Southeast Regional Conference of EDUCAUSE Proposal Submission Confirmation

Presentation Title: UABgrid Identity Infrastructure

 * Format: Track session


 * Content Level: Intermediate


 * Topic Area 1: The Right Stuff in Services, Support, and Technology


 * Topic Area 2: The Right Mix: Improving Teaching and Learning Through Collaboration


 * Topic Area 3: N/A


 * Lead Presenter:John-Paul Robinson, Systems Programmer, Lead, University of Alabama at Birmingham, LHL164, 1800 University Blvd, Birmingham, AL 35294, (205) 975-0124, jpr@uab.edu


 * Presenter 2: David Shealy, Director of HPC Services / Department of Physics, Chair University of Alabama at Birmingham, 1300 University Blvd, CH310, 205-934-8068, dls@uab.edu

Presentation Abstract: This presentation describes the identity management infrastructure of the UAB grid computing project, known as UABgrid. Its development is based on accomplishments of two NSF middleware projects at UAB, which focused on building NMI enabled, open source tools for support of collaboration within virtual organizations that span institutional boundaries, are autonomous, and are collections of attributes. The middleware solution is known as myVocs and uses Shibboleth for identity management and attribution distribution, Globus for distributed computations, and GridShib to bind Shibboleth and Globus. Now, UABgrid is expanding its grid computing components to include meta-scheduling of jobs across multiple HPC clusters across Internet.

'''Presentation Content 1. Statement of the problem or issue:''' Traditional IT services effectively address the needs of large scale collaborations with well defined organizational structures and predictable user communities but have difficulty supporting the needs of dynamic, self-driven collaborations between users who cross organizational boundaries and whose collaboration tools are supplied by central IT, departmental services, and commercial providers. These collaboration scenarios are common in modern research initiatives and are the foundation of grid virtual organizations.

These collaborations typically involve setting up a dedicated wiki for shared compositions on departmental or self-managed servers, establishing email discussion forums where ever they can get going the fastest, incorporating blogs, shared bookmarks, and other applications from large-scale commercial suppliers of web-based and social networking services, and, finally, harnessing the power of available high performance computing facilities to meet their needs for data manipulation and analysis. The motivations driving this approach are a desire by users to retain the greatest authority over their resources and suffer the least infrastructure maintenance burden they can find, a world of autonomy everyone would enjoy.

Centralized IT services can contribute significantly to the smooth operation of these collaborations by providing an identity and application infrastructure that ensures autonomy and supports the incorporation of applications and users regardless of their administrative domain.

'''Presentation Content 2. Description of activity, project, or solution:''' As a guide for developing CyberInfrastructure (CI) at UAB, the NSF CI Visioni has been used to set priorities for investment in technologies which will help the research and education communities at UAB achieve their goals in the coming years. Specifically, the UA System acquired long term access to dark fiber from its campuses to regional nodes and competitive markets for commodity Internet, Internet2, and NLR services. UAB continues to invest in middleware and HPC clusters as well as the physical and human infrastructure associated with CI.

In this presentation, we shall describe the identity management infrastructure of UABgrid, the campus grid computing and collaboration environment, which began its development with an NSF project focused on integrating several open source tools with middleware components featured in the NSF Middleware Initiative (NMI). The goal of this initiative was the construction of a system environment that could support the needs of research collaborations and the virtual organizations (VO) manifested in grid computing scenarios.

Modern collaborations span institutional boundaries, are autonomous, and can be visualized at the system level as collections of attributes that describe the collaboration's participants and their roles.ii  Web applications are the leading collaboration solutions and we sought to leverage existing identity infrastructure with standards-based and open source tools in order to lower collaboration barriers. Shibboleth was selected for Identity Management and attribute distribution; Globus was used for distributed computations; and GridShib was used to bind Shibboleth to Globus.

The middleware solution we constructed is known in the literature as myVocs.iii It extends access to emerging Internet collaboration tools and builds a system environment that respects collaborator defined roles and attributes while preserving valuable institutional identity assertions. The resulting VO middleware combines trusted, university user identities, user asserted email addresses, VO asserted membership, and VO asserted role attributes and delivers them to an integrated suite of useful collaboration tools  that include email lists, wikis, CMS, blogs, file sharing, and document tracking.

Benefits of this VO middleware solution (myVocs) include preserving the value of trusted identities to federations of applications and allowing user defined attributes to exist outside context of university attribute system to support autonomous VO management. myVocs defines a consistent user identity across applications and each tool interprets attributes in a way meaningful to itself. By combining myVocs with GridShib VO attributes are extended to Globus compute resources using the Shibboleth trust fabric. This infrastructure now supports the UAB grid computing project, known as UABgrid.

'''Presentation Content 3. Outcome:''' In order to ease deployment, improve maintenance, and support development of  the UABgrid collaboration system infrastructure, we constructed and released a virtual machine based implementation of myVocs that incorporates the major components of Shibboleth, GridShib, and the attribute management tools in a pre-configured image ready to leverage for the construction of collaboration environments. In the second quarter of 2007 we put this image into operation on-campus as the core of our pilot UABgrid collaboration environment.

We incorporated additional tools for collaboration project management, UABgrid documentation, and our existing web-based UABgrid certificate authority into the application suite. We also integrated the system environment into the InCommon identity federation to support accesses by members of UAB or any other members of InCommon, which includes commercial suppliers of identity for collaborators from institutions that are not part of InCommon.

This infrastructure has been serving the pilot effort of UABgrid well, especially in the area of collaboration project management to address the expansion of UABgrid HPC resources with outside compute centers in the state and across the region via SURAgrid. This infrastructure has also been providing wiki services for the SURAgrid accounting working group and the ease of defining collaborations has facilitated many email discussion forums.

Work remains to incorporate popular grid tools, like Gridsphere, and to support the ability for collaboration administrators to include preferred applications. Additional work is needed to provide user documentation for the environment and to further integrate applications visually and operationally to meet user expectations of consistency.

'''Presentation Content 4. Importance or relevance to other institutions:''' This presentation address a solution for leveraging existing campus infrastructure with extensions to support self-managed collaborations that facilitate research and teaching.

This presentation will be of interest and benefit to all colleges and universities whose students, faculty, and staff have interest and/or needs for the following:

Distributed computing (HPC) cycles at other institutions, Participate in collaborations with students, faculty, or staff at other institutions where there is a need to work on common files, use email list, content management systems, wikis, blogs, or other common web applications.

Suggested Audience: This presentation will be targeted at an intermediate technical level so that both IT management and technical staff will each understand breath of uses of this approach to meeting needs of both research computing needs for ready access to HPC cycles and for electronic support of collaborations with geographically disperse colleagues. This presentation can also illustrate the importance to all colleges and universities of the importance of developing their cyberinfrastructure to enable their faculty, staff and students to engage the global research and education community.