Full HTML for

Basic foilset DATORR and New WebFlow and Gateway Developments

Given by Tom Haupt at Second DATORR Meeting Sandia National Laboratory on February 15-16 1999. Foils prepared February 20 1999
Outside Index Summary of Material

Second Meeting of DATORR Group
Desktop Access to Remote Resources
This Presentation contains updates to WebFlow Presentation at first Meeting
for joint ASC(Nicholls), OSC, NPAC Gateway Activity

Table of Contents for full HTML of DATORR and New WebFlow and Gateway Developments

 Denote Foils where Image Critical
Denote Foils where HTML is sufficient
1 Gateway System
2 Gateway Objectives
3 Three-Tier Architecture
4 Standard Interfaces
5 Architecture of Gateway
6 CORBA Based Middle-Tier
7 Middle-Tier
8 Security Model
9 Distributed Objects are less secure
10 CORBA security is built into ORB
11 Authentication
12 Privilege Delegation
13 CORBA access model
14 PPT Slide
15 WebFlow Server
16 Initialization of a session
17 Building an application
18 Event binding
19 WebFlow over Globus
20 Gateway Components

Outside Index Summary of Material

HTML version of Basic Foils prepared February 20 1999

Foil 1 Gateway System

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
New Generation of WebFlow
Tom Haupt
NPAC Syracuse University
DATORR:An International HPCC/HPCN Community Activity to establish Interoperability Standards
Second Working Group Meeting Sandia February 15,16 99
HTML version of Basic Foils prepared February 20 1999

Foil 2 Gateway Objectives

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
To provide infrastructure supporting development of problem solving environments
  • create user space
  • define problem
  • identify resources
To provide seamless and secure access to remote resources
  • allocate resources
  • monitor resources
Ken Flurchick, http://www.osc.edu/~kenf/Gateway
HTML version of Basic Foils prepared February 20 1999

Foil 3 Three-Tier Architecture

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
Back-end services
comprise Tier 3.
Tier 1 is a high-level front-end for visual programming
Distributed object-based, scalable, and
reusable Web server and Object broker
Middleware forms Tier 2
HTML version of Basic Foils prepared February 20 1999

Foil 4 Standard Interfaces

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
Services
User Modules
Data Flow
Front-End
OO
Front-End
Task Specification
Metacomputing Services
DATORR
Back-End Resources
HTML version of Basic Foils prepared February 20 1999

Foil 5 Architecture of Gateway

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
Globus
DOM/XML
HTML version of Basic Foils prepared February 20 1999

Foil 6 CORBA Based Middle-Tier

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
Mesh of WebFlow Servers
implemented as CORBA objects.
Each server provides specific
services and serves as a container
for user's modules
Gatekeeper:
Authentication
Authorization
HTML version of Basic Foils prepared February 20 1999

Foil 7 Middle-Tier

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
HTML version of Basic Foils prepared February 20 1999

Foil 8 Security Model

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
SECIOP
Front End Applet
https
authentication
& authorization
Gatekeeper
delegation
Stakeholders
HPCC resources
GSSAPI
GSSAPI
Layer 1: secure Web
Layer 2: secure CORBA
Layer 3: Secure access to resources
Policies defined by resource owners
HTML version of Basic Foils prepared February 20 1999

Foil 9 Distributed Objects are less secure

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
can play both client and server
  • in client/server you trust the server, but not clients
evolve continually
  • objects delegate parts of its implementation to the other objects (also dynamically composed at runtime). Because of subclassing, the implementation of an object may change over time
interaction are not well defined
  • because of encapsulation, you cannot understand all the interactions between objects
are polymorphic (ideal for Trojan horses!)
can scale without limit
  • how do you manage access right to millions of servers?
are very dynamic
HTML version of Basic Foils prepared February 20 1999

Foil 10 CORBA security is built into ORB

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
Secure Communications
Authentication
Client
User
Encryption
Audit
Authorization
Server
Encryption
Credentials
Object
Adapter
HTML version of Basic Foils prepared February 20 1999

Foil 11 Authentication

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
A principal is authenticated once by ORB and given a set of credentials, including one or more roles, privileges, and an authenticated ID.
An authenticated ID is automatically propagated by a secure ORB; it's part of the caller context
Principal
Credentials
Current
Client
Server
set_credentials
get_attributes
authenticate
HTML version of Basic Foils prepared February 20 1999

Foil 12 Privilege Delegation

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
No delegation
  • The intermediary uses its own credentials
Simple delegation
  • The intermediary impersonate the client
Composite delegation
  • The intermediary uses both
Client
Target
Client
Target
Client
Target
Client
Target
Object
IIOP
HTML version of Basic Foils prepared February 20 1999

Foil 13 CORBA access model

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
Based on a trusted ORB model: you must trust that your ORB will enforce the access policy on the server resource
The ORB determines: if this client on - behalf of this principal - can do this operation on this object
Server uses Access Control Lists (ACL) to control user access
Principal
Role
Rights
Operation
HTML version of Basic Foils prepared February 20 1999

Foil 14 PPT Slide

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
Mary Thompson, http://www-itg.lbl.gov/security/Akenti/DOE2000/sld014.htm
HTML version of Basic Foils prepared February 20 1999

Foil 15 WebFlow Server

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
User 1
User 2
Application 1
Application 2
App 2
App 1
WebFlow server is given
by a hierarchy of containers
and components
WebFlow server hosts users and services
Each user maintains a number of applications composed of custom modules and common services
WebFlow Services
HTML version of Basic Foils prepared February 20 1999

Foil 16 Initialization of a session

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
Portal
Page
Secure
Web Server
Mutual
authentication
start
AKENTI
Credentials
Globus Cert.
Front End
Applet
WebFlow
Server
User
Context
Netscape's ORB
ORBacus ORB
IIOP
HTML version of Basic Foils prepared February 20 1999

Foil 17 Building an application

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
Applet
Application
Context
Netscape ORB
ORBacus ORB
IIOP
List of servers
List of modules
List of events
List of methods
E
M
Add module
Attach Event
local
remote
Adapter
LLM
HTML version of Basic Foils prepared February 20 1999

Foil 18 Event binding

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
addEventListener
rmEventListener
fireEvent(E,M)
method M
Event Source
Event Target
Adapter
Event
ORB
binding
table
DII
DSI
HTML version of Basic Foils prepared February 20 1999

Foil 19 WebFlow over Globus

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
In order to run WebFlow over Globus there must be at least one WebFlow node capable of executing Globus commands, such as globusrun
Jobs that require computational power of massively parallel computers are directed to the Globus domain, while others can be launched on much more modest platforms, such as the user's desktop or even a laptop running Windows NT.
Bridge between WebFlow and Globus
HTML version of Basic Foils prepared February 20 1999

Foil 20 Gateway Components

From DATORR and New WebFlow and Gateway Developments Second DATORR Meeting Sandia National Laboratory -- February 15-16 1999. *
Full HTML Index
Front End (Java Applets)
  • many different "plug-ins" implementing WebFlow API
Middle Tier (CORBA)
Back End modules (anything from JBDC to HPF)
  • JavaBeans model
  • Proxy Modules
    • Access to remote HPCC resources
© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Sat Feb 20 1999