One down two to go
Yesterday saw the first presentation in our short seminar series concentrating on the recent developments in the UK for accessing and managing grid resources.
I'm pleased (and relieved!) to say that it went well with Mike Jones from the University of Manchester giving a presentation on "Shibboleth Access to Resources on the NGS". We had 28 individuals join us on Evo from all over the world including Russia, Italy, USA and Switzerland. It was good to see that our seminar was of interest to people internationally as well.
The next seminar will take place on Wednesday 8th Feb at 10.30am (GMT) and will be looking at the Certificate Wizard which makes it easier for users to manage their certificates. If you would like to take part in the seminar either by Access Grid or Evo then please see the event listing on our website. You can also RSVP on our Facebook event page.
The seminars have been recorded and it is our aim to have these recordings available on the NGS website at the end of the seminar series.
I'm pleased (and relieved!) to say that it went well with Mike Jones from the University of Manchester giving a presentation on "Shibboleth Access to Resources on the NGS". We had 28 individuals join us on Evo from all over the world including Russia, Italy, USA and Switzerland. It was good to see that our seminar was of interest to people internationally as well.
The next seminar will take place on Wednesday 8th Feb at 10.30am (GMT) and will be looking at the Certificate Wizard which makes it easier for users to manage their certificates. If you would like to take part in the seminar either by Access Grid or Evo then please see the event listing on our website. You can also RSVP on our Facebook event page.
The seminars have been recorded and it is our aim to have these recordings available on the NGS website at the end of the seminar series.
Interested in accessing and managing grid resources?
If so then read on!
The NGS is hosting a short but sweet seminar series starting next Wednesday (1st Feb). There will be 3 seminars over the 3 weeks each lasting approximately 30 minutes and the best thing about them is that you can join in no matter where you are - all you need is the internet!
We wanted to make the seminars as open to everyone as we possibly could and, after some deliberation, we decided to use the Evo technology. This is free for everyone to use - all you have to do is to register and I recommend doing this at least the day before. This isn't anything to do with Evo's registration process more that it took several hours for my university email system to allow my confirmation email through...
So what are the topics that we will be discussing?
1st February - Shibboleth Access to Resources on the NGS – Mike Jones, NGS, University of Manchester
This talk will demonstrate how it is possible to access and use NGS resources using institutional login credentials (via the UK Access Management Federation). It will describe how the UK's two main e-Science authentication systems are combined to form an easy to use yet robust identity management environment. It will discuss how this mechanism links together with system, project and Virtual Organisation (VO) registration procedures.
8th February - Certificate Management in the UK - John Kewley, NGS, STFC Daresbury Laboratory
The NGS helpdesk receives many tickets relating to certificates (and certificate renewal in particular): largely due to browser incompatibilities. In order to tackle this problem, the NGS has devised CertWizard which is a browser-independent certificate tool. The presentation will give an introduction to the UK e-Science CA, which has issued over 30,000 certificates, and its associated software and interfaces, including CertWizard.
It will show how modernisations are being made at various stages of the certificate lifecycle, making it easier than ever for users to manage their e-Science Certificate.
15th February - Moonshot - next generation federated identity - Josh Howlett, JANET
Federated identity yields significant benefits for users and services by increasing the usability of services, reducing identity management costs and improving regulatory compliance.
A number of different technical strategies for federating identity have emerged during the past decade, with differing levels of success. These technologies address different types of use case, resulting in significant complexity for both users, services and trust infrastructure providers.
This complexity impedes the adoption of services and increasing operational costs. Moreover, there are many use cases where these technologies do not provide a solution.
Project Moonshot is an ambitious Janet-led initiative, building on existing deployed technologies, that aim to develop a single unified and standardised approach that satisfies all of the authentication and authorisation requirements of the education & research community. Much of the technology has now been implemented, and is now being tested within the Janet Moonshot Technology Pilot.
This presentation will provide an overview of some of the motivating use cases for Moonshot and an overview of the technology and the implementation.
Full details of how to join the seminars are available on the NGS website event page but if you have any queries then please contact the helpdesk and we will do our utmost to help you join in.
The NGS is hosting a short but sweet seminar series starting next Wednesday (1st Feb). There will be 3 seminars over the 3 weeks each lasting approximately 30 minutes and the best thing about them is that you can join in no matter where you are - all you need is the internet!
We wanted to make the seminars as open to everyone as we possibly could and, after some deliberation, we decided to use the Evo technology. This is free for everyone to use - all you have to do is to register and I recommend doing this at least the day before. This isn't anything to do with Evo's registration process more that it took several hours for my university email system to allow my confirmation email through...
So what are the topics that we will be discussing?
1st February - Shibboleth Access to Resources on the NGS – Mike Jones, NGS, University of Manchester
This talk will demonstrate how it is possible to access and use NGS resources using institutional login credentials (via the UK Access Management Federation). It will describe how the UK's two main e-Science authentication systems are combined to form an easy to use yet robust identity management environment. It will discuss how this mechanism links together with system, project and Virtual Organisation (VO) registration procedures.
8th February - Certificate Management in the UK - John Kewley, NGS, STFC Daresbury Laboratory
The NGS helpdesk receives many tickets relating to certificates (and certificate renewal in particular): largely due to browser incompatibilities. In order to tackle this problem, the NGS has devised CertWizard which is a browser-independent certificate tool. The presentation will give an introduction to the UK e-Science CA, which has issued over 30,000 certificates, and its associated software and interfaces, including CertWizard.
It will show how modernisations are being made at various stages of the certificate lifecycle, making it easier than ever for users to manage their e-Science Certificate.
15th February - Moonshot - next generation federated identity - Josh Howlett, JANET
Federated identity yields significant benefits for users and services by increasing the usability of services, reducing identity management costs and improving regulatory compliance.
A number of different technical strategies for federating identity have emerged during the past decade, with differing levels of success. These technologies address different types of use case, resulting in significant complexity for both users, services and trust infrastructure providers.
This complexity impedes the adoption of services and increasing operational costs. Moreover, there are many use cases where these technologies do not provide a solution.
Project Moonshot is an ambitious Janet-led initiative, building on existing deployed technologies, that aim to develop a single unified and standardised approach that satisfies all of the authentication and authorisation requirements of the education & research community. Much of the technology has now been implemented, and is now being tested within the Janet Moonshot Technology Pilot.
This presentation will provide an overview of some of the motivating use cases for Moonshot and an overview of the technology and the implementation.
Full details of how to join the seminars are available on the NGS website event page but if you have any queries then please contact the helpdesk and we will do our utmost to help you join in.
It's that time of year again...
My inbox seems to be full of emails regarding conference calls for papers, early bird registrations, conference deadlines etc. Yes it's conference preparation season and its in full swing!
I received confirmation today that I'll be giving a paper at the forthcoming EGI Community Forum on our champions networks. I'll be talking about both our Campus and Community champion networks and how we work with each other to promote e-infrastructure in the UK. Several other NGS staff have also had papers accepted on topics including "Linking Authenticating and Authorising Infrastructures in the UK NGI (SARoNGS)" (Mike Jones) and "Tweaking the Certificate Lifecycle for the UK eScience CA" (John Kewley).
Also in my inbox this week was an announcement from the Software Sustainability Institute (SSI) announcing that registration for their Collaboration Workshop 2012 (CW) is now open. This is on of my favourite events as, unlike most conferences, you don't sit passively listening. The CW consists of breakout groups where you discuss topics submitted by the attendees and there's always one of interest to me in every session. After the discussion a member of the break out group volunteers to report back to the CW as a whole. This means that you get to hear what all the other break out groups were talking about and you can still feedback on their outcomes as well.
It's a really lively meeting and you leave after 2 days feeling tired but feeling that you've achieved something worthwhile! It's also a great place for networking with new people as there are researchers from a wide variety of research areas, IT people, community support people and people like myself who represent national initiatives. To see some of the topics already suggested for discussion visit the event website.
I received confirmation today that I'll be giving a paper at the forthcoming EGI Community Forum on our champions networks. I'll be talking about both our Campus and Community champion networks and how we work with each other to promote e-infrastructure in the UK. Several other NGS staff have also had papers accepted on topics including "Linking Authenticating and Authorising Infrastructures in the UK NGI (SARoNGS)" (Mike Jones) and "Tweaking the Certificate Lifecycle for the UK eScience CA" (John Kewley).
Also in my inbox this week was an announcement from the Software Sustainability Institute (SSI) announcing that registration for their Collaboration Workshop 2012 (CW) is now open. This is on of my favourite events as, unlike most conferences, you don't sit passively listening. The CW consists of breakout groups where you discuss topics submitted by the attendees and there's always one of interest to me in every session. After the discussion a member of the break out group volunteers to report back to the CW as a whole. This means that you get to hear what all the other break out groups were talking about and you can still feedback on their outcomes as well.
It's a really lively meeting and you leave after 2 days feeling tired but feeling that you've achieved something worthwhile! It's also a great place for networking with new people as there are researchers from a wide variety of research areas, IT people, community support people and people like myself who represent national initiatives. To see some of the topics already suggested for discussion visit the event website.
Just incase you missed it....
A new edition of the quarterly NGS newsletter was released in December so if you missed it in the pre-Christmas rush, now is a chance to catch up!
This edition featured articles on -
This edition featured articles on -
- the adoption of Globus Online by the NGS
- NGS involvement in the EGI Federated Cloud Task Force and the benefits for NGS users
- NGS user case study - Scalable Road Traffic Monitoring using Grid Computing
- ...and more!
Happy new year!
I hope you all had a good Christmas and New Year break.
It's back to work and planning for the future here at the NGS with several future events on my to do list.
At the end of last year I finished off the last of our user case studies which highlight how our users have used NGS resources and the advantages it has brought them. The full set of case studies numbers 29 with the latest arrivals listed below -
Also on the horizon is Easter conference season with several events coming up including the EGI Community Forum which will take place in Munich in March. Several NGS staff have submitted abstracts to this event highlighting work we have carried out in various areas including champion networks, authorisation and authentication.
The week before Munich is the Software Sustainability Institute Collaboration Workshop which you may remember from previous years. This year the event will be held in Oxford and the NGS is involved in several ways including holding a session for our SeIUCCR Community Champions. Watch this space for more information!
Apart from attending other organisation's events I have one of our own to organise. Following the success of last years SeIUCCR e-infrastructure summer school, we will be holding another summer school this year. After the deluge of applications we had last year, I am planning to advertise earlier this year to give a little more time to go through all the applications! Again keep an eye on the NGS website and our mailing list for more information.
It's back to work and planning for the future here at the NGS with several future events on my to do list.
At the end of last year I finished off the last of our user case studies which highlight how our users have used NGS resources and the advantages it has brought them. The full set of case studies numbers 29 with the latest arrivals listed below -
- Using the NGS to run a computer tournament on social learning strategies - Luke Rendell, University of St Andrews
- Accelerating the Processing of Large Corpora: Using Grid Computing Technologies for Lemmatizing 176 Million Words Arabic Internet Corpus - Majdi Sawalha, University of Leeds
- Computer Simulations of Biological Molecules at the Atomic Level - Sarah Harris, University of Leeds
Also on the horizon is Easter conference season with several events coming up including the EGI Community Forum which will take place in Munich in March. Several NGS staff have submitted abstracts to this event highlighting work we have carried out in various areas including champion networks, authorisation and authentication.
The week before Munich is the Software Sustainability Institute Collaboration Workshop which you may remember from previous years. This year the event will be held in Oxford and the NGS is involved in several ways including holding a session for our SeIUCCR Community Champions. Watch this space for more information!
Apart from attending other organisation's events I have one of our own to organise. Following the success of last years SeIUCCR e-infrastructure summer school, we will be holding another summer school this year. After the deluge of applications we had last year, I am planning to advertise earlier this year to give a little more time to go through all the applications! Again keep an eye on the NGS website and our mailing list for more information.
The Training Marketplace
Claire Devereux from the NGS introduces the EGI Training Marketplace.
The Training Marketplace is a service that allows you to search for or advertise training events and resources throughout the EGI community. These can be events or resources that may be open to absolutely anyone, just those within the EGI community, or they may be specific to a small project or to one country only. The Training Marketplace is the one-stop shop for your training needs as a user and is open and free for both academic and commercial providers to advertise in.
Since May the Training Marketplace has evolved from a simple event and material repository into a interactive site where requirements can be captured, events can be rated, and the tool can be customised and embedded into third-party websites using our gadget generator.
The following types of resources are currently supported:
After attending an event or taking part in online training users can rate the event and leave their feedback, letting others know the value of their experience much in the same way are people do with online shopping nowadays.
The latest release is a step towards improving the user's experience and looking towards longer term sustainability. It includes the new online training category, much improved search functionality, notifications to authors once entries are published and an improved calendar view. We are now working improve the functionality and appearance of the Training Marketplace gadget, which allows projects or NGIs to embed the EGI Training Marketplace into their own website, pick and choose which parts to include and even skin some elements with their project colours. If you are an NGI or project we would be interested in hearing about your requirements for the gadget, so please contact us.
The Training Marketplace is a service that allows you to search for or advertise training events and resources throughout the EGI community. These can be events or resources that may be open to absolutely anyone, just those within the EGI community, or they may be specific to a small project or to one country only. The Training Marketplace is the one-stop shop for your training needs as a user and is open and free for both academic and commercial providers to advertise in.
Since May the Training Marketplace has evolved from a simple event and material repository into a interactive site where requirements can be captured, events can be rated, and the tool can be customised and embedded into third-party websites using our gadget generator.
The following types of resources are currently supported:
- traditional training events, usually classroom based or workshops where people attend in person. They can also include virtual events running at specific times. The difference between training events and online training is that training events have a set start and end time whereas online training is accessible either permanently or over a longer time scale.
- online training, available via the web. This category covers a wealth of resources, from self-study courses that require users to log in and complete exercises at their own pace leading to a qualification, through to online tutorials that users can tap into as they wish.
- training resources, physical resources or services available to the community to assist in training. An example of a training resource is the GILDA Certification Authority. GILDA issues temporary (14 day) personal public key certificates (compliant with the X.509 standard) in order to access the GILDA Testbed for user training.
- the requirements area is a place for users to describe their training needs and for training providers to see if there is interest in running courses. For example, a provider may post details of potential offerings and ask those interested to visit their website for further details, to check for viability before running a course.
- University courses is the place for higher education institutions to advertise their Masters and Doctorate training opportunities.
After attending an event or taking part in online training users can rate the event and leave their feedback, letting others know the value of their experience much in the same way are people do with online shopping nowadays.
The latest release is a step towards improving the user's experience and looking towards longer term sustainability. It includes the new online training category, much improved search functionality, notifications to authors once entries are published and an improved calendar view. We are now working improve the functionality and appearance of the Training Marketplace gadget, which allows projects or NGIs to embed the EGI Training Marketplace into their own website, pick and choose which parts to include and even skin some elements with their project colours. If you are an NGI or project we would be interested in hearing about your requirements for the gadget, so please contact us.
CA stuff
Three almost unrelated things, except that they relate to the CA(s), somewhat technical stuff, so bear with me:
- If you have renewed your certificate recently and found that it didn't work with VOMS, this is due to a misdesigned "feature" of VOMRS that it insists on registering not just the user name but also the issuer name as part of the account. In the Real World(tm), we can keep the issuer (ie CA) name the same all the time but this does not work with grid middleware, so we have to change issuer name whenever we roll over. The "feature" adds no extra security for grid CAs because the user name will always be unique. There is a workaround that tells the server to ignore the feature, which we thought everyone had been using for years - but this, as Steve Traylen points out, will still cause problems if your certificate expires before you can resign the AUP (surely a rare case?!) - but should otherwise work fine. The best option otherwise seems to be to get your VOMS admin (not VO admin!) to duplicate the account entries, one with each issuer name, the old and the new one. CERN (Steve) has done this with theirs, and we are checking the other ones to see if they have failed to enable skipcacheck. I am both amazed and sorry that we have not discovered (and resolved) this sooner... but Steve is a Wizard(tm) and will fix it... Incidentally, it is not just us, other CAs roll over too - however, many have chosen to extend the lifetime of the existing certificate instead of renaming it - this will then not cause problems with the VOMRS accounts, but it causes problems with server/client synchronisation for HTTPS instead - if the server and client (browser) are not updated in sync (and they never are), some browsers will print obscure error messages and fail to connect (as we know from past experience).
- Oh, and another good thing is that the IGTF rules have changed - we can now make the end entity issuing CAs have longer lifetime, so we no longer have to roll over every four years. Hooray!
- On the subject of IGTF 1.43 release which came out recently. We're rebuilding the NGS-specific release except we are going back (or forward?) to individual RPMs instead of a single one for the lot - this means we need a couple of dependency RPMs but we should then be able to not mess with the IGTF stuff much and sites can in principle fine tune what they install. We'll have to think about the dependencies carefully.
- Related to this (so, er, not entirely unrelated), there is this problem with the IGTF root signing policy file. We're trialing the Least Elegant Workaround(tm) this time, having discussed it at some length, by testing a self-signed version of the SLCS toplevel. This makes it independent of the root in the technical sense of building a verification path and checking signing policy files, so would slot in next to an unmodified IGTF release directly - but the downside is that we now have another self signed certificate that we'd need to establish trust in, and the fact that the policy of the SLCS branch (ie the SARoNGS CA, the CEDA CA, etc.) were supposed to be covered by the root CP. Depending on how good this looks (we're testing it from today), this may appear in 1.43.
- Oh yes, and I know I need to get TACAR corrected and updated. This is not trivial (requires writing forms and pgp signatures) so is awaiting a slot where I have some time...
Return of the Champions
I’ve recently taken over the organisation of the NGS Campus Champions programme here at the NGS and last week I chaired the first meetingof the group.
Our Campus Champions come from a number of universitiesacross the UK and are mainly representatives from IT Services. As for their role and activities on behalf ofthe NGS? Well this was one of the mainthings I wanted to discuss at the meeting!
Thankfully all our Campus Champions agreed with my list ofproposed benefits for them (and us) of being a Champion. In brief the NGS will provide training inusing NGS resources, tools and e-infrastructure; provide access to onlinetraining materials; produce publicity material to help them publicise the NGSand their role as Champion; hold Campus Champion events at relevant events;hold bi-monthly phone calls for dissemination of news and information.
In return the Campus Champions will actively promote the NGSwithin their institution offering advice and advising researchers; display NGSCampus Champions publicity material; pass onto the NGS requirements from theirinstitution and researchers; liaise between researchers, the institution andthe NGS; attend the bi-monthly Campus Champions meeting.
Currently we have 14 institutions with Campus Champions butwe are always looking for more! If youare interested in becoming a Champion then please contact me. Your site doesn’t have to be a member of theNGS for it to have a Champion. Thecurrent list of institutions is:
- Canterbury Christchurch
- University of Huddersfield
- University of Hull
- University of Liverpool
- University of Manchester
- Queen Mary - University of London
- University of Oxford
- University of Reading
- STFC - Daresbury Laboratory
- STFC - Rutherford Appleton Laboratory
- University of Sheffield
- University of Surrey
- University of Sussex
- University of York
