XSEDE Capability Delivery Plan for "SGW-04: Data movement between gateway users' desktops/laptops and XSEDE resources"

Use Case SGW-04: Enable gateway users to transfer files to or from a community resource

Area: Community Building
URLs: Public, Review

Executive Summary: A science gateway developer needs to enable gateway users to transfer files between a community resource and the gateway user’s local system without passing through the gateway host. These gateway users aren’t members of the gateway’s community project and don’t have access to the gateway’s allocation on the resource. The files and storage on the resource are owned by the gateway.

URLs: Public
First CDP: 2016-06-08
Current Implementation Status: 
Issues to be Addressed: 
Issues Remaining: 
  • Web portal for science gateway developers to use to setup and configure their relationship with XSEDE
    (suggested priority: medium)
    XSEDE currently does not provide a self-service web portal for setting up the credentials, registrations, configurations, etc. necessary for a science gateway to use XSEDE’s system features. A self-service web portal would automate the communication and configuration currently performed by XSEDE staff members and gateway developers, improving responsiveness for gateway developers, reducing their start-up time, and also enforcing or encouraging best practices and guidelines for how to use the features effectively and securely.
This capability is currently supported by the following 7 components:
Component User facing? Component’s role in the capability
Globus Auth yes Provides the authentication service used by end users to login to XUP or a science gateway and to obtain an XSEDE OAuth2 token that can be used with other XSEDE services, including Globus Transfer. Also provides the ability for end users to link their XSEDE identities with non-XSEDE identities (e.g., InCommon campus identities, DOE and other agency identities, etc.)
Globus Connect Server no Used by XSEDE SPs, campus IT providers, and end users to create endpoints from which and to which Globus Transfer can transfer files.
no Groups is a feature of Globus that allows end users to define and manage user groups, which can then be used to define access control rules for other Globus services, such as Transfer. A common practice is to define a group and then give that group permission to access shared storage accessible via Globus Transfer. The groups feature has not been fully integrated with XSEDE at this time. This is implicit in the gaps identified in this CDP. The plans for filling these gaps include documentation specifically designed to enable science gateway developers to use the groups feature.
Globus Transfer yes The hosted web application accessed by users via a web browser to select the file transfer source and destination and initiate, monitor, or cancel transfers, as well as managing the quality attributes regarding reliability, performance, scalability, and history accessibility. It also supports synchronizing a source file or directory to a destination, Also provides an SSH-accessible command-line interface and a RESTful web API for application integration. Sharing is a feature of Globus Transfer that allows one end user to share a portion of his/her storage with other end users. All users involved in the share must be known to Globus Auth, but only the user who creates the share needs to have an allocation on the storage system. The sharing feature must be explicitly enabled by the storage system provider.
Kerberos no The repository that stores XSEDE usernames and passwords and authenticates XSEDE identities for Globus Auth
OAuth for MyProxy (OA4MP) no Used by Globus Transfer to acquire tokens for authenticating to source/destination endpoints.
XSEDE User Portal (XUP) yes The front-end user interface to the XSEDE system where end users register with XSEDE, manage their user profile information, and request allocations to use XSEDE SP resources.