17.09.2012, Prague, GlobusEUROPE 2012
Manifesto for secure data sharing
By Pawel Plaszczak,
Michał Orzechowski,
Sebastian Czechowski
The pressing need for sharing
Scientists wants to sharing:

Large scientific data sets

Hardware resources

Specialised software

Human knowledge
What “secure sharing” means ?

Authentication, authorization

Secure Communication

Accounting (log of operations)
What is Virtual Organization (VO)?

People, resources, services from different physical
organizations

Some common goal

Mutual trust relationship

Member identity provided by the originating organization

Dynamic membership
How is it implemented today (1)

Shibboleth and the Federated Security

Shibboleth is a framework that allows access the
on-line resource

Shibboleth separates service, authentication and
authhorization procedures

Shibboleth architecture
• Identity Provider
• Provider Service
How is it implemented today (2)

Globus Toolkit
– GSI
• X.509 certificates
• Cofidential
Communication
• Single sing-on

VOMS

LCAS/LCMAPS
– Pool account
mechanism
How is it implemented today (3)

Other solutions

Dropbox

Rapidshare

Google Docs

Skype

And many, many others....
To the rescue: AdHoc sharing
The Manifesto for the Secure Data Sharing
1.
2.
3.
Free the ordinary users
Dead easy interface. Zero IT skill assumed
Data sharing must be:

easy

efficient

takes seconds

safe
AdHoc: the tool for rapid sharing

The history: Virolab (2007-2009),
Initiative for Globus in Europe
(2011-2013)
AdHoc works with Shibboleth and GSI/VOMS

AdHoc on top of VOMS
showcase
User interaction
1. Creating new group
in existing VO
2. Add users to VO
3. Share Resource
Summary: rapid sharing possible on grid

AdHoc follows the Manifesto for the Secure Sharing:

AdHoc enables easy sharing in seconds, without sysadmin
intervention

AdHoc does not require IT skills, replacing commandline
with a simple GUI

AdHoc uses commonplace security paradigms, including
Shibboleth and PKI/GSI/VOMS, thus can easily be used in
most grid infrastructures worldwide
Partners

Initiative for Globus in Europe (IGE), 7th Framework

Leibniz-Rechenzentrum, Bayerische Akademie der Wissenschaften

University of Southampton

Technische Universität Dortmund

Universitatea Tehnica Cluj-Napoca

Universidad Complutense de Madrid

Poznan Supercomputing and Networking Center

Uppsala Universitet

University of Edinburgh – Edinburgh Parallel Computing Centre


Stichting voor Fundamenteel Onderzoek der Materie – Institute for Subatomic
Physics

University of Chicago

GridwiseTech
Credits also to all Virolab (6th Framework) members, project led by
University of Amsterdam
www.gridwisetech.com
ul. Chrobrego 28/4
31-428 Kraków, Poland
Tel. +48 12 294 71 20