VOX Project Status Report Tanya Levshina. 03/10/2004 VOX Project Status Report2 Presentation overview Introduction Stakeholders, team and collaborators.

Slides:

Advertisements

Similar presentations

Data Management Expert Panel - WP2. WP2 Overview.

Advertisements

Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.

Dec 14, 20061/10 VO Services Project – Status Report Gabriele Garzoglio VO Services Project WBS Dec 14, 2006 OSG Executive Board Meeting Gabriele Garzoglio.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Site Authorization Service (SAZ) at Fermilab Vijay Sekhri and Igor Mandrichenko Fermilab CHEP03, March 25, 2003.

GUMS status Gabriele Carcassi PPDG Common Project 12/9/2004.

CMS Applications Towards Requirements for Data Processing and Analysis on the Open Science Grid Greg Graham FNAL CD/CMS for OSG Deployment 16-Dec-2004.

Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

VOMRS/VOMS-Admin 2.0.x 2.5.x comparison Mar 28, 2008 Middleware Security Group Meeting Tanya Levshina and Gabriele Garzoglio Computing Division, Fermilab.

1 Software & Grid Middleware for Tier 2 Centers Rob Gardner Indiana University DOE/NSF Review of U.S. ATLAS and CMS Computing Projects Brookhaven National.

A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.

NGOP J.Fromm K.Genser T.Levshina M.Mengel V.Podstavkov.

Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases Copyright Wonderlane Studios.

LHC Experiment Dashboard Main areas covered by the Experiment Dashboard: Data processing monitoring (job monitoring) Data transfer monitoring Site/service.

The SAM-Grid Fabric Services Gabriele Garzoglio (for the SAM-Grid team) Computing Division Fermilab.

OSG Services at Tier2 Centers Rob Gardner University of Chicago WLCG Tier2 Workshop CERN June 12-14, 2006.

VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.

INFSO-RI Enabling Grids for E-sciencE Logging and Bookkeeping and Job Provenance Services Ludek Matyska (CESNET) on behalf of the.

May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,

A DΙgital Library Infrastructure on Grid EΝabled Technology ETICS Usage in DILIGENT Pedro Andrade

G RID M IDDLEWARE AND S ECURITY Suchandra Thapa Computation Institute University of Chicago.

Apr 30, 20081/11 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Apr 30, 2008 Gabriele Garzoglio.

Mar 28, 20071/9 VO Services Project Gabriele Garzoglio The VO Services Project Don Petravick for Gabriele Garzoglio Computing Division, Fermilab ISGC 2007.

The huge amount of resources available in the Grids, and the necessity to have the most up-to-date experimental software deployed in all the sites within.

Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.

VOMRS/VOMS-Admin Convergence and VO Services Project Status Tanya Levshina Computing Division, Fermilab.

Fermilab Distributed Monitoring System (NGOP) Progress Report J.Fromm K.Genser T.Levshina M.Mengel V.Podstavkov.

Grid User Management System Gabriele Carcassi HEPIX October 2004.

Global Grid Forum GridWorld GGF15 Boston USA October Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Mine Altunay July 30, 2007 Security and Privacy in OSG.

Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

EGEE User Forum Data Management session Development of gLite Web Service Based Security Components for the ATLAS Metadata Interface Thomas Doherty GridPP.

US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.

DGC Paris WP2 Summary of Discussions and Plans Peter Z. Kunszt And the WP2 team.

6/23/2005 R. GARDNER OSG Baseline Services 1 OSG Baseline Services In my talk I’d like to discuss two questions:  What capabilities are we aiming for.

VO Privilege Activity. The VO Privilege Project develops and implements fine-grained authorization to grid- enabled resources and services Started Spring.

OSG AuthZ components Dane Skow Gabriele Carcassi.

VO Membership Registration Workflow, Policies and VOMRS software (VOX Project) Tanya Levshina Fermilab.

System/SDWG Update Management Council Face-to-Face Flagstaff, AZ August 22-23, 2011 Sean Hardman.

The SEE-GRID-SCI initiative is co-funded by the European Commission under the FP7 Research Infrastructures contract no Workflow repository, user.

Virtual Organization Membership Service eXtension (VOX) Ian Fisk On behalf of the VOX Project Fermilab.

Auditing Project Architecture VERY HIGH LEVEL Tanya Levshina.

Sep 25, 20071/5 Grid Services Activities on Security Gabriele Garzoglio Grid Services Activities on Security Gabriele Garzoglio Computing Division, Fermilab.

1Maria Dimou- cern-it-gd LCG November 2007 GDB October 2007 VOM(R)S Workshop report Grid Deployment Board.

Daniele Spiga PerugiaCMS Italia 14 Feb ’07 Napoli1 CRAB status and next evolution Daniele Spiga University & INFN Perugia On behalf of CRAB Team.

April 25, 2006Parag Mhashilkar, Fermilab1 Resource Selection in OSG & SAM-On-The-Fly Parag Mhashilkar Fermi National Accelerator Laboratory Condor Week.

Last update 29/02/ :31 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD VOMS status IT GD Group Meeting

VOX Project Tanya Levshina. 05/17/2004 VOX Project2 Presentation overview Introduction VOX Project VOMRS Concepts Roles Registration flow EDG VOMS Open.

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

Sep 17, 20081/16 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Sep 17, 2008 Gabriele Garzoglio.

VOX Project Status T. Levshina. 5/7/2003LCG SEC meetings2 Goals, team and collaborators Purpose: To facilitate the remote participation of US based physicists.

Last update 13/03/ :11 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD Status of the Task Force for User Registration of LHC Experiment Users

Site Authorization Service Local Resource Authorization Service (VOX Project) Vijay Sekhri Tanya Levshina Fermilab.

The GridPP DIRAC project DIRAC for non-LHC communities.

Towards deploying a production interoperable Grid Infrastructure in the U.S. Vicky White U.S. Representative to GDB.

1Maria Dimou- cern-it-gd LCG End of the Task Force for VO User Registration of LHC Experiment Users Grid Deployment.

VOX Project Status T. Levshina. 8/06/2003VOX Project Status Report2 Task List and Schedule for Virtual Organization and Related Work for USCMS vs. 1.0.

VO Management Tanya Levshina Computing Division, Fermilab.

Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,

Overview of the New Security Model Akos Frohner (CERN) WP8 Meeting VI DataGRID Conference Barcelone, May 2003.

April 18, 2006FermiGrid Project1 FermiGrid Project Status April 18, 2006 Keith Chadwick.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Introduction Salma Saber Electronic.

Grid Colombia Workshop with OSG Week 2 Startup Rob Gardner University of Chicago October 26, 2009.

Virtual Organization Management Registration Service (VOMRS) T. Levshina J. Weigand S. White Co-Authors: L. Bauerdick, G. Carcassi, I. Fisk, A. Heavey,

David Kelsey CCLRC/RAL, UK

A Model for Grid User Management

Leigh Grundhoefer Indiana University

Presentation transcript:

VOX Project Status Report Tanya Levshina

03/10/2004 VOX Project Status Report2 Presentation overview Introduction Stakeholders, team and collaborators VOX Project VOX Components VOMRS Status –To be done by April 1st –Open issues –Next phase SAZ Status LRAS Status Summary

03/10/2004 VOX Project Status Report3 Introduction US CMS, SDSS, and iVDGL have sponsored an effort at Fermilab, the VOX Project (VO Management Service eXtension), to investigate and implement the requirements, both policy-related and technical, for admitting collaborators into a VO, and facilitating and monitoring their authorization to access the available grid resources. This effort has resulted in a study and understanding of the necessary workflow, and the creation of prototype registration and VO management, site and local resources authorization services.

03/10/2004 VOX Project Status Report4 Stakeholders, Team and Collaborators Stakeholders: –US CMS (L. Bauerdick) –Fermilab Computing Facility (D. Skow) –iVDGL (R. Gardner) –SDSS (J. Annis) Team: –T. Levshina – Fermilab –L. Grundhoefer – iVDGL –A. Heavey (technical writer) – Fermilab –V. Sekhri – SDSS/iVDGL, Fermilab –J. Weigand – Fermilab –Y. Wu – Fermilab Collaborators –BNL(R. Baker, D. Yu) – VOMRS architecture, registration process, common interfaces –EDG/Data Tag (V. Ciaschini, A. Frohner) – VOMS core and admin software –VDT (U of Wisconsin), Virginia Tech (Markus Lorch) - ongoing communication and agreements with Globus on gatekeeper and authorization callouts

03/10/2004 VOX Project Status Report5 VOX Project VOX Goals: –to understand and model the registration workflow: Done –to provide VO registration mechanism: Done –to negotiate and monitor member authorization to grid resources: Partially done –End Goal:To facilitate the remote participation of physicists in effective and timely analysis of data from the LHC experiments during DC04: To be determined VOMS EDG SAZ LRAS VOMRS Fermilab Grid Cluster Gatekeeper & callouts Local Center Registration Service

03/10/2004 VOX Project Status Report6 VOX Components VOMRS (VO Membership Registration Service) provides a registration service that –allows a single point of registration with a VO –facilitates, negotiates and monitors the process of a member’s authorization to grid resources –provides centralized storage of membership information and a means to query said information LRAS (Local Resource Authorization Service) automates and facilitates the process of managing fine grain access to a local grid element –stores a subset of VO membership information and maps a VO member to a local account Gatekeeper authorization callouts (in agreement with standard adopted by Globus, EDG, FNAL, and Virginia Tech). SAZ (Site Authorization Service) allows security authorities of the local site to control access to the site’s resources VOMS EDG Admin service provides centralized storage of member dn,ca, groups and roles, means to handle this data. VOMS EDG Core service gives out extended proxy upon member’s request.

03/10/2004 VOX Project Status Report7 VOMRS Status Version 1.0 has been released. It consists of: –Server that is handling event notifications and synchronization with VOMS –WEB UI and Web Services that provide means for member registration, role and group assignments, and various administrative tasks –VOMRS database, scripts to facilitate its initial creation and population –Scripts to start/stop server and client –Configuration files that control behavior of the server, WEB UI and database setting –Documentation RPMs (for server and client) are available on: – User Documentation is available on: Test installation is running on (valid certificate is required to login):

03/10/2004 VOX Project Status Report8 To be done by April 1st More documentation: –Update VOMRS Architecture document –Update VOMRS database schema document –Comprehensive Administration Guide –Developer Guide (usage of WEB services and CLI) Scripts that facilitate database management More packaging options: –ups –pacman Testing synchronization flow with new VOMS admin software release (not available yet)

03/10/2004 VOX Project Status Report9 Open Issues More complicated logic needsto be implemented to handle deletion of Institution, Certificate Authorities Membership suspension mechanism should be more sophisticated (reason for suspension should be provided and stored for auditing) Suspension of a specific DN & CA that has been compromised Responsibilities of Sites are not really finalized –Should VO have up to date list of banned users per each site –Should it be mandatory to notify VO about approved/denied member’s authorization status during the registration process with a site Database issues: –Transition to ORACLE –Replication –Report Generation

03/10/2004 VOX Project Status Report10 Next phase VOMRS test: –Tentative agreement to install and try VOMRS at CERN (Maria Dimou) –Some interest to try our test installation has been expressed by BNL (R. Baker) –M. Helms (the coordinator of the ESNET DOEGrids CA) wants to try it out Installation on Grid2003 test node: –Come up with deployment plan –Install it on one of Grid2003 test node after April 1 st –After extensive testing: Allow new user to register Synchronize with VOMRS database with current VOMS(s) database that are used on Grid3 cluster –Provide software and maintenance support during this time

03/10/2004 VOX Project Status Report11 SAZ Status SAZ beta version is released. It consists of: –Server that verifies user authorization –DB that stores user’s information (principal, DN & CA, status) –Client that is invoked as Gatekeeper plugins –Admin Server that handles administrative tasks (addition/deletion of users, modification of status, etc) –AI/UI Client that is a front end for the admin/user –Configuration script and file –Database management scripts –Documentation SAZ software is available for download: Installed at Fermi by security team Successfully used on CMS grid deployment testbed for several months Production support is transferred to security team Software support is transferred to CCF/MAP (G. Garzoglio, V. Sekhri is ready to help as well)

03/10/2004 VOX Project Status Report12 LRAS Status LRAS alpha version is released. It consists of: –Server that authorizes/denies the user's access to the local cluster and provides a mapping between the user proxy information and the abstract resource known to the server –Database that contains the list of known VOs, the list of groups within the VO, available abstract resources, the list of users', their access status and mapping to UNIX id and the list of resources associated with each user –Update Daemon that fetches the groups and member information from the multiple VOs and populates the LRAS database –Client API allows a client (e.g. gatekeeper, storage element) to connect with the LRAS Server and fetch the user's related information –Admin GUI is a graphical user interface that is used to facilitate LRPs to manage user access status, introduce new resources and map them to a particular user (CLI is also provided) –Configuration script and file –Database management scripts –Documentation (see also ) LRAS can be download from: More work is needed to satisfied constantly emerging new requirements

03/10/2004 VOX Project Status Report13 Summary Thanks to all developers for their hard work! Special thanks to Anne Heavey for her work on documentation and definition of vague and sometimes controversial terminology. We greatly appreciate discussions, support and software contributions provided by our stakeholders and collaborators. We all have spent substantial time and effort understanding the issues involved, modeling the workflow and developing a system to implement it. There are a lot of issues that remain. We believe that we need to wait for feedback from VO users and administrators before we can continue any new development. More info: