XSEDE Capability Delivery Plan for "SGW-04: Data movement between gateway users' desktops/laptops and XSEDE resources"
Executive Summary: A science gateway developer needs to enable researchers using his/her gateway to transfer files between their local systems (laptops, desktops, campus servers) and HPC resources (XSEDE compute or storage systems) either directly or through gateway servers that use common security attributes (currently referred as "community credentials") for initiating and managing the transfer. The researchers using the gateway will authenticate using the gateway's authentication mechanisms and will not have their own XSEDE allocations or be members of the gateway's project group, and they must not have access to the gateway's community credential.
First CDP: 2016-06-08
- XCI-2: Document how Science Gateways can use XSEDE Identity Management
- XCI-3: Document how Science Gateways can enable direct end-user-to-XSEDE-SP-resource file transfers
- Web portal for science gateway developers to use to setup and configure their relationship with XSEDE
(suggested priority: medium)
XSEDE currently does not provide a self-service web portal for setting up the credentials, registrations, configurations, etc. necessary for a science gateway to use XSEDE’s system features. A self-service web portal would automate the communication and configuration currently performed by XSEDE staff members and gateway developers, improving responsiveness for gateway developers, reducing their start-up time, and also enforcing or encouraging best practices and guidelines for how to use the features effectively and securely.
|Component||User facing?||Component’s role in the capability|
|Globus Auth||yes||Provides the authentication service used by end users to login to XUP or a science gateway and to obtain an XSEDE OAuth2 token that can be used with other XSEDE services, including Globus Transfer. Also provides the ability for end users to link their XSEDE identities with non-XSEDE identities (e.g., InCommon campus identities, DOE and other agency identities, etc.)|
|Globus Connect Server||no||Used by XSEDE SPs, campus IT providers, and end users to create endpoints from which and to which Globus Transfer can transfer files.|
|Globus Groups||no||Groups is a feature of Globus that allows end users to define and manage user groups, which can then be used to define access control rules for other Globus services, such as Transfer. A common practice is to define a group and then give that group permission to access shared storage accessible via Globus Transfer. The groups feature has not been fully integrated with XSEDE at this time. This is implicit in the gaps identified in this CDP. The plans for filling these gaps include documentation specifically designed to enable science gateway developers to use the groups feature.|
|Globus Transfer||yes||The hosted web application accessed by users via a web browser to select the file transfer source and destination and initiate, monitor, or cancel transfers, as well as managing the quality attributes regarding reliability, performance, scalability, and history accessibility. It also supports synchronizing a source file or directory to a destination, Also provides an SSH-accessible command-line interface and a RESTful web API for application integration. Sharing is a feature of Globus Transfer that allows one end user to share a portion of his/her storage with other end users. All users involved in the share must be known to Globus Auth, but only the user who creates the share needs to have an allocation on the storage system. The sharing feature must be explicitly enabled by the storage system provider.|
|Kerberos||no||The repository that stores XSEDE usernames and passwords and authenticates XSEDE identities for Globus Auth|
|OAuth for MyProxy (OA4MP)||no||Used by Globus Transfer to acquire tokens for authenticating to source/destination endpoints.|
|XSEDE User Portal (XUP)||yes||The front-end user interface to the XSEDE system where end users register with XSEDE, manage their user profile information, and request allocations to use XSEDE SP resources.|