users accessing the tools
exposed are authenticated properly, but also is responsible for not allowing leakage of
data stored and produced by the users
'
experiments. In this chapter we discussed some
aspects of security in e-Science gateways. We have covered the following main
topics: how the gateways can be accessed, how access to their services can be limited,
how the included components can be made secure, and
finally how credentials needed
to access computing infrastructures can be de
ned and used at job submission time.
Search WWH ::
Custom Search