Information Technology Reference
In-Depth Information
first part, we described some methods that can be followed to grant access
to an e-Science gateway. Some examples are e-mail (or username) and password-
based login methods, or inheriting authentication from Facebook. Currently, work is
in progress to enable federated identity management-based login to WS-PGRADE/
gUSE services, based on the Higher Education External Attribute Authorities
(HEXAA). In this approach, the science gateway not only offers federated login, but
also has the possibility to receive additional attributes of the user logging in; thus
visibility of user interface components can be set in an external attribute store.
Next, we presented the user role concept that can be applied successfully to
In the
ne-
tune the visibility of user interfaces for different groups of users. For example, there
can be dedicated user accounts having a power user role, and general user accounts
having the end user role. Users with the power user role are free to access all the
user interface components of the e-Science gateway (including, for example,
workflow editing as well, like in case of WS-PGRADE/gUSE), whereas users
having only the end user role can have limited access only to customized interfaces
running different experiments on the gateway.
Next, we discussed how to secure the services a gateway is built up from.
Basically, access to the services must be restricted as much as possible, either by
running the services on a private network or by putting them behind a
firewall.
Additionally, making the services accessible through a secure communication
channel helps to make sure data sent between the user and the gateway services is
not leaked.
In the biggest part of this chapter we discussed the usage possibilities of cre-
dentials necessary to access distributed computing infrastructure services. We have
shown the flexibility WS-PGRADE/gUSE provides through its different credential
handling mechanisms: on one hand, the individual users can provide their own
credentials to run experiments in the different computing infrastructures. On the
other hand, the gateway framework offers the possibility to use robot credentials.
This latter approach provides workflow developers with a tool for creating really
user-friendly e-Science gateways which completely hide the details of using some
sort of credentials to interact with the computing infrastructure from the end-user
'
s
point of view.
Search WWH ::
Custom Search