17–21 Sept 2012
Clarion Conference Centre
Europe/Prague timezone

Centralized user management and Single Sign On for the WeNMR gateway through the WeNMR Virtual Research Community

19 Sept 2012, 12:15
15m
Nadir (Clarion Conference Centre)

Nadir

Clarion Conference Centre

Presentation Resource Infrastructure services (Peter Solagna: track leader) AAI Workshop

Speaker

Mr Marc van Dijk (WeNMR)

Description of the work

The WeNMR services are hosted by project partners throughout Europe. Historically these are stand-alone services, each equipped with their own user management and authentication systems. This fragmented approach is however undesirable from an user perspective, as it requires separate login credentials for all services, as well as from a management perspective. We thus decided to equip the WeNMR VRC with a centralized user management and authentication system that allows VRC members to use all services with their VRC login credentials. At the heart of the system is a secure SQL authentication database that contains a synchronized copy of the VRC user records. A custom Drupal module in the VRC manages the synchronization to ensure that all portals have access to up-to-date user data when they query the SQL database for authentication. In this procedure, the passwords are communicate only as MD5 hash, for increased security. When creating a new VRC account, a secure connection (ssl) is used to check if the user’s personal certificate (installed in the browser) has been issued by a CA recognized by EGI. This is done using the public key of the certificate. If this check is successful, then the server extracts the subject from public key and checks also the VOMS account list. The certificate subject and expiration date are stored in the database within the access credentials.

Wider impact of this work

.Furthermore, the aforementioned Drupal module provides WeNMR partners with an administration interface to register a new service. WeNMR VRC members are then able to manage their service subscriptions through a convenient dashboard on their VRC account web page. In registering a new service the WeNMR partner can use the Access Control List (ACL) to fine grain the service sign-up process with additional requests to the user such as obtaining a separate license agreement.
Finally, the user management and authentication API allows service portals to store information about the users activity in the SQL database. Such information includes the total number of service requests by the user or the state of an active server request. Presented via the account dashboard, this information provides a convenient means for the WeNMR members to keep up-to-date information on the status of the services they are using and provides the WeNMR project with detailed means of tracking usage of the services.

Printable Summary

WeNMR is both a three years project funded under the European Commission’s 7th Framework Programme (e-Infrastructure RI-261571) and a Virtual Research Community supported by EGI. WeNMR aims at bringing together research teams in structural biology into a virtual research community at a worldwide level and provide them with a platform integrating and streamlining the computational approaches necessary for NMR and SAXS data analysis and structural modelling. The WeNMR Virtual Research Community (VRC) provides access to the services, a knowledge base, help center and various information and (social) communication channels. Access to the services is provided trough easy-to-use web interfaces using the computational resources provided by the grid through the eNMR Virtual Organization (VO). With over 430 registered users (June 2012) the eNMR VO is the largest in the life sciences.

Primary author

Mr Marc van Dijk (WeNMR)

Co-authors

Alexandre Bonvin (eNMR/WeNMR (via Dutch NGI)) Andrea Giachetti (CIRMMP) Antonio Rosato (CIRMMP) Dr Marco Verlato (INFN)

Presentation materials