XSEDE Capability Delivery Plan for "DM-11: Post-allocation data access"

Use Case DM-11: Post-allocation data access

Area: Scientific Data
URLs: Public, Review

Executive Summary: A researcher needs to access his/her data on a community resource after his/her allocation on that resource ends.

URLs: Public
First CDP: 2018-08-01
Current CDP: 2020-05-04
Current Implementation Status: 
Issues to be Addressed: 
Time & Effort Summary: 

The SP forum agreed to a standard 90-day grace period at their meeting on January 23, 2020. The XSEDE system is currently honoring a 90-day grace period for the user authentication services used by data transfer, so as long as SP services honor the grace period, it should work for researchers. The one remaining piece is to ensure that the standard 90-day grace period is documented on the XSEDE website. No further work is proposed.

Significant Revisions:
  • 2020-05-04 16:29 (current revision)
This capability is currently supported by the following 5 components:
Component User facing? Component’s role in the capability
Globus Toolkit GridFTP Service no The Globus Transfer service uses GridFTP servers to transfer data from one endpoint to another.
Globus Transfer yes XSEDE users use the Globus Transfer service to request data transfers to/from XSEDE storage systems.
OAuth for MyProxy (OA4MP) yes The Globus Transfer service redirects individuals to the XSEDE OA4MP service when they access an XSEDE transfer endpoint. The OA4MP service uses MyProxy to authenticate the individual as an XSEDE user and generate a credential that the Transfer service can use for data transfers on the individual's behalf.
XSEDE Central Database no The XSEDE MyProxy service queries the XCDB for allocation status when an individual authenticates. MyProxy only permits a certificate to be generated if the individual is currently part of an active allocation or has been part of an active allocation within the standard 90-day grace period.
XSEDE MyProxy no The MyProxy service authenticates individuals using XSEDE's Kerberos service and queries the XCDB for their current allocation status. On success, it returns an X.509 certificate that can be used with OA4MP to "activate" the endpoint in the Globus Transfer service so transfers can be authenticated.