WSO2Con USA 2015: Implementing SSO Across our Science-as-a-Service Web and API Stack at TACC

•

1 j'aime•604 vues

The Texas Advanced Computing Center (TACC) is home to some of the most powerful computing resources in the world, including Stampede, ranked 8th fastest supercomputer on the Top500. The TACC Agave API platform provides a set of restful, multitenant services for interacting with the supercomputing resources over http including submitting jobs, managing data and much more. Agave has been leveraging WSO2 API Manager in production for over a year now. Recently, the Agave platform has experienced tremendous growth to include large organizations such as the iPlant Collaborative which deploys hundreds of front-end web apps serving more than 20,000 scientists. In partnership with Yenlo and WSO2, TACC is developing a Single SignOn (SSO) solution based on integrating WSO2 Identity Server with Agave’s current API Manager deployments. In this talk, we review our experiences with API Manager and introduce our SSO solution based on WSO2 Identity Server, including details of our production deployment based on Docker containers, Ansible technology, and more.

Technologie

Implementing Federated Identity
Across Our Science-as-a-Service
Platform
Joe Stubbs, PhD
Texas Advanced Computing Center
University Of Texas, Austin

What is TACC?
“What starts here changes the world” “Powering discoveries that change the
world”

Galaxy evolution modeled
Now we know why stars form
Powering discoveries...

Powering discoveries...
Hurricane Prediction
Storm surge, flooding, evacuation
routes, damage assessment,
predicted path, impact areas.

Powering discoveries...
Earthquake Prediction
Predicting frequency of damaging
earthquakes in California for the
latest Uniform California
Earthquake Rupture Forecast
(UCERT3)

Powering discoveries...
A Link Between Alzheimer’s and Cancer
Computational systems biology approach
found a link between Alzheimer’s and
GBM, one of the most aggressive forms
of brain cancer.

What Does TACC Do?
Mission: To enable discoveries that advance science and society through the
application of advanced computing technologies.
● High performance computing (HPC)
● Cloud & high throughput computing
● Data intensive computing
● Visualization
● Software development & optimization
● Apps & APIs
● Life sciences
● Training & outreach
● Consulting & professional services

What Can Agave Do?
● Run application codes
your own or community provided codes
● ...on HPC, HTC, and cloud resources
your own, shared, or commercial systems
● ...and manage your data
reliable, multi-protocol, async data movement
● …in a collaborative way
fine grain ACL for working securely with others
● ...from the web
webhooks, rest, json, cors, oauth2
● ...and remember how you did it
deep provenance, history, and reproducibility built in

A Proliferation of Portals
drug discovery portal
EARTH
CUBE

An Identity Crisis
● Each portal maintains a separate database of users.
● Users have to be vetted manually each time.
● Users have to remember separate credentials.
● No single sign-on.
● No way for share platform assets (apps, jobs, metadata).

One Identity To Rule Them All
CAMPUS LOGIN:

TACC Identity Service
● Create central identity service for entire center.
● Core of the service is WSO2 IS.
● Leverage campus identity providers.

Federated Identity Via InCommon
Nearly 600
Universities
200 government
agencies and
partners
SAML based trust
fabric

Architecture
TACC Identity
Service
(WSO2 IS)
InCommon
University
IDP University
IDP
University
IDP
University
IDP
Discovery
Portal
Discovery
Portal
Discovery
Portal
Tenant
APIM
Tenant
APIM
Tenant
APIM
A
A
A
A
A
Agave APIsDomain-Specific
Applications

Identity Server and APIM
● Internal accounts mapped and managed by IS.
○ Self-service reconciliation, password management.
● SSO across web apps now possible.
● Implicit trust between IS <-> APIM.
● Clients use OAuth2 SAML Bearer Assertion.
○ Exchange SAML assertion for bearer token.
● Still working on the IS <-> InCommon trust.

Status And Timeline
● In production with APIM.
● Working on InCommon membership and IS deployment.
● Goal is to be in prod with first tenant by summer 2016.
● New tenants will be built leveraging the TACC IS.
● Existing tenants will convert over time, if applicable.

Contenu connexe

Similaire à WSO2Con USA 2015: Implementing SSO Across our Science-as-a-Service Web and API Stack at TACC

Identity Management for Virtual Organizations: A Model

Von Welch

Do you possess an Active Security Clearance & are looking for your next Cleared career opportunity? Join us at the reStartEvents Nationwide All-Clearances Virtual Career Fair and engage with hiring managers and recruiters from some of the nation's leading defense contractors, all from the safety and comfort of your home or office. Accomplish what it would take weeks to do, ALL in one day at reStart! reStartEvents Nationwide All-Clearances Virtual Career Fair Thursday, May 25th, 2023 2pm - 5pm est Details & Registration: https://tinyurl.com/yvjwmxsu An Active Security Clearance IS Required For This Event Companies Interviewing: • Leidos • Air Force Civilian Service • Abacus Technology Corporation • Accenture Federal Services • Applied Research Laboratory at Penn State University • AXIENT • Defense Contract Management Agency • Honeywell Aerospace • Oasis Systems • Raytheon Missiles and Defense and many more..... Whether you are transitioning from the military or federal government, furloughed, actively seeking employment, your contract is coming to an end or window shopping and want to see what else is out there for you, This Is The Event For You! Positions available include: Software Engineers, Help Desk, Web Developers, Budget Analysts, Program / Project Managers, Cyber CounterIntelligence Specialists, Storage Engineers, Business Analytics, Systems Engineers, SharePoint Developer, Reverse Engineers, Intelligence Analysts, Network Engineers, CNO Analysts, Penetration Testers, JAVA Programmers, Cloud Engineer, Information Systems Security, Administrative Assistants, Network Admins, Linguists, Full Stack Developers, LINUX Systems Admins and much more.... This event will be accessible to job seeking professionals from coast to coast and will offer Cleared career opportunities both CONUS & OCONUS. Please share this unprecedented event with ALL your Security Cleared friends and colleagues Looking forward to having you join us online on May 25th

reStartEvents 5:25 Nationwide All-Clearances Employer Directory.pdf

Ken Fuller

Introduction to Big Data Analytics: Batch, Real-Time, and the Best of Both Wo...

WSO2

This slide deck is used to present the following paper: S. Shahand, A. H. C. van Kampen, and S. D. Olabarriaga, "Science Gateway Canvas: A business reference model for Science Gateways", In Proceedings of the Science of Cyberinfrastructure: Research, Experience, Applications and Models, SCREAM'15, Portland, OR, USA, June 16 2015 (in conjunction with HPDC'15). DOI: http://dx.doi.org/10.1145/2753524.2753527

Science Gateway Canvas

Shayan Shahand

3. the grid new infrastructure

Dr Sandeep Kumar Poonia

Sinnott Paper

Johanna Green

MDM-2013, Milan, Italy, 6 June, 2013

Charith Perera

Building a Robotics Hub in San Diego

MecklerMedia

Knoesis Student Achievement

Artificial Intelligence Institute at UofSC

Cloud Computing and Big Data for Service Innovations & Learning Up till now, most of the adoption of cloud computing focusses on the automation and consolidation of traditional IT services. As such, the gains are confined to the uniformity of control, cost reduction and better governance. Recent adoption of the cloud has gradually moved into tactical and even strategic levels thereby demonstrating a high level of gains for using the cloud for business transformations and innovations. Such benefits include dynamism in business model compositions and speed and ease in orchestrating service innovations in the cloud. This talk will shed light on how massive and rapid accumulation of data in the cloud can support human-machine cooperative problem solving and re-define the landscape of Open Innovation and Connectionist Learning via a Knowledge Cloud.

Cloud computing & big data for service innovation & learning

2016

Tech Jam 2015: Action Cluster Highlights

US-Ignite

Trust is critical to the process of science. Two decades ago the Internet and World Wide Web fostered a new age in computational science with the emergence of accessible and high performance computing, storage, software, and networking. More recent paradigms, including virtual organizations, federated identity, big data, and global-scale operations continue to evolve the way computing for science is performed. Advancing technologies, the need to coordinate across organizations and nations, and an evolving threat landscape are sources of ongoing challenges in maintaining the trustworthy nature of computational infrastructure and the science it supports. To address these challenges, a number of projects have focused on improving the cybersecurity and trustworthiness of scientific computing. Recent examples include the Center for Trustworthy Scientific Cyberinfrastructure funded by NSF, the Software Assurance Marketplace funded by DHS, and the Extreme Scale Identity Management for Science project funded by DOE. This presentation will give a 20 year retrospective together with a vision for the future of cybersecurity for computational science. It will describe the state of trust and cybersecurity for scientific computing, its evolution over the past twenty years, challenges it is facing today, how the exemplar projects are addressing those challenges, and a vision of cybersecurity for research and higher education in general augmenting each other in the future.

Trustworthy Computational Science: A Multi-decade Perspective

Von Welch

Accure ai healthcare offering v4

Accureinc

Robotics opportunities v6

Welch owasp-feb-2015

Colombia 20140326 v1

Sgci esip-7-20-18

Challenges and Opportunities of the IoT Data and Service Interoperability

SensorUp

Nectar cloud workshop ndj 20110331.2

Nick Jones

Sensing-as-a-Service - An IoT Service Provider's Perspectives

Dr. Mazlan Abbas

Similaire à WSO2Con USA 2015: Implementing SSO Across our Science-as-a-Service Web and API Stack at TACC (20)

Identity Management for Virtual Organizations: A Model

reStartEvents 5:25 Nationwide All-Clearances Employer Directory.pdf

Introduction to Big Data Analytics: Batch, Real-Time, and the Best of Both Wo...

Science Gateway Canvas

3. the grid new infrastructure

Sinnott Paper

MDM-2013, Milan, Italy, 6 June, 2013

Building a Robotics Hub in San Diego

Knoesis Student Achievement

Cloud computing & big data for service innovation & learning

Tech Jam 2015: Action Cluster Highlights

Trustworthy Computational Science: A Multi-decade Perspective

Accure ai healthcare offering v4

Robotics opportunities v6

Welch owasp-feb-2015

Colombia 20140326 v1

Sgci esip-7-20-18

Challenges and Opportunities of the IoT Data and Service Interoperability

Nectar cloud workshop ndj 20110331.2

Sensing-as-a-Service - An IoT Service Provider's Perspectives

Plus de WSO2

Driving Innovation: Scania's API Revolution with WSO2

WSO2

At its core, the challenge of managing Human Resources data is an integration challenge: estimates range from 2-3 HR systems in use at a typical SMB, up to a few dozen systems implemented amongst enterprise HR departments, and these systems seldom integrate seamlessly between themselves. Providing a multi-tenant, cloud-native solution to integrate these hundreds of HR-related systems, normalize their disparate data models and then render that consolidated information for stakeholder decision making has been a substantial undertaking, but one significantly eased by leveraging Ballerina. In this session, we’ll cover: The overall software architecture for VHR’s Cloud Data Platform Critical decision points leading to adoption of Ballerina for the CDP Ballerina’s role in multiple evolutionary steps to the current architecture Roadmap for the CDP architecture and plans for Ballerina WSO2’s partnership in bringing continual success for the CD

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform

WSO2

The integration landscape is changing rapidly with the introduction of technologies like GraphQL, gRPC, stream processing, iPaaS, and platformless. However, not all existing applications and industries can keep up with these new technologies. Certain industries, like manufacturing, logistics, and finance, still rely on well-established EDI-based message formats. Some applications use XML or CSV with file-based communications, while others have strict on premises deployment requirements. This talk focuses on how Ballerina's built-in integration capabilities can bridge the gap between "old" and "new" technologies, modernizing enterprise applications without disrupting business operations.

Modernizing Legacy Systems Using Ballerina

WSO2

WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...

WSO2

WSO2CON 2024 Slides - Unlocking Value with AI

WSO2

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

Quantum Leap in Next-Generation Computing

WSO2

WSO2CON 2024 - Elevating the Integration Game to the Cloud

WSO2

WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation

WSO2

WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source

WSO2

WSO2CON 2024 Slides - Open Source to SaaS

WSO2

WSO2CON 2024 - Does Open Source Still Matter?

WSO2

WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...

WSO2

WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications

WSO2

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

WSO2

WSO2CON 2024 - Software Engineering for Digital Businesses

WSO2

WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...

WSO2

WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation

WSO2

WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!

WSO2

WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...

WSO2

Plus de WSO2 (20)

Driving Innovation: Scania's API Revolution with WSO2

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform

Modernizing Legacy Systems Using Ballerina

WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...

WSO2CON 2024 Slides - Unlocking Value with AI

Platformless Horizons for Digital Adaptability

Quantum Leap in Next-Generation Computing

WSO2CON 2024 - Elevating the Integration Game to the Cloud

WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation

WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source

WSO2CON 2024 Slides - Open Source to SaaS

WSO2CON 2024 - Does Open Source Still Matter?

WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...

WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

WSO2CON 2024 - Software Engineering for Digital Businesses

WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...

WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation

WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!

WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...

Dernier

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Architecting Cloud Native Applications

WSO2

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

The action of the next cyber saga takes place in the mystical lands of the Asia-Pacific region, where the main characters began their digital activities in the middle of 2021 and qualitatively strengthened it in 2022. Corporate espionage, document theft, audio recordings, and data leaks from messaging platforms were all a matter of one day for Dark Pink. Their geographical focus may have started in the Asia-Pacific region, but their ambitions knew no bounds, targeting a European government ministry in a bold move to expand their portfolio. Their victim profile was as diverse as a UN meeting, targeting military organizations, government agencies, and even a religious organization. Because discrimination is not a fashionable agenda. In the world of cybercrime, they serve as a reminder that sometimes the most serious threats come in the most unassuming packages with a pink bow.

Cyberprint. Dark Pink Apt Group [EN].pdf

Overkill Security

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Exploring Multimodal Embeddings with Milvus

Zilliz

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Zilliz

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Dernier (20)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

MS Copilot expands with MS Graph connectors

presentation ICT roal in 21st century education

Why Teams call analytics are critical to your entire business

Architecting Cloud Native Applications

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

Cyberprint. Dark Pink Apt Group [EN].pdf

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Artificial Intelligence Chap.5 : Uncertainty

Axa Assurance Maroc - Insurer Innovation Award 2024

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

[BuildWithAI] Introduction to Gemini.pdf

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Exploring Multimodal Embeddings with Milvus

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Boost Fertility New Invention Ups Success Rates.pdf

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Corporate and higher education May webinar.pptx

WSO2Con USA 2015: Implementing SSO Across our Science-as-a-Service Web and API Stack at TACC

1. Implementing Federated Identity Across Our Science-as-a-Service Platform Joe Stubbs, PhD Texas Advanced Computing Center University Of Texas, Austin

2. What is TACC? “What starts here changes the world” “Powering discoveries that change the world”

3. Galaxy evolution modeled Now we know why stars form Powering discoveries...

4. Powering discoveries... Hurricane Prediction Storm surge, flooding, evacuation routes, damage assessment, predicted path, impact areas.

5. Powering discoveries... Earthquake Prediction Predicting frequency of damaging earthquakes in California for the latest Uniform California Earthquake Rupture Forecast (UCERT3)

6. Powering discoveries... A Link Between Alzheimer’s and Cancer Computational systems biology approach found a link between Alzheimer’s and GBM, one of the most aggressive forms of brain cancer.

7. What Does TACC Do? Mission: To enable discoveries that advance science and society through the application of advanced computing technologies. ● High performance computing (HPC) ● Cloud & high throughput computing ● Data intensive computing ● Visualization ● Software development & optimization ● Apps & APIs ● Life sciences ● Training & outreach ● Consulting & professional services

8. From Command Line to the Web

10. What Can Agave Do? ● Run application codes your own or community provided codes ● ...on HPC, HTC, and cloud resources your own, shared, or commercial systems ● ...and manage your data reliable, multi-protocol, async data movement ● …in a collaborative way fine grain ACL for working securely with others ● ...from the web webhooks, rest, json, cors, oauth2 ● ...and remember how you did it deep provenance, history, and reproducibility built in

11. A Platform For Science Portals

12. A Proliferation of Portals drug discovery portal EARTH CUBE

13. An Identity Crisis ● Each portal maintains a separate database of users. ● Users have to be vetted manually each time. ● Users have to remember separate credentials. ● No single sign-on. ● No way for share platform assets (apps, jobs, metadata).

14. One Identity To Rule Them All CAMPUS LOGIN:

15. TACC Identity Service ● Create central identity service for entire center. ● Core of the service is WSO2 IS. ● Leverage campus identity providers.

16. Federated Identity Via InCommon Nearly 600 Universities 200 government agencies and partners SAML based trust fabric

17. Architecture TACC Identity Service (WSO2 IS) InCommon University IDP University IDP University IDP University IDP Discovery Portal Discovery Portal Discovery Portal Tenant APIM Tenant APIM Tenant APIM A A A A A Agave APIsDomain-Specific Applications

18. Identity Server and APIM ● Internal accounts mapped and managed by IS. ○ Self-service reconciliation, password management. ● SSO across web apps now possible. ● Implicit trust between IS <-> APIM. ● Clients use OAuth2 SAML Bearer Assertion. ○ Exchange SAML assertion for bearer token. ● Still working on the IS <-> InCommon trust.

19. Status And Timeline ● In production with APIM. ● Working on InCommon membership and IS deployment. ● Goal is to be in prod with first tenant by summer 2016. ● New tenants will be built leveraging the TACC IS. ● Existing tenants will convert over time, if applicable.

WSO2Con USA 2015: Implementing SSO Across our Science-as-a-Service Web and API Stack at TACC

Recommandé

Recommandé

Contenu connexe

Similaire à WSO2Con USA 2015: Implementing SSO Across our Science-as-a-Service Web and API Stack at TACC

Similaire à WSO2Con USA 2015: Implementing SSO Across our Science-as-a-Service Web and API Stack at TACC (20)

Plus de WSO2

Plus de WSO2 (20)

Dernier

Dernier (20)

WSO2Con USA 2015: Implementing SSO Across our Science-as-a-Service Web and API Stack at TACC

WSO2Con USA 2015: Implementing SSO Across our Science-as-­a-­Service Web and API Stack at TACC

Recommandé

Recommandé

Contenu connexe

Similaire à WSO2Con USA 2015: Implementing SSO Across our Science-as-­a-­Service Web and API Stack at TACC

Similaire à WSO2Con USA 2015: Implementing SSO Across our Science-as-­a-­Service Web and API Stack at TACC (20)

Plus de WSO2

Plus de WSO2 (20)

Dernier

Dernier (20)

WSO2Con USA 2015: Implementing SSO Across our Science-as-­a-­Service Web and API Stack at TACC

WSO2Con USA 2015: Implementing SSO Across our Science-as-a-Service Web and API Stack at TACC

Similaire à WSO2Con USA 2015: Implementing SSO Across our Science-as-a-Service Web and API Stack at TACC

Similaire à WSO2Con USA 2015: Implementing SSO Across our Science-as-a-Service Web and API Stack at TACC (20)

WSO2Con USA 2015: Implementing SSO Across our Science-as-a-Service Web and API Stack at TACC