Back to Volume
Paper: Extending Support for Large Distributed Projects Through Interoperability
Volume: 521, Astronomical Data Analysis Software and Systems XXVI
Page: 161
Authors: Gaudet, S.; Taffoni, G.; Bertocco, S.; Major, B.; Dowler, P.; Molinaro, M.; Schade, D.; Pasian, F.
Abstract: Many astronomy projects today are executed by distributed science teams with access to different computation and storage resources. As we move into the era of petabyte and exabyte datasets, it is recognized that moving the code to the data becomes necessary as the alternative becomes infeasible. The question becomes how can resource infrastructures support these large projects such that a team has integrated access to the different distributed resources available to a project. Examples of resources that could be integrated are files and directories, storage allocations, processing allocations, containers and virtual machine images, databases and tables, etc. A first step in this direction is the interoperability of authorization services.
The International Virtual Observatory Alliance (IVOA) has developed many standards to support access and interoperability of infrastructure such as Single-Sign On (SSO), Credential Delegation Protocol (CDP) and VOSpace. Both Canadian Advanced Network for Astronomical Research (CANFAR) operated by the Canadian Astronomy Data Centre) and INAF-Osservatorio Astronomico di Trieste (INAF-OAT) use these standards for provision of user storage to support projects. In the VOSpace implementation, users assign read-only and read/write permissions to groups that are defined in their respective home institution Group Management Services. In 2015, the EGI-Engage project in Europe partially funded an exploration of interoperability of authorization services in a joint project between the CANFAR and INAF-OAT. This has also led to the inclusion of this work in the Advanced European Network of E-infrastructures for Astronomy with the SKA (Aeneas) proposal. The joint CANFAR/ INAF-OAT project has added support to interoperate its VOSpace services by adding the capability of granting authorization to access a resource to groups defined in an external Group Management Service and to allow for the dynamic creation of internal user IDs that are associated with an external identify provider.
Back to Volume