May 11, 20091/17 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting May 11, 2009 Gabriele Garzoglio.

Slides:



Advertisements
Similar presentations
Global Grid Forum GridWorld GGF15 Boston USA October Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science.
Advertisements

EGEE-II INFSO-RI Enabling Grids for E-sciencE The gLite middleware distribution OSG Consortium Meeting Seattle,
Dec 14, 20061/10 VO Services Project – Status Report Gabriele Garzoglio VO Services Project WBS Dec 14, 2006 OSG Executive Board Meeting Gabriele Garzoglio.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
GUMS status Gabriele Carcassi PPDG Common Project 12/9/2004.
OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.
Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
Jan 2010 Current OSG Efforts and Status, Grid Deployment Board, Jan 12 th 2010 OSG has weekly Operations and Production Meetings including US ATLAS and.
Makrand Siddhabhatti Tata Institute of Fundamental Research Mumbai 17 Aug
INFSO-RI Enabling Grids for E-sciencE SAML-XACML AuthZ Interface Analysis and design suggestions Yuri Demchenko SNE Group, University.
> > AuthZ Interop report out for the authz-interop.org collaboration David Groep, with many thanks to Dave Dykstra’s CHEP talk.
VO Management in D-Grid, 2. WS, H. Enke (AstroGrid-D) AGD Grid Account Management.
Open Science Grid Software Stack, Virtual Data Toolkit and Interoperability Activities D. Olson, LBNL for the OSG International.
Status of the Adoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware 1/17 Status of the Adoption of a SAML-XACML Profile.
OSG Services at Tier2 Centers Rob Gardner University of Chicago WLCG Tier2 Workshop CERN June 12-14, 2006.
OSG Middleware Roadmap Rob Gardner University of Chicago OSG / EGEE Operations Workshop CERN June 19-20, 2006.
VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.
May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
G RID M IDDLEWARE AND S ECURITY Suchandra Thapa Computation Institute University of Chicago.
Apr 30, 20081/11 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Apr 30, 2008 Gabriele Garzoglio.
PanDA Multi-User Pilot Jobs Maxim Potekhin Brookhaven National Laboratory Open Science Grid WLCG GDB Meeting CERN March 11, 2009.
Mine Altunay OSG Security Officer Open Science Grid: Security Gateway Security Summit January 28-30, 2008 San Diego Supercomputer Center.
Mar 28, 20071/9 VO Services Project Gabriele Garzoglio The VO Services Project Don Petravick for Gabriele Garzoglio Computing Division, Fermilab ISGC 2007.
OSG Security Review Mine Altunay December 4, 2008.
VOMRS/VOMS-Admin Convergence and VO Services Project Status Tanya Levshina Computing Division, Fermilab.
Jan 10, 20091/16 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Jan 10, 2009 Gabriele Garzoglio.
Global Grid Forum GridWorld GGF15 Boston USA October Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks JRA1 summary Claudio Grandi EGEE-II JRA1.
March 2, 20101/20 An XACML profile and implementation for Authorization Interoperability An XACML profile and implementation for Authorization Interoperability.
Status of the Adoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware 1/18 Status of the Adoption of a SAML-XACML Profile.
Mine Altunay July 30, 2007 Security and Privacy in OSG.
Status of the Adoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware 1/17 Status of the Adoption of a SAML-XACML Profile.
Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.
Apr 26, 20071/3 OSG Executive Board Meeting Gabriele Garzoglio OSG Executive Board Meeting Gabriele Garzoglio VO Services, PL Computing Division, Fermilab.
Oct 19, 20101/16 Adoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware in OSG and EGEE CHEP 2010 Oct 19, 2010 Gabriele.
VO Privilege Activity. The VO Privilege Project develops and implements fine-grained authorization to grid- enabled resources and services Started Spring.
OSG AuthZ components Dane Skow Gabriele Carcassi.
Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.
Mar 27, gLExec Accounting Solutions in OSG Gabriele Garzoglio gLExec Accounting Solutions in OSG Mar 27, 2008 Middleware Security Group Meeting Igor.
Jun 12, 20071/17 AuthZ Interoperability – Status and Plan Gabriele Garzoglio AuthZ Interoperability Status and Plans June 12, 2007 Middleware Security.
AstroGrid-D Meeting MPE Garching, M. Braun VO Management.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks New Authorization Service Christoph Witzig,
Eileen Berman. Condor in the Fermilab Grid FacilitiesApril 30, 2008  Fermi National Accelerator Laboratory is a high energy physics laboratory outside.
Sep 25, 20071/5 Grid Services Activities on Security Gabriele Garzoglio Grid Services Activities on Security Gabriele Garzoglio Computing Division, Fermilab.
Jun 18, 20071/26 Security Policies and Middleware in OSG Gabriele Garzoglio Security Policies and Middleware in OSG June 18, 2007 JRA1 All Hands Meeting.
INFSO-RI Enabling Grids for E-sciencE SAML-XACML interoperability Oscar Koeroo.
INFSO-RI Enabling Grids for E-sciencE AuthZ Interop: A common XACML Profile ( Bonus material about the implementation) Oscar Koeroo.
Sep 17, 20081/16 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Sep 17, 2008 Gabriele Garzoglio.
VOX Project Status T. Levshina. 5/7/2003LCG SEC meetings2 Goals, team and collaborators Purpose: To facilitate the remote participation of US based physicists.
Feb 15, 20071/6 OSG EB Meeting – VO Services Status Gabriele Garzoglio VO Services Status OSG EB Meeting Feb 15, 2007 Gabriele Garzoglio, Fermilab.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks OpenSAML extension library and API to support.
OSG Status and Rob Gardner University of Chicago US ATLAS Tier2 Meeting Harvard University, August 17-18, 2006.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Job Management Claudio Grandi.
SVOPME A Scalable Virtual Organization Privileges Management Environment CHEP 2009 Mar 24, 2009 Funded by DOE OASCR SBIR Grant #DE-FG02-07ER84733 Eileen.
VO Management Tanya Levshina Computing Division, Fermilab.
Parag Mhashilkar Computing Division, Fermilab.  Status  Effort Spent  Operations & Support  Phase II: Reasons for Closing the Project  Phase II:
April 18, 2006FermiGrid Project1 FermiGrid Project Status April 18, 2006 Keith Chadwick.
Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid ConsortiumCHEP 2006 Mumbai INDIA February gPLAZMA:
INFSO-RI Enabling Grids for E-sciencE GUMS vs. LCMAPS Oscar Koeroo.
INFSO-RI Enabling Grids for E-sciencE SCAS Progress Oscar Koeroo.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Argus gLite Authorization Service Workplan.
JRA1 Middleware re-engineering
Argus EMI Authorization Integration
f f FermiGrid – Site AuthoriZation (SAZ) Service
AuthZ Interop report out
Overview OSG & EGEE Authorization Models
Presentation transcript:

May 11, 20091/17 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting May 11, 2009 Gabriele Garzoglio Computing Division, Fermilab Overview 1.Action Items from previous meetings 2.Deliverables of Phase III 3.Focus The AuthZ Interop project is closing down Status of the VOMRS / VOMS-admin convergence. 4.Closing activities Maintenance plan and potential risks 5.Stakeholders' input

May 11, 20092/17 VO Services Project – Stakeholders’ Meeting Action Items from Past Meeting Distribute list of features in vomrs/voms- admin convergence project to interested parties (Mine Burt). Done Discuss gLExec move to GlideIn WMS project with Atlas representatives (Torre, Maxim, Jose). Done Hold future update meeting on vomrs/voms- admin convergence. See status below Discuss AuthZ Interop architecture w.r.t. LIGO and WS-GK v4.2 with Mine. Considered Done ? Gabriele Garzoglio

May 11, 20093/17 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting May 11, 2009 Gabriele Garzoglio Computing Division, Fermilab Overview 1.Action Items from previous meetings 2.Deliverables of Phase III 3.Focus The AuthZ Interop project is closing down Status of the VOMRS / VOMS-admin convergence. 4.Closing activities Maintenance plan and potential risks 5.Stakeholders' input

May 11, 20094/17 VO Services Project – Stakeholders’ Meeting Deliverables of Phase III OSG / EGEE Authorization Interoperability (*) Support Storage Groups in Defining Next Generation Storage Authorization Models Convergence of VOMS-admin with VOMRS (*) Investigate Mechanisms to Define and Enforce VO and Site AuthZ Policies (SVOPME w/ TechX) Provide a validation tool for AuthZ config. in OSG Enable VOMS-signed Attribute Certificate Validation at OSG Resource gateways Gabriele Garzoglio Legend: DONE IN-PROGRESS NOT-DONE * see discussion later

May 11, 20095/17 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting May 11, 2009 Gabriele Garzoglio Computing Division, Fermilab Overview 1.Action Items from previous meetings 2.Deliverables of Phase III 3.Focus The AuthZ Interop project is closing down Status of the VOMRS / VOMS-admin convergence. 4.Closing activities Maintenance plan and potential risks 5.Stakeholders' input

May 11, 20096/17 VO Services Project – Stakeholders’ Meeting Authorization Interoperability Status Software stack certified in EGEE and OSG. Currently being deployed. Middleware Integrated: –Pre-WS Globus GK & GridFTP (PRIMA) –WS-GK v4.2 for “simple” jobs (Native interface) –gLExec (L&L / PRIMA) –SRM/dCache (gPlazma/privilege.jar) & BeStMan (privilege.jar) –PDP: GUMS (privilege.jar) / SCAS Still missing: –WS-GT4.2 for Delegation and RFT (waiting on OSG) –GridFTP / Native interface –WS-GT4.0 : AuthZ Interop integration NOT PLANNED –PDP: SAZ –VOMS PIP incubator project: collab FNAL / ANL / INFN Closing after successfully proven production deployment (Est. 06/09) Gabriele Garzoglio

May 11, 20097/17 VO Services Project – Stakeholders’ Meeting Future of Authorization ? Using AuthZ Interop: –Software developed in the US/EU can seamlessly be deployed in the EU/US –Software groups in EGEE/OSG and Globus can share and reuse common code OSG can use EGEE call-out (L&L/SCAS) directly (requires some development, including for gLExec monitoring) Interaction with new EGEE AuthZ Service? –Steven Newhouse wants v1 to be compatible with AuthZ Interop. Gabriele Garzoglio

May 11, 20098/17 VO Services Project – Stakeholders’ Meeting PRIMA Pre-WS GK GUMS SAML1 XACML2 SCAS XACML2 SAZ Internal XACML2 GridFTPgLExec WS GK v4.0 SRM/dCache L&L SAML1 lib XACML2 gLite lib PRIMA WS SAML1 lib PRIMA SAML1 lib XACML2 gLite lib PRIMA SAML1 lib XACML2 gLite lib gPlazma SAML1 priv. lib XACML2 priv. lib SAZ Clnt SAZ Clnt SAZ Clnt SAZ Clnt Module Dependencies (OSG case) To SAZ clnts WN CE SE Gateway Call-out XACML lib PDP Legend: Cmpnt EGEE Comp. used in OSG

May 11, 20099/17 VO Services Project – Stakeholders’ Meeting Pre-WS GK GUMS SAML1 XACML2 SCAS XACML2 SAZ Internal XACML2 GridFTPgLExec WS GK v4.2 SRM/dCache L&L XACML2 gLite lib GT4.2 Security XACML2 gLite lib gPlazma XACML2 priv. lib XACML2 GT4.2 PEP Module Dependencies (OSG case in 2010) L&L GT4.2 Security WN CE SE XACML2 GT4.2 PEP Gateway Call-out XACML lib PDP Cmpnt Legend: Component or dependency foreseen by 01/2010 Cmpnt EGEE Comp. used in OSG

May 11, /17 VO Services Project – Stakeholders’ Meeting Cmpnt Legend: Component or dependency available by 01/2010 Pre-WS GK GUMS SAML1 XACML2 SCAS XACML2 SAZ Internal XACML2 GridFTPgLExecSRM/dCache L&L XACML2 gLite lib XACML2 gLite lib XACML2 gLite lib gPlazma XACML2 priv. lib Module Dependencies (EGEE case) L&L GT4.2 Security WN CE SE XACML2 GT4.2 PEP Gateway Call-out XACML lib PDP L&L

May 11, /17 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting May 11, 2009 Gabriele Garzoglio Computing Division, Fermilab Overview 1.Action Items from previous meetings 2.Deliverables of Phase III 3.Focus The AuthZ Interop project is closing down Status of the VOMRS / VOMS-admin convergence. 4.Closing activities Maintenance plan and potential risks 5.Stakeholders' input

May 11, /17 VO Services Project – Stakeholders’ Meeting VOMRS / VOMS-admin convergence The convergence is organized in 5 phases: es&confId=42799 The VOMS-Admin developer has coded the features required for JSPG. No certification yet. Gabriele Garzoglio Phase IImplement JSPG requirementsMar 2009 Phase II Migrate essential VOMRS features to VOMS AdminJan 2010 Phase III Interface with third party directory services (CERN HR db)Spring 2010 Phase VIValidation and certification testsN/A Phase VData migration from VOMRS to VOMS AdminN/A

May 11, /17 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting May 11, 2009 Gabriele Garzoglio Computing Division, Fermilab Overview 1.Action Items from previous meetings 2.Deliverables of Phase III 3.Focus The AuthZ Interop project is closing down Status of the VOMRS / VOMS-admin convergence. 4.Closing activities Maintenance plan and potential risks 5.Stakeholders' input

May 11, /17 VO Services Project – Stakeholders’ Meeting Component Maintenance GUMS: BNL (John H. / Jay P.) –AuthZ RSV Validation Probes (STG / BNL) Prima (Dave D.) –Collab w/ EGEE-Nikhef / Globus for AuthZ Interop libs gPlamza: dCache (Ted H.) –Includes privilege.jar (Collab w/ Jay P.) –Collab w/ EGEE-SWITCH for AuthZ Interop libs gLExec: GlideIn WMS (Burt H. / Dave D.) –Includes Gratia probe VO Policy / SVOPME (Gabriele G.) VOM(R)S convergence (Tanya L.) Gabriele Garzoglio

May 11, /17 VO Services Project – Stakeholders’ Meeting Risks Oversubscription of the STG in managing the end-to-end delivery of authorization- related features. Mitigation ? Missed convergence of VOMRS / VOMS- admin. Mitigation: managed as an independent project w/ EGEE Deviation from agreed interoperability standards as the structure of the forum becomes more relaxed. Mitigation ? Gabriele Garzoglio

May 11, /17 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting May 11, 2009 Gabriele Garzoglio Computing Division, Fermilab Overview 1.Action Items from previous meetings 2.Deliverables of Phase III 3.Focus The AuthZ Interop project is closing down Status of the VOMRS / VOMS-admin convergence. 4.Closing activities Maintenance plan and potential risks 5.Stakeholders' input

May 11, /17 VO Services Project – Stakeholders’ Meeting Conclusions VO Service umbrella project is closing down (est. Jun 09) Major deliverables are mostly either complete or within a project structure to follow up with them (with different degree of risks) –Exceptions: AC gateway validation Passing the baton for AuthZ in OSG to Mine. Gabriele will act as point of contact for triaging authorization questions. Future work on AuthZ will be handled as independent projects. Gabriele Garzoglio

May 11, /17 VO Services Project – Stakeholders’ Meeting Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma ID Mapping? Yes / No + UserName VO Services VOMRSVOMS synch register get voms-proxy Submit request with voms-proxy synch WN gLExec Prima Storage Batch System Submit Pilot OR Job (UID/GID) Access Data (UID/GID) 8 8 Schedule Pilot OR Job 9 Pilot SU Job (UID/GID) 10 VO Dave Dykstra PDP A Common Protocol for OSG and EGEE integrated with the GT PEPs AuthZ Components Legend Not Officially In OSG VO Management Services Authorization Infrastructure (the OSG case)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.