Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gridification progress report David Groep, Oscar Koeroo Wim Som de Cerff, Gerben Venekamp Martijn Steenbakkers.

Published byLuke Jessie Barber Modified over 8 years ago

Similar presentations

Presentation on theme: "Gridification progress report David Groep, Oscar Koeroo Wim Som de Cerff, Gerben Venekamp Martijn Steenbakkers."— Presentation transcript:

1 Gridification progress report David Groep, Oscar Koeroo Wim Som de Cerff, Gerben Venekamp Martijn Steenbakkers

2 Martijn Steenbakkers – Gridification progress report – 2003.09.26 - Heidelberg Gridification Overview ComputingElement Grid Scheduler (WP1) Grid Scheduler (WP1) Resource request in JDL In VOMS- signed, established security context LCAS static list wallclocktime quota check resource use plug-ins LCMAPS FLIDS Policy WP4 non-gridification WP4 non-gridification Gridification component Non-WP4 subsystem Non-WP4 subsystem Policy Credential Rep. uid/gid other tokens other tokens SE Configuration Mgmt, Installation Mgmt Configuration Mgmt, Installation Mgmt RMS farms FabNAT External to fabric Internal to fabric StorageElement (WP5) (Configuration Mgmt) Globus Gatekeeper Policy Job repository

3 Martijn Steenbakkers – Gridification progress report – 2003.09.26 - Heidelberg Gridification Overview ComputingElement Grid Scheduler (WP1) Grid Scheduler (WP1) Resource request in JDL In VOMS- signed, established security context LCAS static list wallclocktime quota check resource use plug-ins LCMAPS Policy WP4 non-gridification WP4 non-gridification Gridification component Non-WP4 subsystem Non-WP4 subsystem Credential Rep. uid/gid other tokens other tokens SE RMS farms External to fabric Internal to fabric StorageElement (WP5) (Configuration Mgmt) Globus Gatekeeper Policy Job repository

4 Martijn Steenbakkers – Gridification progress report – 2003.09.26 - Heidelberg Authentication control flow EDG gatekeeper LCAS allowed timeslot banned policy C=IT/O=INFN /L=CNAF /CN=Pinco Palla /CN=proxy VOMS pseudo- cert Job Manager fork+exec args, submit script LCMAPS open, learn, &run: … and return legacy uid LCAS authZ call out GSI AuthN accept TLS auth assist_gridmap Jobmanager-* Original Gatekeeper

5 Martijn Steenbakkers – Gridification progress report – 2003.09.26 - Heidelberg Local Centre Authorization Service (LCAS) u Current version LCAS-1.1.16 (integrated in dev tb, EDG 2.1) n Authorization plugin framework n Authorization decision based on proxy certificate (and RSL) 3 standard plugins provided: lcas_userallow.mod, lcas_userban.mod, lcas_timeslots.mod New plugin: lcas_voms.mod  Replaces lcas_userallow.mod s Authorization based on VOMS information in user proxy s Authorized VOs from either grid-mapfile or GACL file s Supports ‘old-style’ user proxies as well n Documentation: s LCAS: http://www.dutchgrid.nl/DataGrid/wp4/lcas/edg-lcas-1.1/http://www.dutchgrid.nl/DataGrid/wp4/lcas/edg-lcas-1.1/ s GACL: http://www.gridpp.ac.uk/authz/gaclhttp://www.gridpp.ac.uk/authz/gacl

6 Martijn Steenbakkers – Gridification progress report – 2003.09.26 - Heidelberg Local Credential Mapping Service (LCMAPS) LCMAPS-0.0.16 (integrated in dev tb, EDG 2.1) n Plug-in framework, driven by comprehensive policy description language n Mapping based on user identity, VO affiliation, site-local policy n Provides local credentials needed for jobs in fabric n Supports standard UNIX credentials (incl. pool accounts) n LCFG object: edg-lcfg-lcmaps-1.0 n To be done: AFS/Krb5 support: November ? n Documentation: http://www.dutchgrid.nl/DataGrid/wp4/lcmaps/edg- lcmaps-0.0.16http://www.dutchgrid.nl/DataGrid/wp4/lcmaps/edg- lcmaps-0.0.16

7 Martijn Steenbakkers – Gridification progress report – 2003.09.26 - Heidelberg LCMAPS – modules u Modules represent atomic functionality u Standard acquisition modules: lcmaps_localaccount.mod : from user DN assign local UID lcmaps_poolaccount.mod : from user DN assign UID from pool u VOMS acquisition modules: lcmaps_voms.mod : extract VOMS info from proxy lcmaps_voms_localgroup.mod : assign GID based on VOMS info lcmaps_voms_poolgroup.mod : assign GID from pool, based on VOMS info lcmaps_voms_poolaccount.mod : assign UID from pool, based on DN, VOMS and GIDs u Enforcement modules lcmaps_posix_enf.mod : setreuid(), setregid() and setgroups() in gatekeeper process lcmaps_ldap_end.mod : update distributed user database u In progress n Get AFS/Krb5 token based on user DN (gssklog) u …

8 Martijn Steenbakkers – Gridification progress report – 2003.09.26 - Heidelberg edg-gatekeeper u Current version: edg-gatekeeper-2.2.8 u Supports LCAS (either ‘dlopened’ or linked in) u Supports LCMAPS (either ‘dlopened’ or linked in) u New version supports the server version of LCAS

9 Martijn Steenbakkers – Gridification progress report – 2003.09.26 - Heidelberg Integration LCAS & LCMAPS u Basic integration finished end of last week n A few problems with VOMS servers and the like are solved n VOMS servers only for ITeam and WP6 u LCMAPS edg-lcfg-lcmaps works fine n Involves one manual step: creation of a groupmapfile (use edgl-lcfg-filecopy object !) n default EDG LCMAPS configuration: No LDAP, No poolgroups u LCAS edg-lcas-voms2gacl creates LCAS GACL file automatically from grid-mapfile u Testing on the development testbed continues … (?)

10 Martijn Steenbakkers – Gridification progress report – 2003.09.26 - Heidelberg To be done u Job repository n Store job status, local credential mapping (plugin LCMAPS), job description, user proxy, global job ID (from jobmanager) n Repository and access API n LDAP directory n Foreseen delivery: October/November u AFS/Kerberos support in LCMAPS n Foreseen delivery: November ? u LCAS server implementation n May involve a few changes in the edg-gatekeeper n Foreseen delivery: November n (From GACL to XACML) ? u Give support for edg-gatekeeper, LCAS, and LCMAPS

11 Martijn Steenbakkers – Gridification progress report – 2003.09.26 - Heidelberg Dissemination u GGF (various WG and RG: authorization WG, site AAA RG) u Evaluation by PPDG/GriPhyN projects u In the Netherlands: VL-E (Virtual Laboratory for E-science)

12 Martijn Steenbakkers – Gridification progress report – 2003.09.26 - Heidelberg

13 Timetable gridification components ComponentReleaseIntegration LCMAPS-1.0 (+ edg- gatekeeper-2.2) End of JuneJuly ? (after VOMS) LCAS-2.0 (server + VOMS plugin) End of July/AugustSeptember Job RepositoryEnd of August ?September ?? FLIDSSeptember?? FABNATNovember??

Download ppt "Gridification progress report David Groep, Oscar Koeroo Wim Som de Cerff, Gerben Venekamp Martijn Steenbakkers."

Similar presentations

Demonstrations at PRAGMA 13 10 demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.

Demonstrations at PRAGMA demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.

Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
Gridification Task Development Plan for Release 1.1 – 2.0 For Gridification: David Groep

Gridification Task Development Plan for Release 1.1 – 2.0 For Gridification: David Groep
Site Authorization Service (SAZ) at Fermilab Vijay Sekhri and Igor Mandrichenko Fermilab CHEP03, March 25, 2003.

Site Authorization Service (SAZ) at Fermilab Vijay Sekhri and Igor Mandrichenko Fermilab CHEP03, March 25, 2003.
OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.

OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.
Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.

Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
WP4 Gridification Subsystem overlap Globus & existing systems LCAS and AAA in WP4 for Gridification Task: David Groep

WP4 Gridification Subsystem overlap Globus & existing systems LCAS and AAA in WP4 for Gridification Task: David Groep
NIKHEF grid meeting 1 December 2003 LCAS and LCMAPS David Groep, Oscar Koeroo, Wim Som de Cerff, Martijn Steenbakkers, Gerben Venekamp.

NIKHEF grid meeting 1 December 2003 LCAS and LCMAPS David Groep, Oscar Koeroo, Wim Som de Cerff, Martijn Steenbakkers, Gerben Venekamp.
DataGrid is a project funded by the European Union EDG Conference Barcelona 2003 – Title – n° 1 VOMS and LCMAPS on Global Permissions and Local Credentials.

DataGrid is a project funded by the European Union EDG Conference Barcelona 2003 – Title – n° 1 VOMS and LCMAPS on Global Permissions and Local Credentials.
20 March 2007 VOMS etc - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.

20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK

30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
WP4 Gridification Subsystem overlap & existing systems for Gridification Task: David Groep

WP4 Gridification Subsystem overlap & existing systems for Gridification Task: David Groep
A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.

A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.
2001.04.02 / David GroepSummary of Security Workshop - DataGRID WP4 workshop1 DataGrid Security WS Summary Targets: Identify requirements from WP's Define.

/ David GroepSummary of Security Workshop - DataGRID WP4 workshop1 DataGrid Security WS Summary Targets: Identify requirements from WP's Define.
DataGrid is a project funded by the European Union HEPiX Conference Amsterdam 2003 Grid Security for Site Authorization in EDG VOMS, Java Security and.

DataGrid is a project funded by the European Union HEPiX Conference Amsterdam 2003 Grid Security for Site Authorization in EDG VOMS, Java Security and.
WP4 Security Update For WP4: David Groep

WP4 Security Update For WP4: David Groep

Similar presentations

Ads by Google