ACET
The ASPiS project
UK e-Science AHMOxford, 08 Dec 2009Jens Jensen, STFC
ACET
Who…Developers:
Eric Liao (KCL CeRCH),Andrea Weise (Reading ACET)
Others:Roger Downing, STFC e-ScienceMark Hedges, KCL CeRCHAdil Hasan, LiverpoolJens Jensen, STFC e-Science
ACET
ASPiS
• iRODS as datastore• SSO login via Shibboleth• PERMIS access control policy• Provenance metadata in PASOA• Funded by JISC
ACET
Target Users
1. Arts and Humanities2. STFC facilities
– Was Diamond Light Source (no IdP)– Now ISIS Neutron Source
3. SRB users on the National Grid Service
ACET
iRODSPASOA
Shib service
PERMISPDP
Disk
Apache
User
ACET
Shib loginSo what does it do?
• Single password• Password managed by home institution
• S.E.P.• Home institution provides attrs
• ASPiS can use these for access control• And for provenance
ACET
User Authentication
User NationalGrid
Home (institution)
ACET
Shibboleth loginHomeInst.
iRODS
ACET
Shibby stuff
• Use ePTID for login• Same account every time• Caveat on reuse in UK federation
• Use ePEntitlement for “VO mgmt”• Home institutions IdPs manage it• Attrs available to rule engine and
µservices• Alternative to individual authentication
ACET
Shibby stuff
• Web based• PHP front-end for iRODS• Permits persistent deep linking?
ACET
iRODS
• Rule Engine to manage data workflow• Microservices calling out to ext’l services• No changes to iRODS itself
• Improves maintenance• Except fed back upstream
ACET
Log attrs
Access Ctrl
Updatemetadata
PASOA
PERMISPDP
Branch onfile type
Documentmetadata
Imagemetadata
RuleEngine
iRODSExample
Rule workflow
ACET
Example workflow
• All files: timestamps, owner, checksum,…• Microservice workflow: µservice, parameters• Images: create thumbprints, extract JPG metadata• PDF files: text summary (no formatting)
ACET
UK Access Management Federation(Shibboleth)
Shib
Serv
ice P
rovid
er
STFCiRODS
Reading
iRODS
King’siRODS
ASPiSiRODSFederation
Two Federations
ACET
PASOA
P
Q Q Q
PP1ary id problem
iRODS
MySQL databases
?
Query interface Provenance dataEU provenance portal
Screenshot of successful query (shows 1 warning and result)
ACET
TODO• “Real” µservices, Prod’n infrastructure• µservices workflow management?•Interface to MSS (use HPSS from IN2P3 for?)• Integrate with NGS portal?• TextGrid involvement?• Relation to use of iCommands?• Service redirect (file held at remote site)• ‘ls’ doesn’t go through the rule engine
• (PEP in µservice)