ePoste Restante and ePort Pay

1
ePoste Restante and ePort Payéexchanging files
using centralized temporary storage with
federated authentication

• TERENA - Collaboration on Storage Services
• Jari.Miettinen_at_csc.fi
• Mikael.Linden_at_csc.fi
• Amsterdam 29.6.2007

2
Content

• road to ePostal services
• current delivery procedures
• obstacles on the road of the user
• ePoste Restante and ePort Payé
• connection to AAI - Haka
• deployment scenarios
• caveats by the path
• current development status
• advantages to the user community

3
road to ePostal services _at_CSC (1/2)

• CSC supercomputing centre
• general-purpose fiber disk service
• long-term archiving
• the Project Disk service for individual research
  groups
• Nic.funet.fi ftp archive since 1990
• the origin of Linux
• over 4M files
• performance record 800Mbps sustained on Fedora6
  release day (Oct 23 2006)

4
road to ePostal services _at_CSC (2/2)

• Funet e-mail support and coordination
• expert services
• spam filtering support
• mail delivery backup for customers (renounced Dec
  2006)
• Haka authentication federation
• operator role
• deployment support for service builders
• CSC SC applications the web-based Scientists
  interface
• P2P study in co-operation with YLE (2006)
• insight to usefullness of P2P

5
current delivery procedures

• customer problem how to deliver a 4.7GB data
  disk containing sensitive data to colleague?
• possible solutions
• travel
• courier Fedex and others
• conventional posting
• Skype it
• feed it to P2P network
• setup a small home/office ftp/web server
• e-mail

6
obstacles on the road of the user

• CO2 emissions and ecological footprint
• Skype/P2P jeopardizes security and confidence
• data could be encrypted
• how to erase a file from the P2P network?
• organizational security policies and practices
• networks are not open anymore
• e2e principle is broken wide use of NAT etc.
• new servers have to be registered even small
  ftp servers -)
• conventions in the e-mail administration
• many sites have file size restrictions
• focus in spam war nowadays...
• reliability and performance
• home/office systems are not tuned
• network bottlenecks

7
ePoste Restante and ePort Payé (1/2)

• ePoste Restante
• an electrical version of a fetch mail office
• authenticated user uploads a file to the server
• the non-authenticated friend of the user
  downloads the file
• ePort Payé
• reminds of free postage envelopes, carriage paid
• the authenticated user generates an electrical
  voucher
• the voucher is delivered to his non-authenticated
  friend
• the friend uploads a file to the server
• the user downloads the file

8
ePoste Restante and ePort Payé (2/2)

• common features
• web-based
• no adminstration intervention is needed during
  normal operation
• file is automagically deleted after a fixed
  period of time (days)
• the amount of downloads is limited (half a dozen)
• ordinary e-mail is used for delivering short
  notices and downloading information
• optional use of https

9
connection to AAI - Haka

• authentication
• no CSC supercomputing user environment account is
  required as users are autheticated in their home
  organizations
• saves time and effort in adminstration
  procedures!
• easy for users
• AUP has to be accepted anyway - electrically
• authorization
• political decision in the first phase e.g. all
  the researches of the Funet organizations joined
  to Haka may be accepted as users
• check the contence of the schacHomeOrganizationTyp
  e attribute provided by IdP, e.g.
• schacHomeOrganizationuta.fi
• schacHomeOrganizationTypePREFIXfiuniversity
• metadata
• useful user data could be got automatically, e.g.
  the real user name, e-mail address, organization
  information
• minimizes the user typing efforts
• further development AAI enabled shared data
  areas for research groups

10
deployment scenarios

• simple extension to the popular e-mail
• send less attachments
• one may even doesnt want to keep them anyway...
• data intensive research up to middle class
  volumes
• computational data
• digitized material documents, scripts, maps,...
• digital material images,...
• measurement data

11
caveats by the path

• data security integrity
• users should (always) encrypt their sensitive
  data in transfers
• the current user customs overlook (at least)
  integrity
• easy end user encrypting solution is needed a
  mouse click
• we may need a password/passphrase
  exchange/clearing house service ?
• misuse
• every system can be misused
• banned in AUP
• usage is logged
• some checking needed in regularly - TOP10 user
  lists etc.
• a new tunnel for viruses
• users can transfer executables advisory needed
• the problem already exists
• Who do you trust? Trust us!

12
current development status

• work for new services in the Funet user SIG
  during 2006-2007
• revealed two separate and independent
  implementations in the universities Turku and
  Oulu
• testing and piloting in Nic.funet.fi during
  summer 2007
• Haka/shibboleth support
• feature selection and supplement
• decisions autumn 2007
• (possible) production - late 2007

13
advantages to the user community

• person-to-person file transfer is enabled easily
  for end users
• self-service
• simple trust model sender-receiver
• CSC doesnt have to be trusted ?
• non-interactive operation
• support for even larger files sizes

14
Questions and comments, please!