Presentation on theme: "GGF16, Athens AuthZ Interoperability Here and Now Workshop, 16 Feb 2006."— Presentation transcript:
GGF16, Athens AuthZ Interoperability Here and Now Workshop, 16 Feb 2006
Organising Committee Christophe Blanchet(CNRS IBCP&EGEE biomed VO dep) Vincent Breton(CNRS & EGEE Dir of Applications) Bob Cowles(SLAC and OSG Security co-chair) Ake Edlund(KTH and EGEE Director of Security) David Groep(NIKHEF and IGTF chair) David Kelsey(CCLRC and LCG/EGEE JSPG chair) Olle Mulmo(KTH and GGF Security Area Director) Dane Skow(USA and GGF Security Area Director) Von Welch(NCSA and Globus Alliance)
Background Much work on Grid Authentication -> success –International GridTrust Federation (IGTF) –facilitates cross-Grid authentication Grid Authorization is less mature Many large-scale application communities (VOs) are global in nature –have the need to access multiple Grid infrastructures Authorization (AuthZ) assertions and policy needs to be controlled at the VO level Important requirement for interoperability in AuthZ between Grids –protocols and evaluation of the AuthZ/Policy assertions –different implementations interwork and make AuthZ decisions.
Aims This workshop will consider short-term (now and next two years) Grid Authorization and Policy implementations, requirements and issues Investigate what improvements can be made to encourage and facilitate interoperability between Grid operational infrastructures Lessons learned from today's implementations –For the Grid security standards activities in GGF for the longer-term future. Highlight the Life Science perspective with requirements from the biomed VO in EGEE and in the overall biomedical community
AuthZ Interoperability Here and Now - Agenda - # Welcome, introduction and aims The LHC experiments (particle physics) AuthZ requirements (David Kelsey) The Biomed/EGEE AuthZ requirements (Christophe Blanchet/Rémi Mollon) AuthZ in Open Science Grid (Bob Cowles) Discussion
Agenda #2 Panel presentations & discussion - AuthZ interoperability issues and plans Von Welch TeraGrid/OSG interoperation issues David Groep EGEE framework and local PDP's Jens Jensen Data management AuthZ Yuri Demchenko GAAA/GT4 gap analysis Christos Kanellopoulos Ideas on interoperation/interoperability Olle MulmoFuture plans and directions (for GGF) leading into general discussion - recommendations for short-term and mid-term direction
MultiGrid Auth Group Will discuss use of common role definitions A proposal: Group User: would be provisioned with the default permissions and capabilities for the standard usage of a resource by that group Role Admin: would be provisioned full permissions and capabilities allowed to the group managers (probably not equivalent to root access to a machine) Role Storage Admin: would be provisioned with the ability to read/ write/delete all files and directories owned by the group Role Priority Admin: would be provisioned with the ability to adjust priorities for queued requests by that group on a resource. (This probably implies the requirement for a common interface for manipulating priority of queued requests).
TONIC group TONIC Taskforce Organizing Near-term Interoperation for Credentials Draft Charter: Community group formed to develop interoperation agreements to support various levels of interoperation between grids participating in the Grid Interoperation Now (GIN) activity. Create documents defining interoperation agreements for levels of interoperation. Act as an intermediate between the immediate needs of the production grid interoperation actions and the standards development process.