Shibboleth-based access to and usage of grid resources

Security underpins grids and e-research. Without a robust, reliable and simple grid security infrastructure combined with commonly accepted security practices, large portions of the research community and wider industry will not engage. The predominant way in which security is currently addressed in the grid community is through public key infrastructures (PKI) based upon X.509 certificates to support authentication. Whilst PKIs address user identity issues, authentication does not provide fine grained control over what users are allowed to do on remote resources (authorization). In this paper we outline how we have successfully combined Shibboleth and advanced authorization technologies to provide simplified (from the user perspective) but fine grained security for access to and usage of grid resources. We demonstrate this approach through different security focused e-science projects being conducted at the National e-Science Centre (NeSC) at the University of Glasgow. We believe that this model is widely applicable and encourage the further uptake of e-science by non-IT specialists in the research communitie

Designing privacy for scalable electronic healthcare linkage

A unified electronic health record (EHR) has potentially immeasurable benefits to society, and the current healthcare industry drive to create a single EHR reflects this. However, adoption is slow due to two major factors: the disparate nature of data and storage facilities of current healthcare systems and the security ramifications of accessing and using that data and concerns about potential misuse of that data. To attempt to address these issues this paper presents the VANGUARD (Virtual ANonymisation Grid for Unified Access of Remote Data) system which supports adaptive security-oriented linkage of disparate clinical data-sets to support a variety of virtual EHRs avoiding the need for a single schematic standard and natural concerns of data owners and other stakeholders on data access and usage. VANGUARD has been designed explicit with security in mind and supports clear delineation of roles for data linkage and usage

A Shibboleth-protected privilege management infrastructure for e-science education

Simplifying access to and usage of large scale compute resources via the grid is of critical importance to encourage the uptake of e-research. Security is one aspect that needs to be made as simple as possible for end users. The ESP-Grid and DyVOSE projects at the National e-Science Centre (NeSC) at the University of Glasgow are investigating security technologies which will make the end-user experience of using the grid easier and more secure. In this paper, we outline how simplified (from the user experience) authentication and authorization of users are achieved through single usernames and passwords at users' home institutions. This infrastructure, which will be applied in the second year of the grid computing module part of the advanced MSc in Computing Science at the University of Glasgow, combines grid portal technology, the Internet2 Shibboleth Federated Access Control infrastructure, and the PERMS role-based access control technology. Through this infrastructure inter-institutional teaching can be supported where secure access to federated resources is made possible between sites. A key aspect of the work we describe here is the ability to support dynamic delegation of authority whereby local/remote administrators are able to dynamically assign meaningful privileges to remote/local users respectively in a trusted manner thus allowing for the dynamic establishment of virtual organizations with fine grained security at their heart

Security oriented e-infrastructures supporting neurological research and clinical trials

The neurological and wider clinical domains stand to gain greatly from the vision of the grid in providing seamless yet secure access to distributed, heterogeneous computational resources and data sets. Whilst a wealth of clinical data exists within local, regional and national healthcare boundaries, access to and usage of these data sets demands that fine grained security is supported and subsequently enforced. This paper explores the security challenges of the e-health domain, focusing in particular on authorization. The context of these explorations is the MRC funded VOTES (Virtual Organisations for Trials and Epidemiological Studies) and the JISC funded GLASS (Glasgow early adoption of Shibboleth project) which are developing Grid infrastructures for clinical trials with case studies in the brain trauma domain

Constitutive Modeling of Wind Energy Potential of Selected Sites in Nigeria: A Pre-Assessment Model

In this chapter, the authors present the result of a study carried out to develop a pre-assessment model that can be used to carry out a preliminary study on the availability of wind energy resources of a site. 21 years’ (1987 – 2007) monthly average wind speeds for 18 locations in Nigeria were used to create the simple constitutive model. The locations span across the six geopolitical zones of the nation with three stations from each zone. Various statistical procedures were employed in the development of the model. The outcome gave an empirical model, which if employed, will lead to determining the mod- est range of wind energy potential of a site. Further, the results from this model were compared with those from the well-established two-parameter Weibull statistical distribution function and found to be reasonably adequate. Thus with this model, decision on site selection for complete assessment can be made without much rigour

User oriented access to secure biomedical resources through the grid

The life science domain is typified by heterogeneous data sets that are evolving at an exponential rate. Numerous post-genomic databases and areas of post-genomic life science research have been established and are being actively explored. Whilst many of these databases are public and freely accessible, it is often the case that researchers have data that is not so freely available and access to this data needs to be strictly controlled when distributed collaborative research is undertaken. Grid technologies provide one mechanism by which access to and integration of federated data sets is possible. Combining such data access and integration technologies with fine grained security infrastructures facilitates the establishment of virtual organisations (VO). However experience has shown that the general research (non-Grid) community are not comfortable with the Grid and its associated security models based upon public key infrastructures (PKIs). The Internet2 Shibboleth technology helps to overcome this through users only having to log in to their home site to gain access to resources across a VO – or in Shibboleth terminology a federation. In this paper we outline how we have applied the combination of Grid technologies, advanced security infrastructures and the Internet2 Shibboleth technology in several biomedical projects to provide a user-oriented model for secure access to and usage of Grid resources. We believe that this model may well become the de facto mechanism for undertaking e-Research on the Grid across numerous domains including the life sciences

User-oriented security supporting inter-disciplinary life science research across the grid

Understanding potential genetic factors in disease or development of personalised e-Health solutions require scientists to access a multitude of data and compute resources across the Internet from functional genomics resources through to epidemiological studies. The Grid paradigm provides a compelling model whereby seamless access to these resources can be achieved. However, the acceptance of Grid technologies in this domain by researchers and resource owners must satisfy particular constraints from this community - two of the most critical of these constraints being advanced security and usability. In this paper we show how the Internet2 Shibboleth technology combined with advanced authorisation infrastructures can help address these constraints. We demonstrate the viability of this approach through a selection of case studies across the complete life science spectrum

Assessment of Wind Power Potential and Wind Electricity Generation Using WECS of Two Sites in South West, Nigeria

The study was used to analyze the wind characteristics of Shaki (08.40’ N; 03.23’ E; Altitude 457.0 m; Air density 1.1723 kg/m3) and Iseyin (07.58’ N; 03.36’ E; Altitude 330.0 m; Air density 1.1869 kg/m3), two local sites in Oyo State, Nigeria. 21 years monthly mean wind speeds at 10 m height obtained from the Nigeria meteorological department were employed together with the Weibull 2-parameter distribution and other statistics to carry out monthly, seasonal and whole years’ analyses of the sites’ wind profiles for electricity generation. It was found that the whole data spread ranged between 0.9 and 9.1 m/s for the two sites while the 21 years’ average ranged between 3.2 and 5.1 m/s and 2.9 and 4.7 m/s for Shaki and Iseyin sites respectively. Three wind energy conversion systems were employed with the results and it was discovered that, the sites have capacity to generate MWh to GWh of electricity at an average cost/kWh of between € (0.025 and 0.049) and that a turbine with technical parameters of cut-in, cut-out and rated wind speeds of 3.0, 25 and 11.6 m/s is appropriate for the sites

Single sign-on and authorization for dynamic virtual organizations

The vision of the Grid is to support the dynamic establishment and subsequent management of virtual organizations (VO). To achieve this presents many challenges for the Grid community with perhaps the greatest one being security. Whilst Public Key Infrastructures (PKI) provide a form of single sign-on through recognition of trusted certification authorities, they have numerous limitations. The Internet2 Shibboleth architecture and protocols provide an enabling technology overcoming some of the issues with PKIs however Shibboleth too suffers from various limitations that make its application for dynamic VO establishment and management difficult. In this paper we explore the limitations of PKIs and Shibboleth and present an infrastructure that incorporates single sign-on with advanced authorization of federated security infrastructures and yet is seamless and targeted to the needs of end users. We explore this infrastructure through an educational case study at the National e-Science Centre (NeSC) at the University of Glasgow and Edinburgh

Assessment of wind energy potential of two sites in North-East, Nigeria

The study is used to assess the wind energy potential of Maiduguri and Potiskum, two sites in North-East, Nigeria. 21 years (1987e2007) monthly mean wind data at 10 m height were assessed from the Nigeria Meteorological department and subjected to 2-parameter Weibull and other statistical analyzes. The result showed that average monthly mean wind speed variation for Potiskum ranged from 3.90 to 5.85 m/s, while for Maiduguri, it ranged from 4.35 to 6.33 m/s. Seasonally, data variation between the dry and wet seasons revealed that, the mean wind speed variation for Potiskum ranged from 4.46 (for dry) to 5.16 m/s (for wet), while for Maiduguri it ranged from 5.10 (dry) to 5.59 m/s (wet). The wind power density variation based on the Weibull analysis ranged from 102.54 to 300.15 W/m2 for Potiskum and it ranged from 114.77 to 360.04 W/m2 for Maiduguri respectively. Moreover, Maiduguri was found to be the better of the sites in terms of monthly and seasonal variation of mean wind speed, but they both can be suitable for stand alone and medium scale wind power generation