Presentation is loading. Please wait.

Presentation is loading. Please wait.

Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science.

Published byCadence Bagot Modified over 10 years ago

Similar presentations

Presentation on theme: "Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science."— Presentation transcript:

1 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium Multi-Site VOs and Multi-VO Sites in Open Science Grid Abhishek Singh Rana UC San Diego rana@fnal.gov Frank Wuerthwein UC San Diego fkw@fnal.gov GridWorld/GGF15 October 3-6, 2005 Boston, MA, USA Community Activity: Leveraging Site Infrastructute for Multi-Site Grids

2 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 2 Collaborative Effort Open Science Grid RBAC, Security and Policy Frameworks Privilege Project PPDG Common USATLAS USCMS Fermi National Lab Brookhaven National Lab U California San Diego Virginia Tech Technical Lead: Ian Fisk, FNAL Technical Coordinator: Dane Skow, FNAL

3 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 3 Outline Concepts & Goals. Examples –Compute Element. –Storage Element. Possible future examples –Dynamically provisioned environments/Workspaces. VO Workspace on Site boundary. –Edge Services Framework (ES Wafers). User Workspace on WNs –Resource Slices.

4 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 4 OSG Approach: Concepts VO-Global specification of privilege requirements per Role. Site central mapping of Role to sites implementation of privilege requirements. Local enforcement of privilege requirements.

5 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 5 Multi-Site VO CE SE Site CE SE Site CE SE Site CE SE Site CE SE Site

6 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 6 Multi-VO Site CE SE Site

7 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 7 A Multi-VO Multi-Site Grid CE SE Site CE SE Site CE SE Site CE SE Site CE SE Site CE SE Site CE SE Site CE SE Site

8 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 8 OSG Approach VO defines Roles and associated privileges by specifying expected functionality. –E.g. cmssoft may install software in area that is read-only by all cmsgrid user jobs running on site/campus. –E.g. cmssvc may deploy DB cache available to all cmsgrid user jobs running on site/campus. Site maps VO scope identities to local scope identities. –Site wide management of mapping. –Service level granularity of mapping. Site enforces VO privilege policies within local scope identities. Authorization = !(Site-vetoed) && (VO-allowed)

9 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 9 VO Attribute Repository Service X Service Y Service X Service Z Service X Veto Service Y Veto Service Z Veto Site-wide Assertion Service Host 1 Host 2 Site Authorization Service for Service X, Y, Z Site-wide Mapping Service Auxiliary Authorization Service for Service Z Auxiliary Mapping Service Callout Module for X, Y Callout Module for Z Local or Remote Client Proxy with VO Membership | Role Attributes

10 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 10 VO Attribute Repository Service X Service Y Service X Service Z Service X Veto Service Y Veto Service Z Veto Site-wide Assertion Service Host 1 Host 2 Site Authorization Service for Service X, Y, Z Site-wide Mapping Service Auxiliary Authorization Service for Service Z Auxiliary Mapping Service Callout Module for X, Y Callout Module for Z Local or Remote Client Proxy with VO Membership | Role Attributes PDP PEP PDP

11 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 11 Example: Compute Element

12 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 12 CE: Globus and Condor PRIMA and GUMS provide CE authz in OSG approach. PRIMA authenticates. GUMS translates {DN, Membership, Role} to Username. System translates Username to site-wide {UID}.

13 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 13 GUMS Local or Remote Client Proxy with VO Membership | Role Attributes Site-wide Assertion Service Site SAZ VOMS Site-wide Mapping Service Deployed at many sites/campuses with static UIDs as well as UID pools.

14 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 14 GUMS Local or Remote Client Proxy with VO Membership | Role Attributes Site-wide Assertion Service Site SAZ VOMS Site-wide Mapping Service CE Deployed at many sites/campuses with static UIDs as well as UID pools.

15 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 15 GUMS Local or Remote Client Proxy with VO Membership | Role Attributes Site-wide Assertion Service Site SAZ VOMS Site-wide Mapping Service PRIMA C SAML libraries CE Globus Gatekeeper PRIMA callout Deployed at many sites/campuses with static UIDs as well as UID pools.

16 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 16 GUMS Local or Remote Client Proxy with VO Membership | Role Attributes Site-wide Assertion Service Site SAZ VOMS Site-wide Mapping Service PRIMA C SAML libraries CE Globus Gatekeeper PRIMA callout Deployed at many sites/campuses with static UIDs as well as UID pools. PEP

17 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 17 Example: Storage Element

18 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 18 SE: SRM-dCache Different doors for different authz methods. Same underlying local authz mechanism. Can be mapped to sites UID/GID domain. Or be restricted to SRM-dCache only. Examples: –USCMS-VO at FNAL: Site UID domain. –CDF-VO at FNAL: Site Kerberos domain.

19 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 19 SE: SRM-dCache gPLAZMA extends SRM-dCache separation of SE authz and CE authz to OSG approach. gPLAZMA authenticates. Storage Authz Service contacts GUMS and gPLAZMA Storage Metadata Service. GUMS translates {DN, Membership, Role} to Username. System optionally translates Username to site-wide {UID, GID}. gPLAZMA Storage Metadata Service translates Username to Storage-privilege Set. Storage-privilege Set is {UID, GID, permitted storage area, R/W permissions}. Storage-privilege Set is User-level ACL governed by {DN, Membership, Role}.

20 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 20 GUMS Local or Remote Client Proxy with VO Membership | Role Attributes Site-wide Assertion Service Site SAZ VOMS Site-wide Mapping Service Auxiliary Mapping Service CE SE gPLAZMA Storage metadata PRIMA Authorization Service

21 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 21 GUMS Local or Remote Client Proxy with VO Membership | Role Attributes Site-wide Assertion Service Site SAZ VOMS Site-wide Mapping Service Auxiliary Mapping Service CE SE gPLAZMA Storage metadata PRIMA Authorization Service

22 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 22 GUMS Local or Remote Client Proxy with VO Membership | Role Attributes Site-wide Assertion Service Site SAZ VOMS Site-wide Mapping Service Auxiliary Mapping Service CE SE gPLAZMA Storage metadata PRIMA Authorization Service PRIMA C SAML libraries Globus Gatekeeper PRIMA callout

23 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 23 GUMS Local or Remote Client Proxy with VO Membership | Role Attributes Site-wide Assertion Service Site SAZ VOMS Site-wide Mapping Service Auxiliary Mapping Service CE SE gPLAZMA Storage metadata PRIMA Authorization Service PRIMA C SAML libraries Globus Gatekeeper PRIMA callout PEP

24 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 24 GUMS Local or Remote Client Proxy with VO Membership | Role Attributes Site-wide Assertion Service Site SAZ VOMS Site-wide Mapping Service Auxiliary Mapping Service CE SE gPLAZMA Storage metadata PRIMA Authorization Service PRIMA C SAML libraries Globus Gatekeeper PRIMA callout

25 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 25 GUMS Local or Remote Client Proxy with VO Membership | Role Attributes Site-wide Assertion Service Site SAZ VOMS Site-wide Mapping Service Auxiliary Mapping Service PRIMA C SAML libraries CE SE gPLAZMA Storage metadata PRIMA Java SAML gPLAZMA PRIMA Authorization Service Globus Gatekeeper PRIMA callout SRM-GridFTP gPLAZMA callout gPLAZMALite Authorization Services suite

26 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 26 GUMS Local or Remote Client Proxy with VO Membership | Role Attributes Site-wide Assertion Service Site SAZ VOMS Site-wide Mapping Service Auxiliary Mapping Service PRIMA C SAML libraries CE SE gPLAZMA Storage metadata PRIMA Java SAML gPLAZMA PRIMA Authorization Service Globus Gatekeeper PRIMA callout SRM-GridFTP gPLAZMA callout gPLAZMALite Authorization Services suite PEP

27 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 27 GUMS Local or Remote Client Proxy with VO Membership | Role Attributes Site-wide Assertion Service Site SAZ VOMS Site-wide Mapping Service Auxiliary Mapping Service PRIMA C SAML libraries CE SE gPLAZMA Storage metadata PRIMA Java SAML gPLAZMA PRIMA Authorization Service Globus Gatekeeper PRIMA callout SRM-GridFTP gPLAZMA callout OGSA AuthZ interface gPLAZMALite Authorization Services suite

28 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 28 GUMS Local or Remote Client Proxy with VO Membership | Role Attributes Site-wide Assertion Service Site SAZ VOMS Site-wide Mapping Service Auxiliary Mapping Service PRIMA C SAML libraries CE SE gPLAZMA Storage metadata PRIMA Java SAML gPLAZMA PRIMA Authorization Service Globus Gatekeeper PRIMA callout SRM-GridFTP gPLAZMA callout PRIMA A System for Privilege Management and Authorization in Grids gPLAZMA grid-aware Pluggable Authorization Management System GUMS Grid User Management System SAZ Site Authorization Service VOMS Virtual Organization Membership Service gPLAZMALite Authorization Services suite

29 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 29 GUMS Local or Remote Client Proxy with VO Membership | Role Attributes Site-wide Assertion Service Site SAZ VOMS Site-wide Mapping Service Auxiliary Mapping Service PRIMA C SAML libraries CE SE gPLAZMA Storage metadata PRIMA Java SAML gPLAZMA PRIMA Authorization Service Globus Gatekeeper PRIMA callout SRM-GridFTP gPLAZMA callout PRIMA Markus Lorch, VT gPLAZMA Abhishek Singh Rana, UCSD Timur Perelmutov, FNAL GUMS Gabriele Carcassi, BNL SAZ Vijay Sekhri, FNAL John Weigand, FNAL SRM-dCache DESY/FNAL teams VOMS INFN teams, Italy gPLAZMALite Authorization Services suite

30 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 30 VO control of ACLs. –All files are owned by VO. –Simple solutions. –VO PDP, separated from Resource. Site control of ACLs. –All files are owned by {DN, Membership, Role} of a User. –Site SE enforces global (VO) and local (site) policies. –Global & local policies are used together to aid in isolation of privileges, grant privacy to user, and perform fine-grained security. –Demands sophisticated solutions. –Site PDP, closer to Resource. SE ACLs: VO versus Site Control

31 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 31 Possible Future Examples: Dynamic Virtual Environments/Workspaces 1. VO Workspace on Site boundary - Edge Services Framework (ES Wafers). 2. User Workspace on WNs (Resource Slices).

32 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 32 No ESF - Phase 0 SECE Site

33 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 33 No ESF - Phase 0 Site SECE Static deployment CMSATLASCDF

34 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 34 ESF? SECE Site

35 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 35 ESF - Phase 1 ESF SE Site Snapshot of ES Wafers implemented as Virtual Workspaces CE CDF CMS ATLAS Guest VO

36 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 36 An attempt at ESF Terminology Edge Services Wafer (ES Wafer) –A specific instance of a dynamically-created VM (workspace) is called an Edge Services Wafer. –An ES Wafer can have several Edge Services running. –A VO can have multiple ES Wafers up at a Site. Edge Services Slot (ES Slot) –An ES Slot has hardware characteristics specified by the Site Admin. –An ES Slot can be leased by a VO to host an ES Wafer. Edge Service (ES) –A VO-specific service instantiated by a VO in a Wafer. Workspace Service (WS) –Service at a Site that allows VOs to instantiate ES Wafers in ES Slots.

37 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 37 ESF - Phase 1 CDF CMS ATLAS Guest VO ESF SECE Site GT4 Workspace Service & VMM Dynamically deployed ES Wafers for each VO Wafer images stored in SE Compute nodes and Storage nodes

38 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 38 ESF - Phase 1 CDF CMS ATLAS Guest VO ESF SECE Site GT4 Workspace Service & VMM Dynamically deployed ES Wafers for each VO Wafer images stored in SE Compute nodes and Storage nodes Globus Workspace Service Kate Keahey, ANL/Globus Timothy Freeman, ANL/Globus Edge Services Suite CMS and ATLAS Collaborations Xen VMM Cambridge University, UK XenSource Inc.

39 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 39 User jobs at Compute nodes using ES Wafers for VO Edge Services ESF SECE Site CDF CMS ATLAS Guest VO

40 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 40 VO Admin transporting/storing ES image to a remote Site....Deploying ES using image stored in Sites local repository

41 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 41 VO Workspaces (Edge Services) Concepts –TID (Transactional Identity) = {DN, Membership Profile, Set of Roles} –Thus, TID is VO & VO-Site agreement specific. –TID functions as a tag for VO Workspace characteristics. –Site central mapping service translates TID into VO Workspace characteristics. –ESF provisions VO Workspace according to characteristics.

42 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 42 ESF - Phase 1 ESF SECE Site CMS Role=VO Admin

43 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 43 ESF - Phase 1 ESF SECE Site CMS Role=VO Admin PEP

44 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 44 ESF - Phase 1 ESF SECE Site CMS Role=VO Admin

45 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 45 ESF - Phase 1 ESF SECE Site Role=VO Admin

46 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 46 ESF - Phase 1 ESF SECE Site Role=VO Admin PEP

47 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 47 ESF - Phase 1 ESF SECE Site Role=VO Admin

48 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 48 ESF - Phase 1 ESF SECE Site Role=VO Admin PEP

49 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 49 ESF - Phase 1 ESF SECE Site CMS Role=VO Admin

50 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 50 ESF - Phase 1 ESF SECE Site CMS Role=VO Admin

51 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 51 ESF - Phase 1 ESF SECE Site CMS Role=VO Admin

52 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 52 ESF - Phase 1 ESF SECE Site CMS Role=VO Admin ES Wafer (Multiple VO Services at a Sites Edge)

53 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 53 A VO User using ESF....Executing at a User Workspace

54 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 54 User Workspace –Slicing of a Resource, on demand. –PEP closer to such finer slices of a Resource. –Customized (possibly transient) slices. –Isolation of environment of such a slice. A resource slice and VO/User environment make a User Workspace.

55 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 55 User Workspace Concepts –TID (Transactional Identity) = {DN, Membership Profile, Set of Roles} –Thus, TID is VO & application type specific. –TID functions as a tag for Workspace characteristics. –Site central mapping service translates TID into User Workspace characteristics. –Compute node local service provisions User Workspace according to characteristics.

56 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 56 User Workspace ESF SECE Site CMS Role=VO User

57 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 57 User Workspace ESF SECE Site CMS Role=VO User PEP

58 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 58 User Workspace ESF SE Site CMS Role=VO User CE

59 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 59 User Workspace ESF SE Site CMS Role=VO User CE PEP

60 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 60 User Workspace ESF SE Site CMS Role=VO User CE Resource Slice (User execution environment at a WN)

61 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 61 User Workspace ESF SECE Site CMS Role=VO User

62 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 62 User Workspace ESF SECE Site CMS Role=VO User PEP

63 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 63 User Workspace ESF SECE Site CMS Role=VO User

64 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 64 Summary of OSG Approach VO-Global specification of privilege requirements per role. –Means to do so are lacking today! –Making progress. Site central mapping of role to implementation of privilege requirements. –Simple solutions in production usage. Local enforcement of privilege requirements. –Simple solutions in production usage. –Moving forward to designing more advanced solutions.

65 Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid Consortium 65 Thank You.

Download ppt "Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science."

Similar presentations

EcoTherm Plus WGB-K 20 E 4,5 – 20 kW.

EcoTherm Plus WGB-K 20 E 4,5 – 20 kW.
Symantec 2010 Windows 7 Migration Global Results.

Symantec 2010 Windows 7 Migration Global Results.
1 A B C 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52.

1 A B C
Variations of the Turing Machine

Variations of the Turing Machine
AP STUDY SESSION 2.

AP STUDY SESSION 2.
1

1
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Copyright © 2013 Elsevier Inc. All rights reserved.

Copyright © 2013 Elsevier Inc. All rights reserved.
Open Science Grid Living on the Edge: OSG Edge Services Framework Kate Keahey Abhishek Rana.

Open Science Grid Living on the Edge: OSG Edge Services Framework Kate Keahey Abhishek Rana.
David Burdett May 11, 2004 Package Binding for WS CDL.

David Burdett May 11, 2004 Package Binding for WS CDL.
Local Customization Chapter 2. Local Customization 2-2 Objectives Customization Considerations Types of Data Elements Location for Locally Defined Data.

Local Customization Chapter 2. Local Customization 2-2 Objectives Customization Considerations Types of Data Elements Location for Locally Defined Data.
Create an Application Title 1Y - Youth Chapter 5.

Create an Application Title 1Y - Youth Chapter 5.
CALENDAR.

CALENDAR.
1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.

1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.
The 5S numbers game..

The 5S numbers game..
© Tally Solutions Pvt. Ltd. All Rights Reserved Shoper 9 License Management December 09.

© Tally Solutions Pvt. Ltd. All Rights Reserved Shoper 9 License Management December 09.
Inspections on an iPad, iPhone, iPod Touch, Android Tablet or Android Phone.

Inspections on an iPad, iPhone, iPod Touch, Android Tablet or Android Phone.
Media-Monitoring Final Report April - May 2010 News.

Media-Monitoring Final Report April - May 2010 News.
Welcome. © 2008 ADP, Inc. 2 Overview A Look at the Web Site Question and Answer Session Agenda.

Welcome. © 2008 ADP, Inc. 2 Overview A Look at the Web Site Question and Answer Session Agenda.
Break Time Remaining 10:00.

Break Time Remaining 10:00.

Similar presentations

Ads by Google