高性能计算环境多源用户认证方法研究与实现

doi:10.3778/j.issn.1673-9418.2202037

摘要/Abstract

摘要： 高性能计算（HPC）环境屏蔽了作业管理系统、接入方式、管理制度等方面的异构性，为科研人员提供了具有统一访问入口、统一使用方法和用户技术支持的高水平高性能计算应用服务。随着环境的发展，接入的超算中心以及应用社区和业务平台越来越多，希望超算中心以及社区和业务平台用户能够以原有账号登录高性能计算环境使用资源。现有的高性能计算环境仅支持通过LDAP认证的网格账号登录，应用社区和业务平台都有自己的用户且认证方式各不相同。为使环境提供一个统一的认证中心，研究了多源用户认证技术并开发实现了多源用户认证与授权系统。目前，高性能计算环境的认证中心已支持部分超算中心集群账号。“高性能计算”专项中的各大社区和业务平台通过多源用户认证技术也实现了与国家高性能计算环境的对接，且对接后社区和平台用户与环境网格用户可互登录并使用相关资源。

关键词: 高性能计算（HPC）, 多源用户认证, 安全, 超算中心

Abstract: High-performance computing (HPC) environment provides researchers with high level high-performance computing application services with unified access entrance, unified use method and user technical support through shielding the heterogeneity of job management system, access mode, management system and so on. With the development of the environment, more and more supercomputing centers, application communities, and service platforms are connected. Accounts of the supercomputing centers, communities, and service platforms are required to log in to the HPC environment using their original ways. The existing high-performance computing environment supports only grid accounts authenticated by LDAP (lightweight directory access protocol). Application communities and service platforms have their own users and different authentication modes. In order to provide a unified authentication center for the environment, this paper studies the multi-source account authentication technology and develops the multi-source user authentication system. At present, the HPC environment has supported multiple super computing centers. The major communities and platforms in the “high-performance computing” special project also have realized the connection with the national HPC environment through the multi-source account authentication technology. After the connection, accounts of the communities and platforms can log in with the environment grid accounts, at the same time use relevant resources.

Key words: high-performance computing (HPC), multi-source account authentication, security, supercomputing center

和荣, 肖海力, 王小宁, 迟学斌. 高性能计算环境多源用户认证方法研究与实现[J]. 计算机科学与探索, 2023, 17(7): 1700-1707.

HE Rong, XIAO Haili, WANG Xiaoning, CHI Xuebin. Research and Implementation of Multi-source Account Authentication for High-Performance Computing Environment[J]. Journal of Frontiers of Computer Science and Technology, 2023, 17(7): 1700-1707.

参考文献

[1] XIAO H, WU H, CHI X. SCE: grid environment for scien-tific computing[C]//Proceedings of the 2nd International Confe-rence on Networks for Grid Applications, Beijing, Oct 8-10, 2008. Berlin, Heidelberg: Springer, 2008: 35-42.
[2] 和荣, 王小宁, 肖海力. 高性能计算资源聚合服务在中国科技云门户的快速集成研究与实现[J]. 科研信息化技术与应用, 2019, 10(3): 71-78.
HE R, WANG X N, XIAO H L. Research and implementation of high performance computing resource aggregation service in CSTCloud portal[J]. E-Science Technology & Application, 2019, 10(3): 71-78.
[3] HARDT D. The OAuth 2.0 authorization framework[EB/OL]. [2022-01-18]. https://tools.ietf.org/html/rfc6749.
[4] SAKIMURA N, BRADLEY J M, JONES, et al. OpenID connect core 1.0 incorporating errata set 1[EB/OL]. [2022-01-18]. http://openid.net/specs/openid-connect-core-1_0.html.
[5] CAS[EB/OL]. [2022-01-18]. https://apereo.github.io/cas/6.3.x/index.html.
[6] SAML[EB/OL]. [2022-01-18]. https://developers.onelogin.com/saml.
[7] JONES M, BRADLEY J， SAKIMURA N. RFC7519-JSON Web token (JWT)[EB/OL]. [2022-01-18]. https://tools.ietf.org/html/rfc7519.
[8] JIE W, ARSHAD J, SINNOTT R, et al. A review of grid authentication and authorization technologies and support for federated access control[J]. ACM Computing Surveys, 2011, 43(2): 1-26.
[9] Shibboleth[EB/OL]. [2022-01-18]. https://www.shibboleth.net.
[10] LIU Q, ZHANG H, WAN J, et al. An access control model for resource sharing based on the role-based access control intended for multi-domain manufacturing Internet of things[J]. IEEE Access, 2017, 5: 7001-7011.
[11] WANG Z, HUANG D, ZHU Y, et al. Efficient attribute-based comparable data access control[J]. IEEE Transactions on Com-puters, 2015, 64(12): 3430-3443.
[12] DODANDUWA K, KALUTHANTHRI I. Trust-based identity sharing for token grants[C]//Proceedings of the 3rd Interna-tional Conference on Cryptography, Security and Privacy, Kuala Lumpur, Jan 19-21, 2019. New York: ACM, 2019: 168-173.
[13] BASNEY J, FLANAGAN H, FLEURY T, et al. CILogon: enabling federated identity and access management for scie-ntific collaborations[C]//Proceedings of the International Sym-posium on Grids & Clouds 2019, Mar 31-Apr 5, Taipei, China, 2019: 1-13.
[14] COmanage[EB/OL]. [2022-01-18]. https://incommon.org/soft-ware/comanage.
[15] ORY Hydra[EB/OL]. [2022-01-18]. https://github.com/ory/hydra.
[16] 和荣, 王小宁, 卢莎莎, 等. 高性能计算环境通用计算平台[J]. 计算机系统应用, 2019, 28(12): 55-62.
HE R, WANG X N, LU S S, et al. Platform for high perfor-mance computing environment[J]. Computer Systems & App-lications, 2019, 28(12): 55-62.