Peer-reviewed Publications

Permanent link for this collectionhttps://hdl.handle.net/2022/20721

Browse

Recent Submissions

Now showing 1 - 4 of 4
  • Item
    Towards a Science Gateway Reference Architecture
    (2018-06-15) Pierce, Marlon E.; Miller, Mark A.; Brookes, Emre H.; Wong, Mona; Afgan, Enis; Liu, Yan; Gesing, Sandra; Dahan, Maytal; Marru, Suresh; Walker, Tony
    Paper given at the 10t​h International Workshop on Science Gateways (IWSG 2018), 13-15 June 2018 in Endinburgh, Scotland. Science gateways have been developed over the last twenty years and have grown into a large community of practice, as evidenced by international workshops and conferences. Because of the diversity of approaches to creating science gateways and the always changing landscape of technologies, the community lacks a common definition for the term “science gateway” itself and common terminology for describing the common components of a gateway architecture. Instead, a wide range of definitions and understandings exist and are used in different communities; this is evident, for example, in discussions whether science gateways are the same as virtual research environments. This paper attempts to address these issues by focusing on how science gateways support scientific research and considering the consequences on cyberinfrastructure.
  • Item
    Apache Airavata Security Manager: Authentication and Authorization Implementations for a Multi-Tenant eScience Framework
    (2016-12-01) Nakandala, Supun; Gunasinghe, Hasini; Marru, Suresh; Pierce, Marlon
    eScience middleware frameworks integrating multiple virtual organizations must incorporate comprehensive user identity and access management solutions. In this paper we examine usage patterns for these systems and map the patterns to widely used security standards and approaches. We focus on science gateways, a class of distributed system cyberinfrastructure. Science gateways are end user environments that provide access to a wide range of academic and commercial computing and storage resources for virtual organizations. Successful gateways focus on specific scientific communities and domains, but they build on many reusable features that can be provided by general purpose hosted platform services that can support multiple tenants. Providing a security framework for identity and access management for such hosted service removes the burden for each gateway to handle its user identity management and control access to its critical resources. From the resource provider’s point of view, it provides a basis for more uniform accounting and auditing. Challenges arise from the range of gateways (both legacy and newly created), the range of technologies used to build them, and the range of end user environments (Web, mobile, desktop, and programmatic API clients) that gateways provide. Using Apache Airavata as an implementation, we examine three common gateway types based on where the user identity information is held and how these can be treated in a unified manner using OAuth2 and OpenID-Connect. Our solutions for identity and access management are not specific to Apache Airavata but can be generally applied to any e-Science platform.
  • Item
    Apache Airavata: Design and Directions of a Science Gateway Framework
    (2014-06) Pierce, Marlon E.; Marru, Suresh; Gunathilake, Lahiru; Kanewala, Thejaka Amilia; Singh, Raminder; Wijeratne, Saminda; Wimalasena, Chathuri; Herath, Chathura; Chinthaka, Eran; Mattmann, Chris; Slominski, Aleksander; Tangchaisin, Patanachai
    This paper provides an overview of the Apache Airavata software system for science gateways. Gateways use Airavata to manage application and workflow executions on a range of backend resources (grids, computing clouds, and local clusters). Airavata’s design goal is to provide component abstractions for major tasks required to provide gateway application management. Components are not directly accessed but are instead exposed through a client Application Programming Interface. This design allows gateway developers to take full advantage of Airavata’s capabilities, and Airavata developers (including those interested in middleware research) to modify Airavata’s implementations and behavior. This is particularly important as Airavata evolves to become a scalable, elastic “platform as a service” for science gateways. We illustrate the capabilities of Airavata through the discussion of usage vignettes. As an Apache Software Foundation project, Airavata’s open community governance model is as important as its software base. We discuss how this works within Airavata and how it may be applicable to other distributed computing infrastructure and cyberinfrastructure efforts.
  • Item
    A Credential Store for Multi-tenant Science Gateways
    (2014-03-18) Kanewala, Thejaka Amilia; Marru, Suresh; Basney, Jim; Pierce, Marlon
    Science Gateways bridge multiple computational grids and clouds, acting as overlay cyberinfrastructure. Gateways have three logical tiers: a user interfacing tier, a resource tier and a bridging middleware tier. Different groups may operate these tiers. This introduces three security challenges. First, the gateway middleware must manage multiple types of credentials associated with different resource providers. Second, the separation of the user interface and middleware layers means that security credentials must be securely delegated from the user interface to the middleware. Third, the same middleware may serve multiple gateways, so the middleware must correctly isolate user credentials associated with different gateways. We examine each of these three scenarios, concentrating on the requirements and implementation of the middleware layer. We propose and investigate the use of a Credential Store to solve the three security challenges.