Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "Long-tail of science"

From EGIWiki
Jump to navigation Jump to search
Line 3: Line 3:
'''This page provides information about the '[http://access.egi.eu EGI platform for the Long-tail of science]'. The long-tail of science refers to the individual researchers and small laboratories who - opposed to large, expensive collaborations - do not have access to computational resources and online services to manage and analyse large amount of data. This EGI platform allows individual researchers and small research teams to perform compute and data-intensive simulations on large, distributed networks of computers in a user friendly way. If you are interested in the project that developed and now maintains the platform, please jump to the [[Long-tail of science project|Long-tail of science project]] page.'''  
'''This page provides information about the '[http://access.egi.eu EGI platform for the Long-tail of science]'. The long-tail of science refers to the individual researchers and small laboratories who - opposed to large, expensive collaborations - do not have access to computational resources and online services to manage and analyse large amount of data. This EGI platform allows individual researchers and small research teams to perform compute and data-intensive simulations on large, distributed networks of computers in a user friendly way. If you are interested in the project that developed and now maintains the platform, please jump to the [[Long-tail of science project|Long-tail of science project]] page.'''  


<br>
<br>
 
 
<div style="font-size: 13.28px; line-height: 19.92px;" class="moz-forward-container"><div dir="ltr">
<br>
 
= Technical and architecture details  =
 
== User Registration Portal  ==
 
The User Registration Portal of the platform is hosted by CYFRONET in Poland and serves as the entry point for users. The portal offers login with social or EGI SSO accounts, and allow users to manage their profiles, resource requests and a central hub to access the connected science gateways. The portal is used by the user support team to review user profiles and to evaluate the users' resource requests. The portal is accessible at http://access.egi.eu.
 
== Virtual Organisation  ==
 
The HTC, cloud and storage resources of the platform are federated through the 'vo.access.egi.eu' Virtual Organisation of EGI (VO). Technical details of this VO are the following:
 
*ID Card in the EGI Operations Portal: http://operations-portal.egi.eu/vo/view/voname/vo.access.egi.eu
*Name: vo.access.egi.eu
*Scope: Global
*Homepage URL: https://wiki.egi.eu/wiki/Long-tail_of_science
*Acceptable use policy for users: https://documents.egi.eu/document/2635
*Discipline: Support Activities
*VO Membership management: VOMS+PERUN
**perun.cesnet.cz. The enrollment url is https://perun.metacentrum.cz/perun-registrar-cert/?vo=vo.access.egi.eu
**voms1.grid.cesnet.cz and voms2.grid.cesnet.cz
*Contacts:
**&lt;long-tail-support@mailman.egi.eu&gt; for all support issues.
**Managers: Gergely.Sipos@egi.eu, Diego.Scardaci@egi.eu, Peter.Solagna@egi.eu
 
== Per-user sub-proxies  ==
 
The purpose of a '''per-user sub-proxy (PUSP)''' is to allow identification of the individual users that operate using a common robot certificate. A common example is where a web portal (e.g., a scientific gateway) somehow identifies its user and wishes to authenticate as that user when interacting with EGI resources. This is achieved by creating a proxy credential from the robot credential with the proxy certificate containing user-identifying information in its additional proxy CN field. The user-identifying information may be pseudo-anonymised where only the portal knows the actual mapping.
 
Example of a Per-User Sub-Proxy (PUSP):
<pre>subject  &nbsp;: /C=IT/O=INFN/OU=Robot/L=Catania/CN=Robot: EGI Training Service - XXXXX/CN=user:test1/CN=1286259828
issuer  &nbsp;: /C=IT/O=INFN/OU=Robot/L=Catania/CN=Robot: EGI Training Service - XXXXX/CN=user:test1
identity &nbsp;: /C=IT/O=INFN/OU=Robot/L=Catania/CN=Robot: EGI Training Service - XXXXX
type    &nbsp;: RFC3820 compliant impersonation proxy
strength &nbsp;: 1024
path    &nbsp;: /home/XXXXX/proxy.txt
timeleft &nbsp;: 23:59:15
key usage&nbsp;: Digital Signature, Key Encipherment, Data Encipherment
=== VO training.egi.eu extension information ===
VO      &nbsp;: training.egi.eu
subject  &nbsp;: /C=IT/O=INFN/OU=Robot/L=Catania/CN=Robot: EGI Training Service - XXXXX
issuer  &nbsp;: /DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms1.grid.cesnet.cz
attribute&nbsp;: /training.egi.eu/Role=NULL/Capability=NULL
timeleft &nbsp;: 23:59:17
uri      &nbsp;: voms1.grid.cesnet.cz:15014
</pre>
== E-Token Server  ==
 
The platform adopted the '''e-Token server''' [1] as a central service to generate PUSPs for science gateways. In a nutshell the e-Token server is a standard-based solution developed by and hosted in INFN Catania for central management of robot certificates and provisioning of digital, short-term proxies from these, allowing seamless and secure access to e-Infrastructures with X.509-based Authorisation layer.
 
The e-Token server uses the standard JAX-RS framework [2] to implement RESTful Web services in Java technologies and provides, to the end-users, portals and new generation of Science Gateways, a set of REST APIs to generate PUSPs given a unique identifier. PUPS are usually generated starting from standard X.509 certificates. These digital certificates have to be uploaded into one of the secure USB smart cards (e.g. SafeNet Aladdin eToken PRO 32/64 KB) and plugged in the server.
 
The e-Token server was conceived for providing a credential translator system to Science Gateways and Web Portals that need to interact with the EGI platform for the long-tail (and in general with any e-Infrastructure).
 
[1] Valeria Ardizzone, Roberto Barbera, Antonio Calanducci, Marco Fargetta, E. Ingrà, Ivan Porro, Giuseppe La Rocca, Salvatore Monforte, R. Ricceri, Riccardo Rotondo, Diego Scardaci, Andrea Schenone: The DECIDE Science Gateway. Journal of Grid Computing 10(4): 689-707 (2012)
 
[2] Java API for RESTful Web Services (JAX-RS): https://en.wikipedia.org/wiki/Java_API_for_RESTful_Web_Services
 
== Policies  ==
 
*Acceptable Use Policy and Conditions of Use of the EGI Platform for the Long-tail of Science: https://documents.egi.eu/document/2635
*[[SPG:Drafts:LToS Service Scoped Security Policy]]
 
== Links for administrators  ==
 
User approval:
 
#Approve affiliation: https://access.egi.eu:8888/modules#/list/Affiliations
#Approve resource request: https://e-grant.egi.eu/ltos/auth/login
 
Gateway and support approval:
 
*VO membership management interface in PERUN: https://perun.metacentrum.cz/cert/gui/
*To register in the VO (relevant for gateway robot certificates and for support staff): https://perun.metacentrum.cz/cert/registrar/?vo=vo.access.egi.eu
 
Monitoring:
 
*Detailed accounting data about the VO users can be obtained by the VO managers at https://accounting-devel.egi.eu/user/voadm.php
*To see the list of VO members: https://voms1.grid.cesnet.cz:8443/voms/vo.access.egi.eu/user/search.action
 
Accounting:
 
*Accounting data of platform users: ...
*...
 
= Roadmap  =
 
{| class="wikitable sortable"
|-
! scope="col" | No
! scope="col" | Task
! scope="col" | Priority<br>
! scope="col" | Responsible
! scope="col" | Start date
! scope="col" | Deadline
! scope="col" | Comment
! scope="col" | STATUS
|-
| <br>
| Definition of the LTOS portal Terms and Conditions
| Medium<br>
| Solagna
| <br>
| 1 April
| <br>
|
|-
| <br>
| Setup of the structures (team, processes,procedures) needed to support the LTOS platform<br>
| Medium<br>
| Solagna
| <br>
| 1 May
| <br>
|
|-
| <br>
| Registration of LTOS components in GOC&nbsp;DB<br>
| High<br>
| Krakowian
| started
| 1 April
|
[https://goc.egi.eu/portal/index.php?Page_Type=Site&id=1565 GRIDOPS-CSGF] <br>
 
[https://goc.egi.eu/portal/index.php?Page_Type=Site&id=1525 GRIDOPS-LTOS]<br>
 
missing registration of administrators and some additional info for GRIDOPS-LTOS
 
| In progress
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10485 <span>Agree on OLAs supporting LTOS resources</span>]
| High<br>
| Krakowian<br>
| <br>
| 1 April
| <br>
| In progress
|-
| <br>
| Finalization of the LTOS business model <br>
| Medium<br>
| Solagna<br>
| <br>
| 1 May<br>
| <br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=9616 Integrate WS-PGRADE gUSE to LTOS]<br>
| High<br>
| La Rocca<br>
| started<br>
| 1 April<br>
| <br>
https://ggus.eu/index.php?mode=ticket_info&amp;ticket_id=116323
 
| in progress<br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=9682 Accounting system integration]<br>
| Medium<br>
| La Rocca
| started
| TBD<br>
| <br>
| In progress
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=9684 Implementing Roles in the URP]<br>
| Low<br>
| Szepieniec<br>
| <br>
| TBD<br>
| better understand requirement<br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=9685 <strike>Instruction for Lifewary providers</strike>]<strike><br></strike>
| <br>
| La Rocca
| started<br>
| finished<br>
| https://github.com/csgf/OpenIdConnectLiferay
| DONE
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10164 Space for the resource providers logos]<br>
| Low<br>
| Szepieniec<br>
| <br>
| <br>
| <br>
Logos of NGIs/institutions providing resources for the LToS platform should be added on page [1] (in the bottom). [1] https://access.egi.eu/start
 
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10166 Integration with QCG]<br>
| Medium<br>
| La Rocca<br>
| started<br>
| TBD<br>
| https://ggus.eu/?mode=ticket_info&amp;ticket_id=117764
| In progress
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10226 Login modes]<br>
| Medium<br>
| Szepieniec<br>
| <br>
| 1 April explanation
| <br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10228 page not refreshed]<br>
| Medium
| Szepieniec
| <br>
| 1 April explanation
| <br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10229 Rephprase point 3 of "How can you access the platform?"]<br>
| Low<br>
| Szepieniec
| <br>
| TBD
| <br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10230 accepting and rejecting the affiliations]<br>
| Medium<br>
| Szepieniec
| <br>
| 1 April explanation
| <br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10231 information menu]<br>
| Medium<br>
| Szepieniec
| <br>
| 1 May
| <br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10232 General usage policy]<br>
| Medium
| Szepieniec
| <br>
| 1 April<br>
| <br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10233 notifications]<br>
| High<br>
| Szepieniec<br>
| <br>
| 1 April<br>
| <br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10235 Link to www.egi.eu]<br>
| Low<br>
| Szepieniec
| <br>
| 1 May
| access.egi.eu does already contain an EGI logo but the link is wrong. It should point to www.egi.eu instead of https://access.egi.eu/<br>
| In progress
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10236 Pre-defined templates for the requests]<br>
| High
| Szepieniec
| <br>
| 1 April
| HTC [Computing] = 10k hours<br> HTC [Storage] = 100 GB of total storage capacity<br> Cloud [Computing] = 10 vCPU cores per hours<br> Cloud [Storage] = 100 GB of storage volume
| In progress
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10237 Add contacts for support/requests]<br>
| Low<br>
| Szepieniec
| <br>
| TBD
| <br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10238 Access to general usage policy]<br>
| Medium
| Szepieniec
| <br>
| 1 April
| MK+GLR where to put link
| In progress
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10240 Add an institutional email for the communications]<br>
| High<br>
| Peter<br>
| <br>
| TBD
| <br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10241 Users should always be able to go back to the home page]<br>
| Medium
| Szepieniec
| <br>
| 1 June
| <br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10478 <strike>Monitoring of URP</strike>]<br>
| High
| Krakowian<br>
| <br>
|
| http://argo.egi.eu/lavoisier/status_report-site?report=OPS-MONITOR-Critical&amp;accept=html<br>
| DONE
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10479 <strike>Monitoring of SGs. Update SG integration doc in Wiki accordingly</strike>]<br>
| High
| Krakowian
| <br>
|
| http://argo.egi.eu/lavoisier/status_report-site?report=OPS-MONITOR-Critical&amp;accept=html<br>
| DONE
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10480 Setup GGUS units for trouble tickets]<br>
| High
| Peter<br>
| <br>
| TBD
| <br>
| In progress
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10482 Define identity vetting manual for user request approvers]<br>
| High<br>
| La Rocca<br>
| <br>
| TBD
| <br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10483 Sign OLA with URP provider]<br>
| High
| Krakowian<br>
| 21.03<br>
| 1 April<br>
| <br>
| In progress
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10484 Sign OLA with SG]<br>
| High
| Krakowian
| 21.03
| 1 April
| <br>
| IN progress
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10486 Document process on how to monitor user-level accounting &amp; how to respond to quota overuse]<br>
| Low<br>
| La Rocca<br>
| <br>
| TBD<br>
| <br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10487 Manage user-level quota inside the SG]<br>
| Low
| La Rocca
| <br>
| TBD
| <br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10488 Define and implement process for downtime notification]<br>
| Medium<br>
| Krakowian<br>
| <br>
| TBD<br>
| <br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10489 <strike>Move the security policy into final document format</strike>]<br>
| High<br>
| Krakowian<br>
| 14.03.2016<br>
| 1 April<br>
| [https://documents.egi.eu/document/2769 https://documents.egi.eu/document/2769]
| DONE
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10490 Discuss details of joining with interested sites and SGs]<br>
| High<br>
| La Rocca<br>
| <br>
| TBD<br>
| <br>
| In progress
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10491 Involve NGI representatives in request approver team]<br>
| Medium<br>
| Solagna<br>
| <br>
| 1 April<br>
| <br>
|
|-
| <br>
| [https://rt.egi.eu/rt/Ticket/Display.html?id=10492 Adoption of URP to Hungarian Academic Cloud]<br>
| Low<br>
| Sipos<br>
| <br>
| <br>
| <br>
|
|}
</div></div>

Revision as of 14:26, 1 April 2016

Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


Applications on Demand Service menu: Home Documentation for providers Documentation for developers Architecture




This page provides information about the 'EGI platform for the Long-tail of science'. The long-tail of science refers to the individual researchers and small laboratories who - opposed to large, expensive collaborations - do not have access to computational resources and online services to manage and analyse large amount of data. This EGI platform allows individual researchers and small research teams to perform compute and data-intensive simulations on large, distributed networks of computers in a user friendly way. If you are interested in the project that developed and now maintains the platform, please jump to the Long-tail of science project page.


Retrieved from "https://wiki.egi.eu/w/index.php?title=Long-tail_of_science&oldid=86826"