NCSA Home
Contact Us Intranet

NCSA NEWS

News Home
Calendar
Images
Video on Demand
Subscribe to Our Newsletter
Frequently Asked Questions

MyProxy Provides Authentication Capabilities for Grid Projects

By Trish Barker, NCSA

Story posted July 26, 2005


The National Center for Supercomputing Applications (NCSA), a partner in the National Science Foundation GRIDS Center, has been collaborating with other GRIDS Center partners and the Long Term Ecological Research Network (LTER) to design and implement a Grid Pilot Study called the LTER Grid. LTER consists of 26 research sites distributed throughout North America, Antarctica, Puerto Rico, and French Polynesia. Each site is engaged in broad-based ecological studies. The LTER Grid Pilot Study is designed to demonstrate how grid computing technology can be applied to ecological research.

A significant challenge in the development of such community grids is how to take advantage of the community's existing authentication facilities. Stimulated by the LTER Grid Pilot Study, NCSA's GRIDS Center staff, with assistance from the LTER Network, has made enhancements to the MyProxy grid security software developed at NCSA to integrate it with the Pluggable Authentication Modules (PAM) interface to enable integration with existing authentication mechanisms.

The addition of PAM support enables easy integration of MyProxy with existing authentication methods, such as the LDAP method used by LTER, without requiring modifications to existing installed MyProxy client software.

MyProxy is key component in the shared cyberinfrastructure for grid computing, and a number of other projects will benefit from these enhancements. For example, the National Science Foundation's TeraGrid project incorporates MyProxy as part of the Common TeraGrid Software Stack (CTSS) to provide a uniform interface to credential management services across the TeraGrid's multiple nationwide sites, and MyProxy recently was adopted by both the TeraGrid Ticketing System and the TeraGrid User Portal to provide a common authentication mechanism.

The TeraGrid User Portal, which is currently under development, will provide a convenient Web interface for access to TeraGrid resources. New TeraGrid users will be assigned a TeraGrid-wide ID and password to log in to the portal. The portal will use MyProxy to verify the user's login and to store grid credentials on the user's behalf. Users can then use these grid credentials at the portal to authenticate to other TeraGrid resources, to submit jobs, access data, etc., without requiring separate logins for different TeraGrid sites.

"Providing grid authentication for the TeraGrid User Portal in a scalable way has proved to be a challenge," says Eric Roberts, a member of the TeraGrid Portals Working Group and manager of the GridPort project at the Texas Advanced Computing Center, a TeraGrid resource provider. "The union of authentication using a Kerberos KDC and proxy creation through MyProxy using version 2.0's native PAM support provides the scalability needed for large grids like the TeraGrid. The benefits of this integration even extend to command line grid authentication on TeraGrid resources."

The FusionGrid project also is in the process of deploying MyProxy for grid authentication based on one-time passwords (OTP) and will use MyProxy's new PAM support for interoperability with Department of Energy (DOE) OTP deployments. The Energy Sciences Network (ESnet) is developing a RADIUS authentication fabric to support interoperability between OTP systems across DOE sites and is looking at MyProxy to provide a bridge to grid authentication.

MyProxy was developed at NCSA and these new applications of the software build on over four years of experience with MyProxy in the grid community. MyProxy has been used in many leading grid computing projects, including NEESgrid, EU DataGrid, and the NASA Information Power Grid. MyProxy is included in the NMI GRIDS Center software distribution and the Globus Toolkit 4.0 release. For more information on MyProxy, see http://myproxy.ncsa.uiuc.edu/.


About GRIDS Center
The Grid Research Integration Development and Support (GRIDS) Center has been created through the National Science Foundation Middleware Initiative (NMI) to define, develop, deploy, and support an integrated national middleware infrastructure in support of 21st Century science and engineering applications. GRIDS is a partnership of the University of Southern California's Information Sciences Institute (ISI), the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign, the University of Chicago (U of C), the San Diego Supercomputer Center (SDSC) at the University of California-San Diego, and the University of Wisconsin-Madison. For more information, see http://grids-center.org/.

About NCSA
NCSA&153; (National Center for Supercomputing Applications) is a national high-performance computing center that develops and deploys cutting-edge computing, networking and information technologies. Located at the University of Illinois at Urbana-Champaign, NCSA is funded by the National Science Foundation. Additional support comes from the state of Illinois, the University of Illinois, private sector partners and other federal agencies. For more information, see http://www.ncsa.uiuc.edu/.