Distributed Data Access Control Mechanisms and the SRM Peter Kunszt Manager Swiss Grid Initiative Swiss National Supercomputing Centre CSCS GGF Grid Data.

Slides:



Advertisements
Similar presentations
INFSO-RI Enabling Grids for E-sciencE EGEE and gLite Slides by: Erwin Laure EGEE Deputy Middleware Manager.
Advertisements

Data Management Expert Panel - WP2. WP2 Overview.
Data Management Expert Panel. RLS Globus-EDG Replica Location Service u Joint Design in the form of the Giggle architecture u Reference Implementation.
EGEE-II INFSO-RI Enabling Grids for E-sciencE The gLite middleware distribution OSG Consortium Meeting Seattle,
1 User Analysis Workgroup Update  All four experiments gave input by mid December  ALICE by document and links  Very independent.
Plateforme de Calcul pour les Sciences du Vivant SRB & gLite V. Breton.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Services Abderrahman El Kharrim
CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.
Understanding Active Directory
EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.
INFSO-RI Enabling Grids for E-sciencE gLite Data Management Services - Overview Mike Mineter National e-Science Centre, Edinburgh.
GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.
San Diego Supercomputer Center National Partnership for Advanced Computational Infrastructure San Diego Supercomputer Center National Partnership for Advanced.
Your university or experiment logo here Caitriana Nicholson University of Glasgow Dynamic Data Replication in LCG 2008.
EGEE Catalogs Peter Kunszt EGEE Data Management Middleware Service Grids NeSC, July 2004 EGEE is a project funded by the.
INFSO-RI Enabling Grids for E-sciencE Distributed Metadata with the AMGA Metadata Catalog Nuno Santos, Birger Koblitz 20 June 2006.
Author - Title- Date - n° 1 Partner Logo EU DataGrid, Work Package 5 The Storage Element.
Author - Title- Date - n° 1 Partner Logo WP5 Summary Paris John Gordon WP5 6th March 2002.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE middleware: gLite Data Management EGEE Tutorial 23rd APAN Meeting, Manila Jan.
Enabling Grids for E-sciencE Introduction Data Management Jan Just Keijser Nikhef Grid Tutorial, November 2008.
Maarten Litmaath (CERN), GDB meeting, CERN, 2006/02/08 VOMS deployment Extent of VOMS usage in LCG-2 –Node types gLite 3.0 Issues Conclusions.
INFO1408 Database Design Concepts Week 15: Introduction to Database Management Systems.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
The Swiss Grid Initiative Context and Initiation Work by CSCS Peter Kunszt, CSCS.
Legion - A Grid OS. Object Model Everything is object Core objects - processing resource– host object - stable storage - vault object - definition of.
INFSO-RI Enabling Grids for E-sciencE gLite Data Management and Interoperability Peter Kunszt (JRA1 DM Cluster) 2 nd EGEE Conference,
The Global Land Cover Facility is sponsored by NASA and the University of Maryland.The GLCF is a founding member of the Federation of Earth Science Information.
Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.
From Digital Objects to Content across eInfrastructures Content and Storage Management in gCube Pasquale Pagano CNR –ISTI on behalf of Heiko Schuldt Dept.
Conference name Company name INFSOM-RI Speaker name The ETICS Job management architecture EGEE ‘08 Istanbul, September 25 th 2008 Valerio Venturi.
INFSO-RI Enabling Grids for E-sciencE Scenarios for Integrating Data and Job Scheduling Peter Kunszt On behalf of the JRA1-DM Cluster,
E-infrastructure shared between Europe and Latin America FP6−2004−Infrastructures−6-SSA gLite Information System Pedro Rausch IF.
WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.
Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.
INFSO-RI Enabling Grids for E-sciencE Introduction Data Management Ron Trompert SARA Grid Tutorial, September 2007.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America gLite Information System Claudio Cherubino.
The CMS Top 5 Issues/Concerns wrt. WLCG services WLCG-MB April 3, 2007 Matthias Kasemann CERN/DESY.
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Data management in LCG and EGEE David Smith.
JAliEn Java AliEn middleware A. Grigoras, C. Grigoras, M. Pedreira P Saiz, S. Schreiner ALICE Offline Week – June 2013.
David Adams ATLAS ATLAS-ARDA strategy and priorities David Adams BNL October 21, 2004 ARDA Workshop.
Ákos FROHNER – DataGrid Security n° 1 Security Group TODO
1 A Scalable Distributed Data Management System for ATLAS David Cameron CERN CHEP 2006 Mumbai, India.
EGEE is a project funded by the European Union under contract IST Data Management Data Access From WN Paolo Badino Ricardo.
LHCC Referees Meeting – 28 June LCG-2 Data Management Planning Ian Bird LHCC Referees Meeting 28 th June 2004.
FESR Trinacria Grid Virtual Laboratory gLite Information System Muoio Annamaria INFN - Catania gLite 3.0 Tutorial Trigrid Catania,
Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.
The AstroGrid-D Information Service Stellaris A central grid component to store, manage and transform metadata - and connect to the VO!
INFSO-RI Enabling Grids for E-sciencE University of Coimbra gLite 1.4 Data Management System Salvatore Scifo, Riccardo Bruno Test.
SAM architecture EGEE 07 Service Availability Monitor for the LHC experiments Simone Campana, Alessandro Di Girolamo, Nicolò Magini, Patricia Mendez Lorenzo,
Bologna, March 30, 2006 Riccardo Zappi / Luca Magnoni INFN-CNAF, Bologna.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Introduction Salma Saber Electronic.
2 nd EGEE/OSG Workshop Data Management in Production Grids 2 nd of series of EGEE/OSG workshops – 1 st on security at HPDC 2006 (Paris) Goal: open discussion.
Riccardo Zappi INFN-CNAF SRM Breakout session. February 28, 2012 Ingredients 1. Basic ingredients (Fabric & Conn. level) 2. (Grid) Middleware ingredients.
EGEE Data Management Services
Federating Data in the ALICE Experiment
Jean-Philippe Baud, IT-GD, CERN November 2007
OGF PGI – EDGI Security Use Case and Requirements
StoRM: a SRM solution for disk based storage systems
GGF OGSA-WG, Data Use Cases Peter Kunszt Middleware Activity, Data Management Cluster EGEE is a project funded by the European.
A Model for Grid User Management
Comparison of LCG-2 and gLite v1.0
Introduction to Data Management in EGI
Ákos Frohner EGEE'08 September 2008
Interoperability & Standards
Data Management cluster summary
INFNGRID Workshop – Bari, Italy, October 2004
Information Services Claudio Cherubino INFN Catania Bologna
Presentation transcript:

Distributed Data Access Control Mechanisms and the SRM Peter Kunszt Manager Swiss Grid Initiative Swiss National Supercomputing Centre CSCS GGF Grid Data Management Working Group Co-Chair HPDC Workshop on Management of Rights in Production Grids Paris, 19 June, 2006

HPDC, 19_06_2006, P. Kunszt Manager Swiss Grid Initiative, Swiss National Supercomputing Centre CSCS, Manno EU Grid Projects, leading data management middleware development CERN, Geneva Building the Science Database of the Sloan Digital Sky Survey, Johns Hopkins University Baltimore Grid Storage Management Working Group Co-Chair Global Grid Forum

HPDC, 19_06_2006, P. KunsztOutline Introduction: Distributing Data Security Aspects  Ubiquitous Access to Data(?)  Semantic models  Trust relationships Discussion of Possible Security Models EGEE and SRM models

HPDC, 19_06_2006, P. Kunszt Ubiquitous Distributed Data Security Use Case : Ubiquitous Data Access Client Grid GridData MyData Local Access Grid Job Grid Access Local Same Semantics Expected Or Not??

HPDC, 19_06_2006, P. Kunszt Data Access Semantics Local: Security fully controlled by the Owner  Setting and Getting of Permissions and ACLs  Changes have Instantaneous effect Distributed: Different Security Models  Single Master, Read-Only Copies  Changes only possible in one place, effect on copies not instantaneous  Multi Master  Changes possible everywhere, complex synchronization  Race Conditions  Resolution of Conflicts may involve human decisions  No Synchronization (Peer-to-Peer)  Any combination of the three above  Hierarchical models  Caches

HPDC, 19_06_2006, P. Kunszt Trust Relationships Local : Client and Resource interact directly  Client trusting the local Storage to enforce the access model  Client trusting the local Resource Owners not to abuse data  Resource Owners trusting Clients not to put ‘bad’ data on resource Grid : VO trust layer between Client and Resource  VO trusting Resource to enforce access  VO trusting Resource Owners not to abuse data  Resource trusting VO not to place ‘bad’ data into resource  Client trusting VO to maintain the trust relationships properly on its behalf

HPDC, 19_06_2006, P. Kunszt Distributed Data Security Models Policy Decision Point PDP  Decisions about Clients being able to access Data Policy Enforcement Point PEP  Enforcing the PDP decision, strong trust relationship between PEP and PDP  Enforcement can only be done by the Recource Owners Models different depending on the placement of PDP and PEP in the Grid Layered Architecture  5 Models possible

HPDC, 19_06_2006, P. Kunszt Policy Enforcement and Decision Points Model 1 Model 2Model 3Model 4Model 5 Service Owner:VO Service Owner:Site Application Layer Middleware Layer Resource Layer PDP PEP PDP PEP PDP PEP PDP PEP

HPDC, 19_06_2006, P. Kunszt Model 1: Site Security Only Both PDP and PEP are in the Resource Layer Integrated Storage Resource model Full control of the Storage of the Site/Resource Owner Mapping necessary between  Grid Users and Site Users  Grid Data names and Site Data names (logical vs. physical names)  Local Namespace is relevant as it holds access semantics Issues with distributed access  Peer to peer maps well onto this model  For single master and multi master, synchronization between local instances is needed  Job scheduling needs to take individual access capabilities into account in addition of the data being present or not

HPDC, 19_06_2006, P. Kunszt Model 1: Site Security Only Implementation possibility:  Client is accessing each storage individually, directly  Client has proper credentials for each local storage element  For non P2P models, synchronization is necessary  Possible standardization problems as individual storages have potentially different ACL interpretations

HPDC, 19_06_2006, P. Kunszt Model 2: Middleware PDP, Site PEP PDP is on site but in the Grid Layer. PEP in the Resource Layer Storage Resource delegates decision on access to the middleware On-site middleware so resource owners are still in control  Well suited for sites running local storage with limited semantics Mappings: same as M1  User, filename mappings still needed  ACLs/Security metadata stored now in the Grid Layer Issues with distributed access  Peer to peer maps well onto this model too  For single master and multi master, synchronization between local instances is still needed  Job scheduling needs to take individual access capabilities into account in addition of the data being present or not.

HPDC, 19_06_2006, P. Kunszt Implementation possibility:  A middleware: File Authorization Service FAS needed as PDP  Client is accessing each storage individually, directly  Client has proper credentials for each local storage element  For non P2P models, synchronization is still necessary  Lesser standardization problems as M1: middleware abstraction Model 2: Middleware PDP, Site PEP

HPDC, 19_06_2006, P. Kunszt Model 3: Middleware Control Middleware Layer controls both PEP and PDP Storage can only be accessed through the Middleware Layer On-site middleware so resource owners are still in control Mappings are managed by the Middleware  Abstraction of local storage semantics and namespace  ACLs/Security metadata stored and enforced in the Grid Layer Issues with distributed access  Peer to peer is still a good model, each site now has uniform semantics  For single master and multi master, synchronization between local instances is still needed  Job scheduling needs to take individual access capabilities still into account in addition of the data being present or not.

HPDC, 19_06_2006, P. Kunszt Implementation possibility:  Middleware service acting as Door to the storage, keeping ACLs locally  Client cannot access the Storage Element directly  Client needs credentials only for the middleware  Middleware owns the data on the SE and accesses it using a service cert Model 3: Middleware Control

HPDC, 19_06_2006, P. Kunszt Model 4: VO PDP, Site PEP VO Layer controls the Decision making Storage is accessed directly by Clients as in Model 2 The Decision is not an on-site service so the resource owners have to delegate the decision making to the VO, only enforcing it locally Mappings are managed by the VO  Abstraction of local storage semantics and namespace now up to the VO layer  ACLs/Security metadata managed by the applications but is a single point of failure Issues with distributed access  Peer to peer is not necessarily a good model as a potentially central VO service would need to be contacted for every operation  The VO PDP needs to decide whether to enforce single master or multi master, but can do so relatively easily  Job scheduling does not need to take individual site access into account.

HPDC, 19_06_2006, P. Kunszt Implementation possibility:  Storage needs a callout to the (central) VO PDP service  Client has proper credentials for each local storage element  No standardization needed Model 4: VO PDP, Site PEP

HPDC, 19_06_2006, P. Kunszt Model 5: VO PDP, Middleware PEP Middleware Layer controls PEP while VO maintains PDP Storage can only be accessed through the Middleware Layer as in Model 3 Everything else as in Model 4

HPDC, 19_06_2006, P. Kunszt Implementation possibility:  Middleware service acting as Door to the storage but access control info is in the central PDP  Client cannot access the Storage Element directly  Client needs credentials only for the middleware  Middleware owns the data on the SE and accesses it using a service cert I/O door1 PEP I/O door2 PEP Central VO FAS PDP ACL SE1 SE2 service cert user cert Model 5: VO PDP, Middleware PEP

HPDC, 19_06_2006, P. Kunszt Alternative Implementations Possible depending on how the communication between PDP and PEP is being done: Pull  Call-out from the PEP to the PDP  Also called ‘late’ authorization as the decision is made very late in the process Push  User gets a token signed by the PDP  User claims to have the rights on the data directly based on the secure token  Also called ‘external’ authorization PDP PEP user cert trusted call PDP PEP user cert cert + token

HPDC, 19_06_2006, P. Kunszt Alternative Implementations Trusted  User entrusts a service to act on its behalf  Service retrieves PDP info on behalf of user  Service has ‘admin’ capabilities on PEP PDP PEP user cert service cert Trusted Service trusted call

HPDC, 19_06_2006, P. Kunszt SRM security The current SRM security runs with Model 1 SRM v1 and v2  Model 1 not by design but by default. For Model 1, the Pull implementation is trivial as the PDP and PEP are the same  Discussions did not even start!  If SrmCopy is not used, any model can be implemented on top of the SRM.  SrmCopy in v1 and v2 only allows Model 1 by default, using the Peer to Peer security option (no synchronization on update). SRM v3  Foresees proper handling of ACLs with the necessary methods  May be extended to include synchronization between sites also for SrmCopy  Detailed discussions also to be had. SRM v3 is simply flexible enough to allow for any security model.

HPDC, 19_06_2006, P. Kunszt EGEE security model: gLite 1.5 The EGEE gLite versions up to v1.5 were designed to run with model 3 or 5. Model 5  gLite I/O: middleware service acting as door (‘trusted’ implementation as the actual enforcement is done by the SE)  gLite Fireman Catalog: central VO-owned service Model 3  gLite I/O as door (trusted impl)  gLite Fireman deployed locally at each site  Synchronization between Fireman catalogs through a messaging service

HPDC, 19_06_2006, P. Kunszt EGEE security model: LCG and gLite3 The EGEE versions up to LCG 2.7 and starting gLite3 run with model 1. Model 1  Just using the SRM  Alternatively, directly talking to the storage at each site over the native interface (dcap, rfio) or over GFAL Not quite Model 2  LCG File Catalog LFC acting as namespace service only, ACLs but not enforced  Push implementation using VOMS groups but these are not signed by the LFC  No synchronization

HPDC, 19_06_2006, P. KunsztAliEn The LHC Alice experiment’s own Grid Middleware called AliEn that largely influenced the EGEE design is working with model 4  ‘Push’ implementation with a token given to the service by the Alien System  ‘Central’ Alien File Catalog – distributed instance  Direct access to file through xrootd protocol with the service token

HPDC, 19_06_2006, P. KunsztSRB The Storage Resource Broker from SDSC seems to be using Model 3  Central namespace service  Every access goes through the SRB layer and is tightly controlled by it

HPDC, 19_06_2006, P. KunsztSummary The users of a distributed Grid infrastructure need to be aware of the security semantics of their distributed data access model  Not an easy decision which model to use  Every model has advantages and disadvantages  Possibly no one size fits all solution  SRM v3 might accommodate any solution on top  Still a lot of thinking/deciding to be done! .. And I haven’t even touched on the subject of co-scheduling…

HPDC, 19_06_2006, P. Kunszt..And now for the Really Important Stuff HOPP SCHWIIZ

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.