XSEDE API Documentation

A. Introduction

XSEDE has identified over 60 user facing use cases that document specific ways users need to use XSEDE's infrastructure. From those user facing use cases XSEDE distilled 12 canonical use cases that document the core (common) system functions needed by user facing use cases.

XSEDE has delivered production components supporting almost all the core (common) system functions in the canonical use cases and many of the 60 user facing use cases, thus enabling users to perform some (but not all) of the functions in those use cases.

This page documents XSEDE production components that have APIs and provides pointers to API documentation and client coding examples that software and service developers, such as Science Gateways developers, can reference.


B. Security: Authentication, Authorization, and Identity Management

Relevant Use Cases

  • Authenticate to one or more SP resources, SP services, and XSEDE central services (UCCAN 6.0)
  • Use Identity and Access Management (UCCAN 9.0)

Globus Identity Management

Synopsis
Globus Auth is a foundational identity and access management (IAM) platform service, used for brokering authentication and authorization interactions between end-users, identity providers, resource servers (services), and clients (including web, mobile, desktop, and command line applications, and other services).

Globus Auth is compliant with the OAuth2 and OpenID Connect standards, but extends them to support use cases that are beyond the scope of those standards.

Documentation
https://docs.globus.org/api/auth/
http://software.xsede.org/development/xsede-identity-management/2-legged_Java/ (2-legged Java client example)

MyProxy

Synopsis
Integrating MyProxy clients into your application allows you to authenticate and obtain X.509 certificates for your users. Using the MyProxy client API with the myproxy.xsede.org server allows applications to verify XSEDE Kerberos passwords and obtain short-lived XSEDE-accepted certificates.
Documentation
http://grid.ncsa.illinois.edu/myproxy/devguide.html

MyProxy OAuth

Synopsis
The MyProxy OAuth API allows clients to authenticate users and obtain X.509 certificates for users. It is compliant with OAuth 1.0a, OAuth 2.0, and OpenID Connect. Using the MyProxy OAuth API with the oa4mp.xsede.org server allows clients to authenticate XSEDE users and obtain XSEDE-accepted short-lived certificates.
Documentation
http://grid.ncsa.illinois.edu/myproxy/oauth/client/manuals/api-reference.xhtml

CILogon

Synopsis
CILogon provides a standards-compliant OpenID Connect (OAuth 2.0) interface to federated authentication. Clients can use this interface to authenticate users via their home campus identity providers (e.g., via InCommon SAML authentication) and optionally obtain short-lived X.509 certificates for users.
Documentation
http://www.cilogon.org/oidc

Genesis II WS-STS

Synopsis
Implements WS-Trust standard for Secure Token Service (STS), with variants for GFFS grid user, Kerberos and Globus Auth authentication processes.
Documentation
https://drive.google.com/open?id=0Bw2MSQzDg55bdmNYZGtGNmJkZGs
Client Examples
https://drive.google.com/open?id=0Bw2MSQzDg55bUXYwaVlSWDVHRkk

C. Data: Movement and Management

Relevant Use Cases

Globus Transfer

Synopsis
Globus' transfer service is software-as-a-service for file transfer and sharing. Designed specifically for researchers, Globus provides fast, reliable, and secure file transfer among XSEDE resources or between an XSEDE resource and another machine (such as a campus cluster, lab server, or personal computer). Globus is core campus bridging technology that enables researchers to scale their computational research from the desktop, across campus, and to national cyberinfrastructure. Beyond file transfer, Globus allows researchers to securely share data with collaborators directly from existing systems, without investing in additional campus or cloud storage just for the purposes of sharing.
Documentation
https://portal.xsede.org/software/globus

GridFTP

Synopsis
GridFTP is a high-performance, secure, reliable data transfer protocol optimized for high-bandwidth wide-area networks. In the XSEDE system architecture, GridFTP is a service-layer interface for data transfer. (The higher-level, access-layer interface is Globus transfer, see above.) The GridFTP protocol is based on FTP, the highly-popular Internet file transfer protocol. We have selected a set of protocol features and extensions defined already in IETF RFCs and added a few additional features to meet requirements from current data grid projects.
Documentation
http://toolkit.globus.org/toolkit/docs/latest-stable/gridftp/developer/index.html

Genesis II GFFS

Synopsis
Provides global file system for researcher data sharing and job submission.
Documentation
https://drive.google.com/open?id=0Bw2MSQzDg55bdmNYZGtGNmJkZGs
Client Examples
https://drive.google.com/open?id=0Bw2MSQzDg55bUXYwaVlSWDVHRkk

D. Execution: Job Execution and Management

Relevant Use Cases

UNICORE / Execution Management Service

Synopsis
UNICORE is a Grid middleware offering services for program execution and data movement on remote computers via the internet. It specializes on massively parallel applications typically running on large computing clusters and supercomputers utilizing their resource management systems (job schedulers and batch systems) to distribute work efficiently.
Documentation

GSI OpenSSH

Synopsis
Enables remote login and shell access using X.509 credentials
Documentation
Programs can fork/exec the GSI OpenSSH client and send shell commands to be executed on the remote machine. http://www.openssh.com/manual.html

E. Information: Publishing and Discovery

Relevant Use Cases

AMQP Publishing and Subscribe

Synopsis
Enables asynchronous publishing of and subscription to XSEDE resource information.
Documentation

REST API Publish and Query

Synopsis
Enables synchronous publishing and query based discovery of XSEDE infrastructure resource information.
Documentation
https://info1.dyn.xsede.org/wh1/api-docs/

UNICORE Registry

Synopsis
Enables synchronous publishing and query based discovery of XSEDE UNICORE infrastructure resource information.
Documentation

Last update: June 21, 2016