This page contains details of the Shibbolized Resources to be found at NeSC, the National e-Science Centre Hub at the University of Glasgow (UK). The ESP-GRID project (based at the University of Oxford) partnered with the team at NeSC at Glasgow to Shibboleth-enable (or "Shibbolize") their grid portal applications.
The applications use the Gridsphere portal and, previously, were accessed simply using a username/password combination that was known to the portal. The team made access to the portal and the portlets to be via Shibboleth, as a demonstrator.
The demonstrator shows how non-computer-specialist researchers are likely to access the power of grid computing in the future.
The portal had two main uses to researchers:
Access to grid-enabled BLAST software across multiple large scale high performance computing resources (including the National Grid Service) and seamless grid-enabled user oriented access to a multitude of genomic data sources including ensembl (rat, mouse, human), MGI, HUGO, OMIM, RGD queries via the BRIDGES portlet. This application is of use to local (and remote) bioinformaticians who wish to run BLAST jobs against genomic and proteomic databases. This application, presented in a portal such as this has every chance of becoming a production-level application of value to the wider bioinformatics and genetics communities. The software is currently being hardened to support very large BLAST jobs by many users as part of the Scottish Bioinformatics Research Network.
Access to the DyVOSE project's text-mining demonstrator. This second application was developed as a demonstrator for the DyVOSE project and is unlikely to become production-level.
The portal also provides access to the VOTES portlet which provides simplified access to a variety of clinical data sets - currently training data sets used by the NHS including Scottish Care Information (SCI) Store, GPASS, Scottish Morbidity Records and a consent database. The VOTES project (Virtual Organisations for Trials and Epidemiological Studies) is an MRC (Medical Research Council) funded project exploring how grid technologies can be used to support clinical trials and epidemiological studies. Ensuring that the right people see the right data sets for the right purpose is crucial in this domain. The attributes used below indicate how Shibboleth (in combination with an authorisation infrastructure such as PERMIS) can be used to deliver and subsequently ensure that users attributes can be used to enforce authorisation decisions by service providers.
The information below gives an outline of how the demonstrators operate.
Test-drive the demonstration
Connect to the Gridsphere portal
You can connect to the portal containing the BRIDGES and DyVOSE portlets at:
This will direct you to the SDSS Shibboleth Where Are You From (WAYF) service:
The 'home organisation' to choose is the "DyVOSE Project" (although it is hoped that it will soon be possible to use the general University of Glasgow single sign-on).
- To explore this, the following usernames/passwords have been established:
- guest1/guest1 roles: nurse, studentteam1
- guest2/guest2 roles: consultant, studentteam2
- guest3/guest3 roles: investigator, studentteam1, studentteam2
Here guest1 has the role of a nurse in the VOTES project (and will be restricted to seeing data sets associated with that role) and is a member of studentteam1 (for the DyVOSEproject). Guest2 is a consultant role in VOTES and can see the data sets associated with this role and is also in studentteam2 in the DyVOSE project. Finally guest3 is a member of both studentteam1 and studentteam2, and is an investigator in VOTES. All of these users are able to run the BRIDGES BLAST service.
Once past that point, you should see the NeSC Gridsphere portal:
(This shows an example of Richard Sinnott being logged in)
The interface shown enables you to run a BLAST job. Some users are able to run BLAST jobs using the compute resources of the NGS (nationally). However, others (including our test users) are just restricted to the Condor pool at the University of Glasgow.
If you wish to experiment running BLAST jobs, the interface may be simply intuitive. However, we have some documentation from Dr David Leader at Glasgow that covers (amongst other things) how to approach BLAST jobs. Please see BugView: A Tool for Genome Visualization and Comparison (Word document 100k to download, pre-publication).
Look at the Shibboleth attributes presented
If you scroll to the bottom of the main screen, you will see the Shibboleth attributes that were passed to the portal and portlet, so that the authorisation decisions can be made.
(Again, these are attributes belonging to Richard Sinnott)
Have a look at this whilst logged on as the different users.
Look at the DyVOSE portlet
At the top of the portal window, you can click on "Grid Search Sort Portlet". This is the application demonstrator for the DyVOSE project. This application uses PERMIS for the authorisation decisions. You can see in the permisROLE attribute, to which student team you have been assigned. For example, Richard (see above) was assigned to both student teams and is given the status of 'Investigator' (i.e. "studentteam1;studentteam2;investigator").
Try logging in as the following to see the different groups to which you will belong at any one time:
user |
password |
roles |
guest1 |
guest1 |
nurse, studentteam1 |
guest2 |
guest2 |
consultant, studentteam2 |
guest3 |
guest3 |
investigator, studentteam1, studentteam2 |
Explore VOTES
The VOTES project was 'Shibbolized' in a similar way. This can be accessed from the following link:
Documentation for how to test out the VOTES demonstrator is to be found at the following link:
As Prof. Richard Sinnott, leader of the development team, writes:
"The Shibboleth enabling of the VOTES portal shows how non-computer specialist researchers are likely to access the power of grid computing in an easy and secure way in the future. Through this infrastructure and use of Shibboleth, access to fine grained (authorised) grid services is made as easy as using a normal web site and is completely transparent to end users."
Conclusions: What these demonstrators prove
The broad overall aim of the ESP-GRID project was to "investigate whether and how Shibboleth offers solutions to issues of grid authentication, authorization and security". It seems that these demonstrators prove that - for users who may be daunted with the highly technical computing environments and digital certificate use - Shibboleth and the use of portals or on-line applications can be very successful. Most highly technical scientists and other researchers are not highly technical in the area of grid computing. Therefore, presenting research tools in a familiar (i.e. web-based) manner via their familiar single sign-on security is very reassuring and within the reach of such researchers.
Currently, developing such applications is not as easy as it could be. Please see our DeveloperEvaluation pages for more information. Issues such as the difficulties in 'Shibbolizing' portal containers etc. are currently a barrier, but with so much work being directed upon these areas, it seems very likely that these issues should be overcome in the near future. We hope that you may be able to form your own opinion through the demonstrator use of the above resources, but you could examine the findings within our UserPerspective page (feedback from Dr David Leader). Dr Leader is not exactly a typical user of the BRIDGES/BLAST portal and tools as he has been part of the development process and is relatively highly computing-technical in comparison with many of his scientific colleagues. However, he provides good insight into the (un)likelihood of his colleagues to take up tools which are not web based and are too difficult or intimidating for them to use. We believe that the ESP-GRID/NeSC demonstrators are highly accessible in this sense.