Marco Bencivenni (INFN)
One of the main barriers against Grid widespread adoption in scientific communities stems from the intrinsic complexity of handling X.509 certificates, which represent the foundation of the Grid security stack. To hide this complexity, in recent years, several Grid portals have been proposed which, however, do not completely solve the problem, either requiring that users manage their own certificates or proposing solutions that weaken the Grid middleware authorization and accounting mechanisms by obfuscating the user identity. General purpose Grid portals aim at providing a powerful and easy to use gateway to distributed computing resources. They act as incubators where users can securely run their applications without facing the complexity of the authentication infrastructure (e.g., handling X.509 certificates and VO membership requests, accessing resources through dedicated shell-based UIs). In this paper, we discuss a general purpose Grid portal framework, based on Liferay, which provides several important services such as job submission, workflow definition, data management and accounting services. It is also interfaced with external Infrastructure-as-a-Service (IaaS) frameworks for the dynamic provisioning of computing resources. In our model, authentication is demanded to a Shibboleth 2.0 federation while the generation and management of Grid credentials is handled securely integrating an On-Line CA with the MyProxy server. Consequently, the portal gives users full access to Grid functionality without exposing the complexity of X.509 certificates and proxy management. Unlike other existing solutions, our portal does not leverage robot certificates for the user credentials. This approach offers twofold benefits. On the one hand, user identity is not obfuscated across the middleware stack thus preserving the functionality and effectiveness of existing distributed accounting and authorization mechanisms. On the other hand, users are not constrained to a predefined set of applications but can freely take advantage of Grid facilities for any computational or data-intensive activity. The portal also provides simplified access to common Grid data-management operations. Our solution manages the staging of input and output data for Grid jobs to an external WebDAV storage service. The staged data is then transferred to or from Grid SE and registered in data catalogs on behalf of the user. This approach has two main benefits. Firstly, by delegating the file transfer handling to an external service, the portal is relieved from the potential load caused by many concurrent large file transfers operations that would severely impact its scalability. Secondly, the use of standard protocols like WebDAV enables any client machine to upload and download files to the Grid without requiring installation of custom software on the client side.
Andrea Ceccanti (Istituto Nazionale Fisica Nucleare (IT)) Dr Diego Michelotto (INFN Ferrara & IGI) Dr Giacinto Donvito (INFN-Bari) Giuseppe Misurelli (Unknown) Luciano Gaido (Universita e INFN (IT)) Marco Bencivenni (INFN) Paolo Veronesi (Unknown) Riccardo Brunetti (Unknown) Valerio Venturi (INFN) Dr Vincenzo Ciaschini (INFN CNAF)