Speaker
Description of the Work
In the recent past, interesting developments have been independently carried out by the Grid community with the Science Gateways and by the National Research and Education Networks with the Identity Federations to ease, from one side, the access and use of Grid infrastructures and, from the other side, to increase the number of users authorised to access network-based services.
In this work we report on a generalisation of the approach carried out to allow the hundreds of millions of members of social networks to become potential users of Grid infrastructures with the same credentials.
We have developed a system that integrates Shibboleth-powered federations with Facebook, Google and other social networks which are seen as special “credential providers” The system uses a “bridge” Identity Provider which converts information provided by the social networks into a Shibboleth token by which users can get authenticated to Science Gateways.
The authenticated users need a grant to access the resources so there is a strict control on who is performing Grid activities. The grants are managed by an LDAP server accessed by the SG.
The architecture of the system and its implementation in real use cases will be shown.
Conclusions
Different SGs developed in the context of national and international projects have adopted the highlighted authentication infrastructure. Actually, these SGs are in a development stage but they should move in production quite early and the benefit of this work can be evaluated.
Finally, we are design a mechanism to allow the bi-directional authentication, not only from social networks to Grid but from Grid to social network in order to allow a more articulated integration of these services.
Overview (For the conference guide)
Grid infrastructures are being built in several areas of the world but, despite the huge investments made by the European Commission and by other funding agencies, both at national and international level, the total number of users is in the order of magnitude O(10^4), much less than O(10^7) which is the order of magnitude of the number of users of the international research and education networks (e. g., GÉANT in Europe) that have been funded more or less at the same level of Grids, and definitely less than the order of magnitude of users accessing the social networks (e.g. facebook and Google).
Therefore, to increase the use of Grid and involve new users it is important link Grid services with other Research and Education, or Social services, creating an unified working environment.
The first step towards this new environment is an unified authentication system.
We report the experience of developing an authentication infrastructure allowing access to Grid SGs to social users.
Impact
The reasons of this large discrepancy on number of users between Grid and other "Networks" have been investigated, both through feed-back forms collected at the end of training events and informal discussions at project meetings, and the most important are:
• The complexity, perceived by non-IT-expert people, of the Grid security infrastructure based on personal digital certificates and relying on national Certification Authorities with local Registration Authorities; in many cases, people dislike to deal with digital certificates and the procedures to get them, and prefer to stick with more familiar authentication methods such as username and password pairs they are used to use while interacting either with the web or with their own personal computers;
• The operating system limitation and the unfriendliness of the Command Line Interface of the gLite middleware deployed on the infrastructure and the need to learn the Job Description Language to specify the characteristics of the job to be executed;
• The little adoption of standards that could let different middleware be interoperable among each other and/or transparently integrated in general frameworks to build easily customizable high-level user interfaces.
The use of SG with an easy authentication mechanism which hide the complexity of X.509 infrastructure should eliminate one of the major limitations on adopting Grid infrastructure by new and non-expert users.
