Speaker
Description
We can say that EOSC has a vision of delivering a Seamlessly Accessible Cloud for Research. An obvious approach, then, is to start with existing systems, and ensure that science users can use them as a joined-up offering, without problems of accessibility, interoperability or eligibility. Two of the best established systems in the pan-european domain are EGI's cloud compute service, and CS3MESH4EOSC's synch&share storage/collab service (the "ScienceMesh").
EGI's compute provides democratised (non-HPC) services; its principal offerings are Virtual Machines and Jupyter Notebooks. CS3MESH4EOSC's ScienceMesh is an emerging federation of sync'n'share systems (e.g. ownCloud, Nextcloud, or Seafile). User access is managed by diverse mechanisms integrated into local infrastructures of each particular provider. Instead of unifying user and group management, ScienceMesh provides an interoperability layer allowing to access, share, and transfer data and access applications based on user invitations and establishing trust between individual users in the federated infrastructure.
This talk describes the joint approach (under the banner of EGI-ACE) taken by EGI and CS3MESH4EOSC to integrate ScienceMesh with EGI's Jupyter Notebooks. The goal is for users to "start a compute job right on top of their data", never bothering with the complexities of their data being inside the ScienceMesh while the compute they want to run is operated by the EGI Jupyter Notebooks. This requires us to perform subtle orchestration around EGI Check-in, with the ScienceMesh acting as a lightweight identity federation. As a corollary, the inverse scenario will be enabled in this manner as well, i.e. allowing for direct access by the EGI service of user data held in the sync'n'share system -- all controlled by the end user.
This approach could serve as a blueprint for further development of EOSC in use cases where inter-cloud issues of trust and eligibility need to be mediated.
| Topic | Security, Trust & Identity |
|---|
