The human brain flagship

Use UNICORE for a unified access to the HPC Platform

One particularly important and challenging application scenario is the European flagship Human Brain Project (HBP)1 . A very wide range of topics is targeted, ultimately aiming at a deeper understanding of the human brain, and attempting to leverage this deeper understanding for new technological advancements.

One particular area of work is the provisioning of a high-performance computing and data analysis platform. This comprises four major supercomputing sites in Juelich, Barcelona, Bologna and Lugano as well as cloud storage and other resources. An HTML5/JavaScript based web platform is being developed which will need to access these resources. Developers want to write custom applications for directly accessing services of the HPC Platform, such as job management or data transfer using REST API. The HBP uses a single-sign-on system based on OpenID Connect (OIDC)2 which enables users to use same account for accessing all services for which they have the required access permissions. Unity3 acts as a bridge to HBP OIDC infrastructure and provides a centralized authentication and delegation service for UNICORE infrastructures.

hbp-workflow

In Human Brain Project, UNICORE ensures seamless and secure access to the HPC and data resources from various European supercomputing sites. The following figure describes how UNICORE, the OIDC Server and Unity communicate in order to authenticate an HBP user. When a user wants to use HPC services via UNICORE, the identity is first verified by the OIDC server using the HBP username and password. The OIDC server returns an OIDC token in case of a successful authentication. This OIDC token is then used to access the UNICORE services. UNICORE passes this token to the UNITY server that validates the token by contacting the OIDC server. In case of a successful validation, the user can access the resources of the HPC Platform using the REST API.

 

References

[1] Human Brain Project: humanbrainproject.eu
[2] OpenID Connect: openid.net/connect
[3] Unity project website: unity-idm.eu

© Forschungszentrum Jülich 2024