NDG Security
Summary
NDG Security is a key component of the NERC DataGrid: an infrastructure for locating data, exploring what is known about datasets, and accessing, manipulating and visualising environmental datasets.
A larger image
is also available.
- Users need only one ID at their home institution
- Data providers register users to allow access to particular datasets
- When an access request is made at a site for a particular dataset, the site checks with the data provider to ensure that the user is registered for access
- This security model is used by the US Earth System Grid and the NERC DataGrid
Download
Unlike our other software, NDG Security was commissioned to fulfil a specific task for the NERC DataGrid where it is currently deployed. If you are interested in re-deploying NDG Security for another purpose, please get in touch.
Status
OMII-UK funded the development of NDG Security into a packaged and fully documented product that can be easily deployed, not only at NDG project partners, but within the wider NERC community and beyond. NDG Security supports emerging technologies, such as OpenID, and greater interoperability with accepted security standards and specifications, such as SAML and WS-Security. The tools and the experience developed from this project will be contributed back to the Grid and Python software-development communities.
NDG Security was prototyped during the course of the NDG1 research project and developed for the NDG2 project at four partners sites: the British Atmospheric Data Centre, the British Oceanographic Data Centre, The National Oceanography Centre, Southamption and Plymouth Marine Laboratory.
A sister project DEWS (Delivering Environmental Web Services) for the BERR (formerly the DTI) has seen NDG Security deployed to secure OGC (Open Geospatial Consortium) web services for search-and-rescue and health-data applications in partnership with other research groups and industry.
NDG Security is being extended to support activities for the IPCC (Intergovernmental Panel on Climate Change) Fifth Assessment Report. Climate research data will be made available in a secured manner in a distributed archive in collaboration with the US Earth System Grid participants and European partners.
Further information
- Homepage
- If you have any questions about NDG Security, please contact support@omii.ac.uk.
Developers
NDG Security is developed by members of the NERC Datagrid team based at the British Atmospheric Data Centre.
What does it do?
NDGS enables secure access to datasets across multiple data provider sites in a data grid. Trust agreements between sites, mean that scientists and researchers can gain access to secured datasets that would not otherwise be available. Single Sign On technology enables users, though registered with only one 'home' site, to be recognised at other trusted sites without the need to re-register or re-enter login details.
Data providers can make their data readily available. Where data is not made available for public access, data providers can use NDGS limit access to specific users. Limiting and controlling access enables resource providers to effectively manage the use of their resources, and makes it easy to provide data-access feedback to funding bodies.
- NDG Security provides middleware to enable data providers to publish their data in a secure manner and interoperate with other data providers and Identity Providers.
- It enables Identity Providers (organisations that manage users) to open access for their users to secured datasets across multiple sites by providing an interface to their existing site user records and access privileges.
- It provides client tools for scientists and researchers to readily access secure data.
Integrating into existing site infrastructure
A larger image is also available.
In the diagram above, a data centre has secured its data using NDG Security:
- NDG Security consists of a set of modular components which can be configured together to provide the required services to secure access to the data.
- The components are layered over the top of the data centre's existing infrastructure in a way that minimises the need for change to its underlying services
- Requests from outside for data or other resources are mediated through the Gatekeeper. The Gatekeeper makes use of the other security services to broker access on behalf of a user requesting the data.
How does it work?
NDG Security has been developed with a web-service based architecture, and makes use of Grid security technology. The main components are:
- a Single Sign On Service enabling users to sign in with their credentials across multiple trusted sites.
- an Attribute Authority to manage the allocation of authorisation roles to users
- a Session Manager Service to manage user credentials and broker access to data at remote sites on behalf of users.
- Policy Decision Point and Policy Enforcement Point components to secure access to resources.
It supports both browser-based and application-client-based access.
NDG Security is written in the Python programming language. As a by product of the development work, new Python packages have been developed to support particular technologies:
- Web Services Security support to enable interoperation with Java based clients
- a Python client to the MyProxy credential management service.
Add new attachment
List of attachments
| Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
|---|---|---|---|---|---|---|
png |
NDGSComponents.png | 76.0 kB | 1 | 13-Mar-2009 15:01 | SimonHettrick | |
png |
NDGSComponents1.png | 121.2 kB | 1 | 13-Mar-2009 15:03 | SimonHettrick | |
png |
NDGSOverview.png | 175.4 kB | 3 | 17-Mar-2009 10:48 | SimonHettrick | |
PNG |
NDGSOverview1.PNG | 507.1 kB | 2 | 17-Mar-2009 10:48 | SimonHettrick |
![[RSS]](/images/xml.png)
© The University of Southampton on behalf of OMII-UK. All Rights Reserved. |
