Authentication Framework in the Kepler Workflow System

1
Authentication Framework in the Kepler Workflow
System

• Zhijie Guan1, Ilkay Altintas1, Efrat Jaeger1,
  Matt Jones2, Nandita Mangal1, Jing Tao2, Mark
  Miller1
• 1San Diego Supercomputer Center, UCSD
• 2National Center for Ecological Analysis and
  Synthesis, UCSB

2
What is a Scientific Workflow?

• Combination of
• data integration, analysis, and visualization
  steps
• larger, automated "scientific process pipelines"
• Mission of scientific workflow systems
• Promote scientific discovery by providing tools
  and methods to generate scientific workflows
• Create an extensible and customizable graphical
  user interface for scientists from different
  scientific domains
• Support computational experiment creation,
  execution, sharing, reuse and provenance
• Design frameworks which define efficient ways to
  connect to the existing data and integrate
  heterogeneous data from multiple resources
• Make technology useful through users monitor!!!

3
Promoter Identification Workflow
Source Matt Coleman (LLNL)
4
Ecology GARP Analysis Pipeline for Invasive
Species Prediction
Source NSF SEEK (Deana Pennington et. al, UNM)
5
(No Transcript)
6
Kepler is a Scientific Workflow System
www.kepler-project.org

• and a cross-project collaboration
• Beta1 release June 2, 2006

• Builds upon the open-source Ptolemy II framework

Ptolemy II A laboratory for investigating
design KEPLER A problem-solving environment for
Scientific Workflows KEPLER Ptolemy II X
for Scientific Workflows
7
Some Kepler Contributors
Griddles
SKIDL
Resurgence
SRB
NLADR
Contributor names and funding info are at the
Kepler website!!
New contributor - Chesire (UK Text Mining
Center)
LOOKING
8
Kepler Workflow Actors

• Actor
• Encapsulation of parameterized actions
• Interface defined by ports and parameters
• Port
• Communication between input and output data
• Without call-return semantics
• Model of computation
• Communication semantics among ports
• Flow of control
• Implementation is a framework
• Examples
• Simulink(The MathWorks)
• LabVIEW ( from National Instruments)
• Easy 5x (from Boeing)
• ROOM(Real-time object-oriented modeling)
• ADL(Wright)

Actor-Oriented Design
9
GEON Geosciences Network
www.geongrid.org
Multi-institution collaboration between IT and
Earth Science researchers Funded by NSF large
ITR program GEON Cyberinfrastructure
provides Authenticated access to data and Web
services Registration of data sets and tools,
with metadata Search for data, tools, and
services, using ontologies Scientific workflow
environment Data and map integration
capability Visualization and GIS mapping
10
LiDAR Post-processingWorkflow Portlet
11
ROADNet Architecture
OUR APPLICATION ROADNet/Antelope Kepler
Workflow System
12
Some actors in place for

• Generic Web Service Client and Web Service
  Harvester
• Customizable RDBMS query and update
• Command Line wrapper tools (local, ssh, scp,
  ftp, etc.)
• Some Grid actors-Globus Job Runner,
  GridFTP-based file access, Proxy Certificate
  Generator
• SRB support
• Native R support
• Interaction with Nimrod and APST
• Communication with ORBs through actors and
  services
• Imaging, Gridding, Vis Support
• Textual and Graphical Output
• more generic and domain-oriented actors

13
Challenges

• Actors manage data, programs, computing
  resources in
• Distributed Heterogeneous environments
• Under various secure administration
• How to use ONE system handle all of the
  authentication jobs?

• Data
• Database
• SRB
• XML
• File System

• Programs
• Command Line
• MPI Parallel
• Online CGI
• Web Service
• Grid Application

• Resources
• Mobil Device
• Laptop
• Desktop
• Cluster
• Supercomputer
• Grid

• Job Management
• OS
• Gondor
• PBS qsub
• GRAM
• Web Portal

14
Physical Infrastructure
Workflow System
Authentication Authorization
Data Access
Job Submission
Info Collection
Scheduler
Workflow Execution and Monitoring
Workflow Definition
Workflow Design
User Interaction
Users
15
How it works?
16
Components
Adapter Manager
Infrastructure
17
Procedure of Authentication
18
Interfaces
Class AuthenticationManager //Public
ProxyEntity getProxy() //getProxy returns a
default proxy to the user (actor) if user gets
authenticated. //returning a proxy means the
user had been authenticated //returning null
means the user is not authenticated
ProxyEntity getProxy(Domain domain) //getProxy
returns a proxy within the specific domain
PorxyEntity getProxy(LifeTime lifetime)
//getProxy returns a proxy with the specific
lifetime ProxyEntity getProxy(Domain domain,
Lifetime lifetime) //getProxy returns a proxy
with specific lifetime within the specific
domain

• For developers
• API
• For users
• Login GUI

19
Workflow Examples (1)Job Submission to GEON Grid
20
Workflow Examples (2)SRB Data Retrieval
Authentication Framework
21
Summary

• Workflows are executed
• On multiple secured computing systems
• In distributed and heterogeneous environments
• To integrate data, programs, and computing
  resources
• Kepler Authentication Framework
• Manages accounts/certificates for users
• Facilitates users to get authentications
• Provides a uniform interface for workflow systems
  to access remote resources

22
Future Work

• There is (always) a lot more to work on
• Research
• Lifetime of the authentication
• Auto update of the authentication
• Security of the Authentication Framework
• System
• Adapters for new secure systems
• The factory of adapters
• Upgrading adapters

23
Questions?
Kepler Workflow System http//www.kepler-project
.org
Zhijie Guan guan_at_sdsc.edu 1-858-822-3620 www.sdsc.
edu