Re: [Taverna-users] Credential Manager

[Alex Nenadic]

Re: Credential Manager.eml
Subject:
Re: Credential Manager
From:
Alexandra Nenadic <anena...@cs.man.ac.uk>
Date:
Mon, 02 May 2011 20:40:53 +0100

To:
Sonja Holl <s.h...@fz-juelich.de>, "tave >> 
\"taverna-users@lists.sourceforge.net\"" 
<taverna-users@lists.sourceforge.net>



On 02/05/2011 14:54, Sonja Holl wrote:
Hey Alex,

thank you for your answer!

In the findServiceDescriptionsAsync() method I export the users X.509
certificate, which is only usable after the password submission of the 
user, I
think!?
You can add/import your client certificate to Credential Manager and it 
will be picked up automatically during ssl handshake, provided you are 
using standard HTTP connections from Java. If you use some other HTTP 
library to open connections - you may have to play a bit with adding 
your certificate.
So I don't know if the support for client HTTPS authentication might 
help in
this case?
Will the password be requested during the new lazy start-up in Taverna 
2.3?
Yes, but only if HTTPS connection is required during start-up phase, for 
example to add services to Service Panel.
Is there already some Taverna 2.3 svn repository publicly available?
Yes, you can download the nightly snapshot from:
http://www.mygrid.org.uk/hudson/job/net.sf.taverna.t2.taverna-workbench.nightly/553/net.sf.taverna.t2.taverna-workbench$workbench-distro/ 


and browse source code from:
http://code.google.com/p/taverna/source/browse/taverna

Regards,
Alex
Kind regards,
Sonja

Alexandra Nenadic wrote:
Hi Sonja,

Does you service require service only or also client certificate in
findServiceDescriptionsAsync() method? Because Credential Manager should
be able to pick up the service's certificate very early on.

If this is not enough for you, you could initialize Credential Manager
yourself using your master password in your
findServiceDescriptionsAsync() method.

In Taverna 2.3 (which will be out soon), Credential Manager will be
initialized (lazily) during startup for exactly the same reason you may
need it. And it will have support for client HTTPS authentication, in
addition to identifying the service.

Regards,
Alex

On 02/05/2011 10:10, Sonja Holl wrote:
Dear Alexandra,

recently I try to get some bugs fixed in the UNICORE Plugin for 
Taverna.
Still a problem for me is the initialization of the Credential 
Manager (CM),
because the TavernaUI should initialize the CM to get the 
masterpassword, as I
read in the documentation. Unfortunately, my plugin requires the 
certificate
during startup (in method: findServiceDescriptionsAsync()).

Can you suggest any possibility to initialize the credential manager 
earlier?
(Maybe during startup of Taverna)

Thank you very much,
   with kind regards.

Sonja Holl

Alexandra Nenadic wrote:
Hi Sonja,

Thank you very much - there is plenty information to put on the Web 
site!

Regards,
Alex

On 18/04/2011 17:06, Alan R Williams wrote:
-------- Original Message --------
Subject: Re: Unicore Taverna stuff
Date: Thu, 7 Apr 2011 14:21:44 +0200
From: Sonja Holl<s.h...@fz-juelich.de>
To: Paul Fisher<paul.fis...@manchester.ac.uk>
CC: Alan Williams<ala...@cs.man.ac.uk>

Hello Paul, hello Alan!

Unfortunately, at the moment there is neither any web site nor any
other source
talking about this work (except the submitted paper). So I will
shortly explain
it to you.

The developed Plugin provides the possibility to submit jobs
(activities) from
Taverna Workbench to any UNICORE resource. This is realized, by 
using the
standard way of plugins in Taverna - a maven project representing the
activity
and activity-ui. Additionally, I developed another project, 
containing
all
UNICORE relevant libs and methods. These are always used by the
Taverna related
activities (e.g. ServiceProvider or Activity) to interact with the
UNICORE
middleware.
Additionally, I used the CredentialManager to get access to the 
user's
certificate. Once the user loaded his X.509 certificate and other 
CA's
the
plugin can access and use them for job submission. This is required,
since
UNICORE's security concept is based upon X.509.
To get access to UNICORE resources, the user registers a new UNICORE
registry in
the "Import new services" tab. This UNICORE registry is then queried
and the
UNICORE serives orchestrator returns a list of available 
applications.
The
applications are selected from various UNICORE resources, as each
installation
holds a file that describes among others the available applications
including
metadata on the specific resource.
The list of applications is then used in Taverna to display available
UNICORE
services (applications). These can be used to create an activity in
the workflow
editor panel. The received metadata are used to create input and
output ports of
the specific application. Users can than apply inputs/outputs and 
other
applications as used to. During the run, a job description is 
created and
submitted to the UNICORE service orchestrator(SO). Files are being
uploaded and
stored under a logical filename. The SO then manages the execution 
and
file
transmission. The status of the submitted job is polled in the
background from
Taverna. After the job finished, some files are downloaded, and for
further
modification, only the logical file name is retrieved

I also attached some screenshots. I hope the description was not too
detailed
but enough to get an overview and publish an info on your website. If
you have
any further questions, feel free to contact me! For detailed
information about
UNICORE please visit: www.unicore.eu
There are still some open points in my development, can I contact you
in case of
problems or questions?



As I already mentioned, a UNICORE Client based on Eclipse was
developed, too
(URC - UNICORE Rich Client). Especially in security, grid (access 
and job
submisson) and workflow creation within Eclipse we gained a lot of
experience
during the last four years of development. Detailed information 
are also
available on www.unicore.eu. So I really look forward to see the 
first
prototype
or some source code. Additionally, developed Eclipse extensions are
mostly
independent and reusable.


Kind regards,

   Sonja



Paul Fisher wrote:
Hello,

I hope you are well. I mentioned your work to the Taverna team, 
and they
are keen to know more about it and see some screen shots. Do you 
have a
web address that talks about your work, or could you write a 
short email
to describe it?

Alan (cc'd) is our main website man, so he can add some news up 
on the
Taverna website too !!

kind regards,
Paul.

--
Sonja Holl
Distributed Systems and Grid Computing Division
Jülich Supercomputing Centre (JSC)
Forschungszentrum Juelich
Wilhelm-Johnen-Str. 1
D - 52425 Juelich
Germany

Email: s.h...@fz-juelich.de
Phone: +49 2461 61 - 2760
Fax: +49 2461 61 - 6656
Skype: so.holl

------------------------------------------------------------------------------------------------ 


------------------------------------------------------------------------------------------------ 


Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDirig Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------ 


------------------------------------------------------------------------------------------------ 



Besuchen Sie uns auf unserem neuen Webauftritt unter 
www.fz-juelich.de


--- Begin Message ---

On 02/05/2011 14:54, Sonja Holl wrote:
Hey Alex,

thank you for your answer!

In the findServiceDescriptionsAsync() method I export the users X.509
certificate, which is only usable after the password submission of the user, I
think!?
You can add/import your client certificate to Credential Manager and it 
will be picked up automatically during ssl handshake, provided you are 
using standard HTTP connections from Java. If you use some other HTTP 
library to open connections - you may have to play a bit with adding 
your certificate.
So I don't know if the support for client HTTPS authentication might help in
this case?
Will the password be requested during the new lazy start-up in Taverna 2.3?
Yes, but only if HTTPS connection is required during start-up phase, for 
example to add services to Service Panel.
Is there already some Taverna 2.3 svn repository publicly available?
Yes, you can download the nightly snapshot from:
http://www.mygrid.org.uk/hudson/job/net.sf.taverna.t2.taverna-workbench.nightly/553/net.sf.taverna.t2.taverna-workbench$workbench-distro/

and browse source code from:
http://code.google.com/p/taverna/source/browse/taverna

Regards,
Alex
Kind regards,
Sonja

Alexandra Nenadic wrote:
Hi Sonja,

Does you service require service only or also client certificate in
findServiceDescriptionsAsync() method? Because Credential Manager should
be able to pick up the service's certificate very early on.

If this is not enough for you, you could initialize Credential Manager
yourself using your master password in your
findServiceDescriptionsAsync() method.

In Taverna 2.3 (which will be out soon), Credential Manager will be
initialized (lazily) during startup for exactly the same reason you may
need it. And it will have support for client HTTPS authentication, in
addition to identifying the service.

Regards,
Alex

On 02/05/2011 10:10, Sonja Holl wrote:
Dear Alexandra,

recently I try to get some bugs fixed in the UNICORE Plugin for Taverna.
Still a problem for me is the initialization of the Credential Manager (CM),
because the TavernaUI should initialize the CM to get the masterpassword, as I
read in the documentation. Unfortunately, my plugin requires the certificate
during startup (in method: findServiceDescriptionsAsync()).

Can you suggest any possibility to initialize the credential manager earlier?
(Maybe during startup of Taverna)

Thank you very much,
   with kind regards.

Sonja Holl

Alexandra Nenadic wrote:
Hi Sonja,

Thank you very much - there is plenty information to put on the Web site!

Regards,
Alex

On 18/04/2011 17:06, Alan R Williams wrote:
-------- Original Message --------
Subject: Re: Unicore Taverna stuff
Date: Thu, 7 Apr 2011 14:21:44 +0200
From: Sonja Holl<s.h...@fz-juelich.de>
To: Paul Fisher<paul.fis...@manchester.ac.uk>
CC: Alan Williams<ala...@cs.man.ac.uk>

Hello Paul, hello Alan!

Unfortunately, at the moment there is neither any web site nor any
other source
talking about this work (except the submitted paper). So I will
shortly explain
it to you.

The developed Plugin provides the possibility to submit jobs
(activities) from
Taverna Workbench to any UNICORE resource. This is realized, by using the
standard way of plugins in Taverna - a maven project representing the
activity
and activity-ui. Additionally, I developed another project, containing
all
UNICORE relevant libs and methods. These are always used by the
Taverna related
activities (e.g. ServiceProvider or Activity) to interact with the
UNICORE
middleware.
Additionally, I used the CredentialManager to get access to the user's
certificate. Once the user loaded his X.509 certificate and other CA's
the
plugin can access and use them for job submission. This is required,
since
UNICORE's security concept is based upon X.509.
To get access to UNICORE resources, the user registers a new UNICORE
registry in
the "Import new services" tab. This UNICORE registry is then queried
and the
UNICORE serives orchestrator returns a list of available applications.
The
applications are selected from various UNICORE resources, as each
installation
holds a file that describes among others the available applications
including
metadata on the specific resource.
The list of applications is then used in Taverna to display available
UNICORE
services (applications). These can be used to create an activity in
the workflow
editor panel. The received metadata are used to create input and
output ports of
the specific application. Users can than apply inputs/outputs and other
applications as used to. During the run, a job description is created and
submitted to the UNICORE service orchestrator(SO). Files are being
uploaded and
stored under a logical filename. The SO then manages the execution and
file
transmission. The status of the submitted job is polled in the
background from
Taverna. After the job finished, some files are downloaded, and for
further
modification, only the logical file name is retrieved

I also attached some screenshots. I hope the description was not too
detailed
but enough to get an overview and publish an info on your website. If
you have
any further questions, feel free to contact me! For detailed
information about
UNICORE please visit: www.unicore.eu
There are still some open points in my development, can I contact you
in case of
problems or questions?



As I already mentioned, a UNICORE Client based on Eclipse was
developed, too
(URC - UNICORE Rich Client). Especially in security, grid (access and job
submisson) and workflow creation within Eclipse we gained a lot of
experience
during the last four years of development. Detailed information are also
available on www.unicore.eu. So I really look forward to see the first
prototype
or some source code. Additionally, developed Eclipse extensions are
mostly
independent and reusable.


Kind regards,

   Sonja



Paul Fisher wrote:
Hello,

I hope you are well. I mentioned your work to the Taverna team, and they
are keen to know more about it and see some screen shots. Do you have a
web address that talks about your work, or could you write a short email
to describe it?

Alan (cc'd) is our main website man, so he can add some news up on the
Taverna website too !!

kind regards,
Paul.

--
Sonja Holl
Distributed Systems and Grid Computing Division
Jülich Supercomputing Centre (JSC)
Forschungszentrum Juelich
Wilhelm-Johnen-Str. 1
D - 52425 Juelich
Germany

Email: s.h...@fz-juelich.de
Phone: +49 2461 61 - 2760
Fax: +49 2461 61 - 6656
Skype: so.holl

------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------

Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDirig Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------


Besuchen Sie uns auf unserem neuen Webauftritt unter www.fz-juelich.de



--- End Message ---
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd_______________________________________________
taverna-users mailing list
taverna-users@lists.sourceforge.net
taverna-users@lists.sourceforge.net
Web site: http://www.taverna.org.uk
Mailing lists: http://www.taverna.org.uk/about/contact-us/