May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,

Slides:

Advertisements

Similar presentations

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Advertisements

Dec 14, 20061/10 VO Services Project – Status Report Gabriele Garzoglio VO Services Project WBS Dec 14, 2006 OSG Executive Board Meeting Gabriele Garzoglio.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Site Authorization Service (SAZ) at Fermilab Vijay Sekhri and Igor Mandrichenko Fermilab CHEP03, March 25, 2003.

GUMS status Gabriele Carcassi PPDG Common Project 12/9/2004.

OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.

Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.

VOMRS/VOMS-Admin 2.0.x 2.5.x comparison Mar 28, 2008 Middleware Security Group Meeting Tanya Levshina and Gabriele Garzoglio Computing Division, Fermilab.

1 Software & Grid Middleware for Tier 2 Centers Rob Gardner Indiana University DOE/NSF Review of U.S. ATLAS and CMS Computing Projects Brookhaven National.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Jan 2010 Current OSG Efforts and Status, Grid Deployment Board, Jan 12 th 2010 OSG has weekly Operations and Production Meetings including US ATLAS and.

Open Science Grid Software Stack, Virtual Data Toolkit and Interoperability Activities D. Olson, LBNL for the OSG International.

OSG Security Review Mine Altunay June 19, June 19, Security Overview Current Initiatives  Incident response procedure – top priority (WBS.

OSG Services at Tier2 Centers Rob Gardner University of Chicago WLCG Tier2 Workshop CERN June 12-14, 2006.

OSG Middleware Roadmap Rob Gardner University of Chicago OSG / EGEE Operations Workshop CERN June 19-20, 2006.

VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.

Apr 30, 20081/11 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Apr 30, 2008 Gabriele Garzoglio.

PanDA Multi-User Pilot Jobs Maxim Potekhin Brookhaven National Laboratory Open Science Grid WLCG GDB Meeting CERN March 11, 2009.

Mine Altunay OSG Security Officer Open Science Grid: Security Gateway Security Summit January 28-30, 2008 San Diego Supercomputer Center.

SAMGrid as a Stakeholder of FermiGrid Valeria Bartsch Computing Division Fermilab.

Mar 28, 20071/9 VO Services Project Gabriele Garzoglio The VO Services Project Don Petravick for Gabriele Garzoglio Computing Division, Fermilab ISGC 2007.

VOMRS/VOMS-Admin Convergence and VO Services Project Status Tanya Levshina Computing Division, Fermilab.

May 11, 20091/17 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting May 11, 2009 Gabriele Garzoglio.

Grid User Management System Gabriele Carcassi HEPIX October 2004.

Jan 10, 20091/16 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Jan 10, 2009 Gabriele Garzoglio.

Global Grid Forum GridWorld GGF15 Boston USA October Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Mine Altunay July 30, 2007 Security and Privacy in OSG.

Ruth Pordes November 2004TeraGrid GIG Site Review1 TeraGrid and Open Science Grid Ruth Pordes, Fermilab representing the Open Science.

Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.

Apr 26, 20071/3 OSG Executive Board Meeting Gabriele Garzoglio OSG Executive Board Meeting Gabriele Garzoglio VO Services, PL Computing Division, Fermilab.

Open Science Grid (OSG) Introduction for the Ohio Supercomputer Center Open Science Grid (OSG) Introduction for the Ohio Supercomputer Center February.

OSG Integration Activity Report Rob Gardner Leigh Grundhoefer OSG Technical Meeting UCSD Dec 16, 2004.

VO Privilege Activity. The VO Privilege Project develops and implements fine-grained authorization to grid- enabled resources and services Started Spring.

OSG AuthZ components Dane Skow Gabriele Carcassi.

G Z LIGO's Physics at the Information Frontier Grant and OSG: Update Warren Anderson for Patrick Brady (PIF PI) OSG Executive Board Meeting Caltech.

USATLAS deployment We currently use VOMS Role based authorization in production within USATLAS. In the VO we have defined 4 groups/roles that satisfy our.

Mar 27, gLExec Accounting Solutions in OSG Gabriele Garzoglio gLExec Accounting Solutions in OSG Mar 27, 2008 Middleware Security Group Meeting Igor.

April 26, Executive Director Report Executive Board 4/26/07 Things under control Things out of control.

Jun 12, 20071/17 AuthZ Interoperability – Status and Plan Gabriele Garzoglio AuthZ Interoperability Status and Plans June 12, 2007 Middleware Security.

AstroGrid-D Meeting MPE Garching, M. Braun VO Management.

Virtual Organization Membership Service eXtension (VOX) Ian Fisk On behalf of the VOX Project Fermilab.

OSG Site Admin Workshop - Mar 2008Using gLExec to improve security1 OSG Site Administrators Workshop Using gLExec to improve security of Grid jobs by Alain.

Eileen Berman. Condor in the Fermilab Grid FacilitiesApril 30, 2008  Fermi National Accelerator Laboratory is a high energy physics laboratory outside.

Sep 25, 20071/5 Grid Services Activities on Security Gabriele Garzoglio Grid Services Activities on Security Gabriele Garzoglio Computing Division, Fermilab.

OSG Area Coordinator’s Report: Workload Management Maxim Potekhin BNL May 8 th, 2008.

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

OSG Deployment Preparations Status Dane Skow OSG Council Meeting May 3, 2005 Madison, WI.

Jun 18, 20071/26 Security Policies and Middleware in OSG Gabriele Garzoglio Security Policies and Middleware in OSG June 18, 2007 JRA1 All Hands Meeting.

INFSO-RI Enabling Grids for E-sciencE SAML-XACML interoperability Oscar Koeroo.

VOX Project Tanya Levshina. 05/17/2004 VOX Project2 Presentation overview Introduction VOX Project VOMRS Concepts Roles Registration flow EDG VOMS Open.

Area Coordinator Report for Operations Rob Quick 4/10/2008.

Sep 17, 20081/16 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Sep 17, 2008 Gabriele Garzoglio.

VOX Project Status T. Levshina. 5/7/2003LCG SEC meetings2 Goals, team and collaborators Purpose: To facilitate the remote participation of US based physicists.

Feb 15, 20071/6 OSG EB Meeting – VO Services Status Gabriele Garzoglio VO Services Status OSG EB Meeting Feb 15, 2007 Gabriele Garzoglio, Fermilab.

Site Authorization Service Local Resource Authorization Service (VOX Project) Vijay Sekhri Tanya Levshina Fermilab.

1 Open Science Grid: Project Statement & Vision Transform compute and data intensive science through a cross- domain self-managed national distributed.

CMS Experience with the Common Analysis Framework I. Fisk & M. Girone Experience in CMS with the Common Analysis Framework Ian Fisk & Maria Girone 1.

OSG Status and Rob Gardner University of Chicago US ATLAS Tier2 Meeting Harvard University, August 17-18, 2006.

VO Management Tanya Levshina Computing Division, Fermilab.

Parag Mhashilkar Computing Division, Fermilab.  Status  Effort Spent  Operations & Support  Phase II: Reasons for Closing the Project  Phase II:

April 18, 2006FermiGrid Project1 FermiGrid Project Status April 18, 2006 Keith Chadwick.

Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid ConsortiumCHEP 2006 Mumbai INDIA February gPLAZMA:

VOX Project Status Report Tanya Levshina. 03/10/2004 VOX Project Status Report2 Presentation overview Introduction Stakeholders, team and collaborators.

Open Science Grid Progress and Status

Monitoring and Information Services Technical Group Report

f f FermiGrid – Site AuthoriZation (SAZ) Service

Leigh Grundhoefer Indiana University

Presentation transcript:

May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division, Fermilab Gabriele Garzoglio

May 8, 20072/15 VO Services Project – Status Report Gabriele Garzoglio Overview Status Effort Closing Phase II –Phase I closed as VO Privilege Project on transition from Ian Fisk a year ago Phase III ?

May 8, 20073/15 VO Services Project – Status Report Gabriele Garzoglio Project Definition From Project Database: “The VO Services project provides user registration services and fine-graned access management to computing and storage resources on the Grid.”

May 8, 20074/15 VO Services Project – Status Report Gabriele Garzoglio synchronizes VO Services Architecture

May 8, 20075/15 VO Services Project – Status Report Gabriele Garzoglio WBS Update since last status Nov 2006 Support ongoing for all of the above. Integration with ML not needed - ML deprecated on OSG GUMS monitor in place at GOC. Still want to improve validation framework Scalability measur. by end of Phase II

May 8, 20076/15 VO Services Project – Status Report Gabriele Garzoglio Memory leak fix released to all of OSG. GUMS release V1.2 developed and in test addresses many but not all requests GPlazma deployed. gLExec deployed (see Igor’s talk)

May 8, 20077/15 VO Services Project – Status Report Gabriele Garzoglio VOMRS developments done (see slides from Tanya) Work on longer term roadmap proceeding and now defined as VO Services / Grid Security Services Phase III.

May 8, 20078/15 VO Services Project – Status Report Gabriele Garzoglio Deployment on OSG The authorization system GUMS has been deployed at O(10) sites –US CMS T2 centers and T1 at FNAL –US ATLAS T2 centers and T1 at BNL –FermiGrid (includes SAZ) et al. US CMS, US ATLAS, DZero, et al. have defined roles that are implemented within VOMS. Sites configure GUMS (PDP) to implement local identity mapping

May 8, 20079/15 VO Services Project – Status Report Gabriele Garzoglio Effort Disclaimer: effort from John Weigand NOT reported (~20%) Change of Project Leadership Start Phase II New Reporting Activities

May 8, /15 VO Services Project – Status Report Gabriele Garzoglio Closing Project Phase II Deliverable of Phase II are due in the time scale of OSG V0.8.0 release (Aug 07): GUMS v1.2 implementing most of WBS items above. LIGO Authentication Requirements (see Igor’s Talk) gLExec deployment for CDF/CMS (see Igor’s Talk). –Will be in VDT. gPlazma –Deployment underway. Further development and maintenance part of dCache. –Storage role/access requirements part of Phase III VOMRS 1.3. Part of VDT release in May –CERN (01/07), Fermilab (04/07), APAC (11/06)

May 8, /15 VO Services Project – Status Report Gabriele Garzoglio New Request from OSG Document current use of credential attributes precisely and completely. –Document how attributes are used by VOs and Sites. –Due for OSG Blueprint meeting Jun 7. –Identify inconsistencies. –Record typical sites configurations. Use as a basis in OSG and at Fermilab to discuss future directions.

May 8, /15 VO Services Project – Status Report Gabriele Garzoglio Options for Phase III? Phase II of the project is minimally operations and maintenance for the stakeholders. Will require ~0.5 FTE. –May be new requirements to meet interoperability with EGEE once Job Prioritization really in use. –May be new requirements to meet security requirements of Fermilab and other sites. Could include completing current requests for GUMS (V2.0) (~6 FTE months. Request for BNL to continue OSG support for GUMS development is under discussion). Improve: –configuration management (hot swapping configs) –usability (access historical mapping information, full role-mapping to pool accounts) –debugging capabilities –redundant service configurations (with FermiGrid)

May 8, /15 VO Services Project – Status Report Gabriele Garzoglio Goals for Phase III ? Interface/integrate/migrate OSG AuthZ components more into emerging standards. Set path for less effort in the future Prepare for use of new AuthN mechanisms (ie Shiboleth). VOMRS –Interface to Shib; Use more standard workflow engine, persistency, UI technology Accounting integration : Interface roles GRAM-Auditing and Gratia Support finer-grain access to Storage –SRM/dCache does not manage privileges directly via X509 credential attributes. UID, GID, Root Path, … mappings are required. –Stakeholders are interested in supporting combinations of read / write accesses to files / directories by VO, VO groups, and group roles. Improve software stack validation and regression tests across releases. Ongoing OSG - EGEE AuthZ interoperability. Already started: –Globus develops the common library (based on XACML2/SAML2): β-version released on schedule (Apr 07). –Understanding and feeding back OSG and EGEE requirements: implementation of some key features estimated for June –Holding regular meetings (Oct 06, Feb 07, Mar 07, Apr 07, planned Jun 07)

May 8, /15 VO Services Project – Status Report Gabriele Garzoglio What about Policy ? Currently no mechanism to define VO authorization policies and apply them consistently across sites. –SBIR Phase I grant approved More maintainable authentication management by implementing certificate validation service site-centralized. Integration with distributed Identity Management Services (Shibboleth)

May 8, /15 VO Services Project – Status Report Gabriele Garzoglio How do we decide the roadmap? Complete Phase II in August. Review and respond to “Credential Attribute Usage Paper”. Establish commitment of EGEE to common protocols: Visit to EGEE in June. Establish commitment of Globus to collaboration: Deliverables in progress. Update the requirements of stakeholders for Policy definition and enforcement. Briefing to CD in July as part of the activity based budget planning?