What is Onedata?

Let's go back to the beginning...

Data access within a data center

centered

Other science fields want their share too

centered

Data access within a Grid

centered no-margin

Global collaborative data sharing

centered

Onedata — the vision

centered

Onedata — the vision

centered

Onedata

centered

Users

A user may gain access to the Onedata services by authenticating to a Onezone service. Authentication is done using identity providers, offering social and federated Single Sign-On (SSO) services. Onezone currently implements auth plugins for OpenID, OpenID Connect (based on OAuth 2.0), and SAML protocols, but different ones can be added if needed. See the documentation here.

centered

Groups

The user can be a member of multiple groups. Groups can be organized in hierarchical structures that regulate access to resources for collectives of users. See the documentation here.

Onedata supports so-called entitlement mapping — user's entitlements (organizational group memberships recognizable by given IdP) are transmitted in SAML assertions or OpenID user info and then mapped to Onedata groups. Upon a login, the user is automatically added to the groups, with mapped privileges. See the documentation here.

centered no-margin

Onedata membership model

Groups in Onedata are fundamental for the membership model that regulates who can access certain resources.

Users and groups can become members of Onedata resources. A member essentially gains access to the resource, but the scope of the access is regulated by granular privileges.

Each user only sees the resources that he is a member of.

Onedata resources

  • Groups — collectives of users; may be nested; can be members of other resources — docs.

  • Spaces — distributed logical volumes, where users can organize their data — docs.

  • Harvesters (data discovery) — metadata indexing and searching services — docs.

  • Automation inventories — recipes for data processing pipelines.

  • Handle services (Public Data) — used for publishing data collections with persistent identifiers.

  • Clusters — administrative area for Onezone and Oneprovider instances — docs.

  • Tokens — textual keys carrying proofs of authorization (do not follow the membership model; exclusive property of a user) — docs.

Onedata resources

centered no-margin

Effective memberships, privilege inheritance

Users and groups can be members of a resource with assigned granular privileges.

Effective members are those who effectively have access to a resource, either by direct memberships or those inherited via groups.

All effective members of a group inherit the group's effective memberships and privileges. A user's effective privileges are a sum of all privileges inherited through all their membership paths (last segment only!).

centered

Spaces

All the data stored in Onedata is organized into spaces. See the documentation here.

  • Space is a virtual, logical data volume with a POSIX-like filesystem.
  • Physical data of a single logical file can be distributed.
  • Existing collections can be imported (no data copying).

Provider

  • Oneprovider is a piece of software installed at a data center (data provider).
  • Manages physical data on underlying storage backends.
  • Synchronizes metadata with other providers in a P2P manner.
  • Handles data access requests.
  • Subject to a Onezone.

Space support

Spaces can be seen as virtual directories or volumes, which can contain an arbitrary directory and file hierarchy, while the underlying physical data is distributed across multiple storage backends, governed by providers.

Provider grants support for a space, declaring a certain storage quota. See the documentation here.

centered no-margin

Other resources i.e. tokens, harvesters, automation inventories, handle services, and clusters will be covered in the upcoming chapters.

Next chapter:

First steps in GUI — practice