Gridification progress report David Groep, Oscar Koeroo Wim Som de Cerff, Gerben Venekamp Martijn Steenbakkers.

Slides:



Advertisements
Similar presentations
Demonstrations at PRAGMA demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.
Advertisements

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
Gridification Task Development Plan for Release 1.1 – 2.0 For Gridification: David Groep
Site Authorization Service (SAZ) at Fermilab Vijay Sekhri and Igor Mandrichenko Fermilab CHEP03, March 25, 2003.
OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.
Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
WP4 Gridification Subsystem overlap Globus & existing systems LCAS and AAA in WP4 for Gridification Task: David Groep
NIKHEF grid meeting 1 December 2003 LCAS and LCMAPS David Groep, Oscar Koeroo, Wim Som de Cerff, Martijn Steenbakkers, Gerben Venekamp.
DataGrid is a project funded by the European Union EDG Conference Barcelona 2003 – Title – n° 1 VOMS and LCMAPS on Global Permissions and Local Credentials.
20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
WP4 Gridification Subsystem overlap & existing systems for Gridification Task: David Groep
A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.
/ David GroepSummary of Security Workshop - DataGRID WP4 workshop1 DataGrid Security WS Summary Targets: Identify requirements from WP's Define.
DataGrid is a project funded by the European Union HEPiX Conference Amsterdam 2003 Grid Security for Site Authorization in EDG VOMS, Java Security and.
WP4 Security Update For WP4: David Groep
WP4 Gridification Security Components in the Fabric overview of the WP4 architecture as of D4.2 for Gridification Task: David Groep
Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file grid “ping”
GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.
VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.
WP4 Security and AA(A) issues For WP4: David Groep
Olof Bärring – WP4 summary- 4/9/ n° 1 Partner Logo WP4 report Plans for testbed 2
EU DataGrid (EDG) & GridPP Authorization and Access Control User VOMS C CA 2. certificate dn, ca, key 1. request 3. certificate 4. VOMS cred: VO, groups,
CHEP03 Mar 25Mary Thompson Fine-grained Authorization for Job and Resource Management using Akenti and Globus Mary Thompson LBL,Kate Keahey ANL, Sam Lang.
DataGrid is a project funded by the European Union EDG Conference Barcelona 2003 – Title – n° 1 VOMS and LCMAPS on Global Permissions and Local Credentials.
Maarten Litmaath (CERN), GDB meeting, CERN, 2006/02/08 VOMS deployment Extent of VOMS usage in LCG-2 –Node types gLite 3.0 Issues Conclusions.
23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX1 LCG Security Update HEPiX-HEPNT, TRIUMF, 23 October 2003 David Kelsey CCLRC/RAL, UK
EDG Security European DataGrid Project Security Coordination Group
3-Jul-02D.P.Kelsey, Security1 Security meetings Report to EDG PTB 3 Jul 2002 David Kelsey CLRC/RAL, UK
INFSO-RI Enabling Grids for E-sciencE Site access control issues (a sneak preview of DJRA3.2) Martijn Steenbakkers for JRA3 Universiteit.
DataGrid Fabric Management (WP4) Gridification of Large Farms, a very brief overview David Groep, NIKHEF
30-Sep-03D.P.Kelsey, SCG Summary1 Security Co-ordination Group (WP7 SCG) EDG Heidelberg 30 September 2003 David Kelsey CCLRC/RAL, UK
INFSO-RI Enabling Grids for E-sciencE LCAS/LCMAPS and WSS Site Access Control boundary conditions David Groep NIKHEF.
User Management: Authentication & Authorization on the NorduGrid Balázs Kónya, AndersWäänänen 3 rd NorduGrid Workshop, 23 May, 2002 Helsinki.
User VOMS Java C CA 2. certificate dn, ca, key 1. request 3. certificate 4. VOMS cred: VO, groups, roles, capabilities Authentication Certificate Authorities.
Olof Bärring – WP4 summary- 4/9/ n° 1 Partner Logo WP4 report Plans for testbed 2 [Including slides prepared by Lex Holt.]
Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
23-Oct-02D.P.Kelsey, Grid Security, HEPiX, FNAL1 LCG/EDG Security - update and plans HEPiX/HEPNT - FNAL 23 Oct 2002 David Kelsey CLRC/RAL, UK
INFSO-RI Enabling Grids for E-sciencE LCAS/LCMAPS and WSS Site Access Control boundary conditions David Groep et al. NIKHEF.
Andrew McNab - EDG Access Control - 4 Dec 2002 EDG Access Control and User Management (ie Local Authorisation and Accounts) Andrew McNab, University of.
VO management: Progress since Chicago Workshop Vincenzo Ciaschini 23/5/2002 CNAF – Bologna.
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.
OSG AuthZ components Dane Skow Gabriele Carcassi.
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Update Authorization Service Christoph Witzig,
INFSO-RI Enabling Grids for E-sciencE - II SLCS, VASH, and LCAS/LCMAPS Plugins All-Hands Meeting Helsinki Placi Flury, SWITCH 19.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
WP3 Security and R-GMA Linda Cornwall. WP3 UserVOMS service authr map pre-proc authr LCAS LCMAPS pre-proc LCAS Coarse-grained e.g. Spitfire WP2 service.
Ákos FROHNER – DataGrid Security n° 1 Security Group TODO
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
VOX Project Status T. Levshina. 5/7/2003LCG SEC meetings2 Goals, team and collaborators Purpose: To facilitate the remote participation of US based physicists.
Site Authorization Service Local Resource Authorization Service (VOX Project) Vijay Sekhri Tanya Levshina Fermilab.
Security in WLCG/EGEE. Security – January Requirements Providers of resources (computers, storages, databases, services..) need risks to.
DataGrid Security Wrapup Linda Cornwall 4 th March 2004.
Overview of the New Security Model Akos Frohner (CERN) WP8 Meeting VI DataGRID Conference Barcelone, May 2003.
INFSO-RI Enabling Grids for E-sciencE GUMS vs. LCMAPS Oscar Koeroo.
Enabling Grids for E-sciencE Claudio Cherubino INFN DGAS (Distributed Grid Accounting System)
WP4 Fabric Management 3rd EU Review Maite Barroso - CERN
The European DataGrid Project Team
CRC exercises Not happy with the way the document for testbed architecture is progressing More a collection of contributions from the mware groups rather.
Update on EDG Security (VOMS)
WP4 Security Update For WP4: David Groep
Gridification Gatekeeper LCAS: Local Centre AuthZ Service LCAS
Gridification progress report
Information Providers
Presentation transcript:

Gridification progress report David Groep, Oscar Koeroo Wim Som de Cerff, Gerben Venekamp Martijn Steenbakkers

Martijn Steenbakkers – Gridification progress report – Heidelberg Gridification Overview ComputingElement Grid Scheduler (WP1) Grid Scheduler (WP1) Resource request in JDL In VOMS- signed, established security context LCAS static list wallclocktime quota check resource use plug-ins LCMAPS FLIDS Policy WP4 non-gridification WP4 non-gridification Gridification component Non-WP4 subsystem Non-WP4 subsystem Policy Credential Rep. uid/gid other tokens other tokens SE Configuration Mgmt, Installation Mgmt Configuration Mgmt, Installation Mgmt RMS farms FabNAT External to fabric Internal to fabric StorageElement (WP5) (Configuration Mgmt) Globus Gatekeeper Policy Job repository

Martijn Steenbakkers – Gridification progress report – Heidelberg Gridification Overview ComputingElement Grid Scheduler (WP1) Grid Scheduler (WP1) Resource request in JDL In VOMS- signed, established security context LCAS static list wallclocktime quota check resource use plug-ins LCMAPS Policy WP4 non-gridification WP4 non-gridification Gridification component Non-WP4 subsystem Non-WP4 subsystem Credential Rep. uid/gid other tokens other tokens SE RMS farms External to fabric Internal to fabric StorageElement (WP5) (Configuration Mgmt) Globus Gatekeeper Policy Job repository

Martijn Steenbakkers – Gridification progress report – Heidelberg Authentication control flow EDG gatekeeper LCAS allowed timeslot banned policy C=IT/O=INFN /L=CNAF /CN=Pinco Palla /CN=proxy VOMS pseudo- cert Job Manager fork+exec args, submit script LCMAPS open, learn, &run: … and return legacy uid LCAS authZ call out GSI AuthN accept TLS auth assist_gridmap Jobmanager-* Original Gatekeeper

Martijn Steenbakkers – Gridification progress report – Heidelberg Local Centre Authorization Service (LCAS) u Current version LCAS (integrated in dev tb, EDG 2.1) n Authorization plugin framework n Authorization decision based on proxy certificate (and RSL) 3 standard plugins provided: lcas_userallow.mod, lcas_userban.mod, lcas_timeslots.mod New plugin: lcas_voms.mod  Replaces lcas_userallow.mod s Authorization based on VOMS information in user proxy s Authorized VOs from either grid-mapfile or GACL file s Supports ‘old-style’ user proxies as well n Documentation: s LCAS: s GACL:

Martijn Steenbakkers – Gridification progress report – Heidelberg Local Credential Mapping Service (LCMAPS) LCMAPS (integrated in dev tb, EDG 2.1) n Plug-in framework, driven by comprehensive policy description language n Mapping based on user identity, VO affiliation, site-local policy n Provides local credentials needed for jobs in fabric n Supports standard UNIX credentials (incl. pool accounts) n LCFG object: edg-lcfg-lcmaps-1.0 n To be done: AFS/Krb5 support: November ? n Documentation: lcmaps http:// lcmaps

Martijn Steenbakkers – Gridification progress report – Heidelberg LCMAPS – modules u Modules represent atomic functionality u Standard acquisition modules: lcmaps_localaccount.mod : from user DN assign local UID lcmaps_poolaccount.mod : from user DN assign UID from pool u VOMS acquisition modules: lcmaps_voms.mod : extract VOMS info from proxy lcmaps_voms_localgroup.mod : assign GID based on VOMS info lcmaps_voms_poolgroup.mod : assign GID from pool, based on VOMS info lcmaps_voms_poolaccount.mod : assign UID from pool, based on DN, VOMS and GIDs u Enforcement modules lcmaps_posix_enf.mod : setreuid(), setregid() and setgroups() in gatekeeper process lcmaps_ldap_end.mod : update distributed user database u In progress n Get AFS/Krb5 token based on user DN (gssklog) u …

Martijn Steenbakkers – Gridification progress report – Heidelberg edg-gatekeeper u Current version: edg-gatekeeper u Supports LCAS (either ‘dlopened’ or linked in) u Supports LCMAPS (either ‘dlopened’ or linked in) u New version supports the server version of LCAS

Martijn Steenbakkers – Gridification progress report – Heidelberg Integration LCAS & LCMAPS u Basic integration finished end of last week n A few problems with VOMS servers and the like are solved n VOMS servers only for ITeam and WP6 u LCMAPS edg-lcfg-lcmaps works fine n Involves one manual step: creation of a groupmapfile (use edgl-lcfg-filecopy object !) n default EDG LCMAPS configuration: No LDAP, No poolgroups u LCAS edg-lcas-voms2gacl creates LCAS GACL file automatically from grid-mapfile u Testing on the development testbed continues … (?)

Martijn Steenbakkers – Gridification progress report – Heidelberg To be done u Job repository n Store job status, local credential mapping (plugin LCMAPS), job description, user proxy, global job ID (from jobmanager) n Repository and access API n LDAP directory n Foreseen delivery: October/November u AFS/Kerberos support in LCMAPS n Foreseen delivery: November ? u LCAS server implementation n May involve a few changes in the edg-gatekeeper n Foreseen delivery: November n (From GACL to XACML) ? u Give support for edg-gatekeeper, LCAS, and LCMAPS

Martijn Steenbakkers – Gridification progress report – Heidelberg Dissemination u GGF (various WG and RG: authorization WG, site AAA RG) u Evaluation by PPDG/GriPhyN projects u In the Netherlands: VL-E (Virtual Laboratory for E-science)

Martijn Steenbakkers – Gridification progress report – Heidelberg

Timetable gridification components ComponentReleaseIntegration LCMAPS-1.0 (+ edg- gatekeeper-2.2) End of JuneJuly ? (after VOMS) LCAS-2.0 (server + VOMS plugin) End of July/AugustSeptember Job RepositoryEnd of August ?September ?? FLIDSSeptember?? FABNATNovember??

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.