Sep 17, 20081/16 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Sep 17, 2008 Gabriele Garzoglio.

Slides:



Advertisements
Similar presentations
EGEE-II INFSO-RI Enabling Grids for E-sciencE The gLite middleware distribution OSG Consortium Meeting Seattle,
Advertisements

Dec 14, 20061/10 VO Services Project – Status Report Gabriele Garzoglio VO Services Project WBS Dec 14, 2006 OSG Executive Board Meeting Gabriele Garzoglio.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
 Contributing >30% of throughput to ATLAS and CMS in Worldwide LHC Computing Grid  Reliant on production and advanced networking from ESNET, LHCNET and.
OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.
Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
Jan 2010 Current OSG Efforts and Status, Grid Deployment Board, Jan 12 th 2010 OSG has weekly Operations and Production Meetings including US ATLAS and.
INFSO-RI Enabling Grids for E-sciencE SAML-XACML AuthZ Interface Analysis and design suggestions Yuri Demchenko SNE Group, University.
> > AuthZ Interop report out for the authz-interop.org collaboration David Groep, with many thanks to Dave Dykstra’s CHEP talk.
VO Management in D-Grid, 2. WS, H. Enke (AstroGrid-D) AGD Grid Account Management.
Open Science Grid Software Stack, Virtual Data Toolkit and Interoperability Activities D. Olson, LBNL for the OSG International.
Status of the Adoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware 1/17 Status of the Adoption of a SAML-XACML Profile.
OSG Services at Tier2 Centers Rob Gardner University of Chicago WLCG Tier2 Workshop CERN June 12-14, 2006.
OSG Middleware Roadmap Rob Gardner University of Chicago OSG / EGEE Operations Workshop CERN June 19-20, 2006.
VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.
May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
Apr 30, 20081/11 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Apr 30, 2008 Gabriele Garzoglio.
PanDA Multi-User Pilot Jobs Maxim Potekhin Brookhaven National Laboratory Open Science Grid WLCG GDB Meeting CERN March 11, 2009.
Mine Altunay OSG Security Officer Open Science Grid: Security Gateway Security Summit January 28-30, 2008 San Diego Supercomputer Center.
Mar 28, 20071/9 VO Services Project Gabriele Garzoglio The VO Services Project Don Petravick for Gabriele Garzoglio Computing Division, Fermilab ISGC 2007.
VOMRS/VOMS-Admin Convergence and VO Services Project Status Tanya Levshina Computing Division, Fermilab.
May 11, 20091/17 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting May 11, 2009 Gabriele Garzoglio.
Jan 10, 20091/16 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Jan 10, 2009 Gabriele Garzoglio.
Global Grid Forum GridWorld GGF15 Boston USA October Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science.
March 2, 20101/20 An XACML profile and implementation for Authorization Interoperability An XACML profile and implementation for Authorization Interoperability.
Status of the Adoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware 1/18 Status of the Adoption of a SAML-XACML Profile.
Mine Altunay July 30, 2007 Security and Privacy in OSG.
Status of the Adoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware 1/17 Status of the Adoption of a SAML-XACML Profile.
Glexec, SCAS & CREAM. Milestones CREAM-CE capable of large-scale direct job submission Glexec & SCAS capable of large-scale use on WN in logging only.
Ruth Pordes November 2004TeraGrid GIG Site Review1 TeraGrid and Open Science Grid Ruth Pordes, Fermilab representing the Open Science.
1 User Analysis Workgroup Discussion  Understand and document analysis models  Best in a way that allows to compare them easily.
Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.
Apr 26, 20071/3 OSG Executive Board Meeting Gabriele Garzoglio OSG Executive Board Meeting Gabriele Garzoglio VO Services, PL Computing Division, Fermilab.
Oct 19, 20101/16 Adoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware in OSG and EGEE CHEP 2010 Oct 19, 2010 Gabriele.
OSG Integration Activity Report Rob Gardner Leigh Grundhoefer OSG Technical Meeting UCSD Dec 16, 2004.
6/23/2005 R. GARDNER OSG Baseline Services 1 OSG Baseline Services In my talk I’d like to discuss two questions:  What capabilities are we aiming for.
VO Privilege Activity. The VO Privilege Project develops and implements fine-grained authorization to grid- enabled resources and services Started Spring.
OSG AuthZ components Dane Skow Gabriele Carcassi.
EMI INFSO-RI Argus Policies in Action Valery Tschopp (SWITCH) on behalf of the Argus PT.
Jun 12, 20071/17 AuthZ Interoperability – Status and Plan Gabriele Garzoglio AuthZ Interoperability Status and Plans June 12, 2007 Middleware Security.
AstroGrid-D Meeting MPE Garching, M. Braun VO Management.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks New Authorization Service Christoph Witzig,
Testing and integrating the WLCG/EGEE middleware in the LHC computing Simone Campana, Alessandro Di Girolamo, Elisa Lanciotti, Nicolò Magini, Patricia.
Eileen Berman. Condor in the Fermilab Grid FacilitiesApril 30, 2008  Fermi National Accelerator Laboratory is a high energy physics laboratory outside.
Sep 25, 20071/5 Grid Services Activities on Security Gabriele Garzoglio Grid Services Activities on Security Gabriele Garzoglio Computing Division, Fermilab.
Jun 18, 20071/26 Security Policies and Middleware in OSG Gabriele Garzoglio Security Policies and Middleware in OSG June 18, 2007 JRA1 All Hands Meeting.
An Introduction to Campus Grids 19-Apr-2010 Keith Chadwick & Steve Timm.
INFSO-RI Enabling Grids for E-sciencE SAML-XACML interoperability Oscar Koeroo.
INFSO-RI Enabling Grids for E-sciencE AuthZ Interop: A common XACML Profile ( Bonus material about the implementation) Oscar Koeroo.
Area Coordinator Report for Operations Rob Quick 4/10/2008.
VOX Project Status T. Levshina. 5/7/2003LCG SEC meetings2 Goals, team and collaborators Purpose: To facilitate the remote participation of US based physicists.
Feb 15, 20071/6 OSG EB Meeting – VO Services Status Gabriele Garzoglio VO Services Status OSG EB Meeting Feb 15, 2007 Gabriele Garzoglio, Fermilab.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks OpenSAML extension library and API to support.
OSG Status and Rob Gardner University of Chicago US ATLAS Tier2 Meeting Harvard University, August 17-18, 2006.
SAM architecture EGEE 07 Service Availability Monitor for the LHC experiments Simone Campana, Alessandro Di Girolamo, Nicolò Magini, Patricia Mendez Lorenzo,
Parag Mhashilkar Computing Division, Fermilab.  Status  Effort Spent  Operations & Support  Phase II: Reasons for Closing the Project  Phase II:
April 18, 2006FermiGrid Project1 FermiGrid Project Status April 18, 2006 Keith Chadwick.
Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid ConsortiumCHEP 2006 Mumbai INDIA February gPLAZMA:
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Introduction Salma Saber Electronic.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Argus gLite Authorization Service Workplan.
FermiGrid The Fermilab Campus Grid 28-Oct-2010 Keith Chadwick Work supported by the U.S. Department of Energy under contract No. DE-AC02-07CH11359.
Argus EMI Authorization Integration
A Model for Grid User Management
f f FermiGrid – Site AuthoriZation (SAZ) Service
AuthZ Interop report out
Overview OSG & EGEE Authorization Models
Presentation transcript:

Sep 17, 20081/16 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Sep 17, 2008 Gabriele Garzoglio Computing Division, Fermilab Overview AuthZ Interoperability: status and deployment doc VO Services and the Globus Incubator Projects Proposal to close Phase III.

Sep 17, 20082/16 VO Services Project – Stakeholders’ Meeting Authorization Interoperability WLCG middleware authorizes access to resources via call-outs to Policy Decision Points (PDP). Regional grids (OSG, EGEE, …) deploy different implementations of call-out modules and PDP. The Authorization Interoperability project provide –A reference authorization profile specification based on XACML –New implementations of WLCG authorization infrastructure modules, compliant with the interoperability specifications Gabriele Garzoglio

Sep 17, 20083/16 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio Architecture (the OSG case) AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma / Prima ID Mapping? Yes / No + UserName VO Services VOMRSVOMS synch register get voms-proxy Submit request with voms-proxy synch WN gLExec Prima Storage Batch System Submit Pilot OR Job (UID/GID) Access Data (UID/GID) 8 8 Schedule Pilot OR Job 9 Pilot SU Job (UID/GID) 10 VO

Sep 17, 20084/16 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio Architecture (the OSG case) AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma / Prima ID Mapping? Yes / No + UserName VO Services VOMRSVOMS synch register get voms-proxy Submit request with voms-proxy synch WN gLExec Prima Storage Batch System Submit Pilot OR Job (UID/GID) Access Data (UID/GID) 8 8 Schedule Pilot OR Job 9 Pilot SU Job (UID/GID) 10 VO A Common Protocol for OSG and EGEE integrated with the GT

Sep 17, 20085/16 VO Services Project – Stakeholders’ Meeting Project Status New middleware implementations: –PDP: GUMS and SCAS –Middleware vs. Call-out Modules: The project is scheduled to end at the end of September. See close-out re-baselined plan.close-out re-baselined plan Ready for deployment early October. Gabriele Garzoglio Middleware AuthZ Call-out Module Resource Controlled OSGEGEE pre-WS GatekeeperPRIMASCAS CE WS GatekeeperNativeN/A CE CREAMN/AgLExec CE SRM/dCachegLExec SE GridFTPPRIMASCAS SE gLExecNative WN

Sep 17, 20086/16 VO Services Project – Stakeholders’ Meeting Deployment Document Gabriele Garzoglio Circulated a deployment plan document, still in draft phase Both CMS and Atlas saw as possible deploying the new middleware as early as November Discussing with ITB the deployment process for “incremental” upgrades

Sep 17, 20087/16 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio Overview AuthZ Interoperability: status and deployment doc  VO Services and the Globus Incubator Projects Proposal to close Phase III.

Sep 17, 20088/16 VO Services Project – Stakeholders’ Meeting The Globus Incubator Projects The VO Services project has brokered a collaboration between Globus, INFN-BO, and Fermilab (dCache/gPlazma) for the “VOMS-PIP” Incubator Project The VOMS Policy Information Point is a parser for VOMS-extended X509 proxies. The parser is compliant with the Authorization Interoperability profile Incubator projects are the collaborative code development process of Globus Finished incubator products can be distributed with the Globus Toolkits Gabriele Garzoglio

Sep 17, 20089/16 VO Services Project – Stakeholders’ Meeting The process needs to be straightened out… The only remaining hindrance to the collaborative process is the compatibility of software licenses –Globus uses an Apache-like –gPlazma uses FermiTools (BSD-like) Addressing this as a briefing on the FermiTools license with CD Management Important for FNAL / ANL collaborations Gabriele Garzoglio

Sep 17, /16 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio Overview AuthZ Interoperability: status and deployment doc VO Services and the Globus Incubator Projects  Proposal to close Phase III.

Sep 17, /16 VO Services Project – Stakeholders’ Meeting The main goals of Phase III have been addressed Ongoing Maintenance and Support Authorization Interoperability (Due Oct 08) Investigate Mechanisms to Define and Enforce VO and Site AuthZ Policies (SBIR Phase I Done) Validation tool to check consistency of site AuthZ configuration (1 st release Done) Gabriele Garzoglio

Sep 17, /16 VO Services Project – Stakeholders’ Meeting What’s left from the WBS? Maintenance and Support (Ongoing) VOMRS  VOMS-Admin convergence (Started) Improvements to the infrastructure –Site AuthZ Config Validator: RSV probe v2 (Not Started) –Better VOMS attribute validation (Not Started) Check VOMS server identity before synchronization. Smarter failure reactions. Etc. Move to the paradigm of AC validation at the PEP Definition and Enforcement of VO and Site AuthZ Policies (SBIR Phase II w/ TechX) (Started) Requests for more documentation on AuthZ parameters (Not Started) Integrating the infrastruc. with Shibboleth (Not Started) Gabriele Garzoglio

Sep 17, /16 VO Services Project – Stakeholders’ Meeting Should there be a Phase IV ? VO Services today: –Single project entity Maintains and prioritize WBS Single project entity in CD reports, plans, budget Single liaison with stakeholders on behalf of component projects –Coordinates work and communication across components (VOMRS, GUMS, Prima, …) –Runs Sub-Projects (AuthZ Interop, Policy, …) Gabriele Garzoglio

Sep 17, /16 VO Services Project – Stakeholders’ Meeting The proposed alternative Move components to maintenance-only mode Associate component call-out modules w/ component projects: gLExec w/ WMS, gPLazma w/ dCache (as today) Place orphaned components e.g. move Prima to maintenance/operations Possibly maintain a contact person to redirect inquires to the appropriate component project and maintain a list of “small” requests Changes to the infrastructure as a whole are managed as independent projects (e.g. AC Validation at PEP, Shibboleth integration, etc.) “Started” activities will be carried over Gabriele Garzoglio

Sep 17, /16 VO Services Project – Stakeholders’ Meeting Pros. and Cons. of the new way Pros (proposed way) No single multi-year scope-changing subproject-composite umbrella “project” Promotes the transition to maintenance Promotes more stable infrastructure Possibly frees up resources Cons Infrastructural changes require procurement of resources Possibly results in worse inter-component communication Promotes less flexible infrastructure Stakeholders need to deal with multiple projects Gabriele Garzoglio

Sep 17, /16 VO Services Project – Stakeholders’ Meeting Conclusions AuthZ Interop is planned to finish development in September. Now planning for deployment. Participating in Globus Incubator projects need clarifications on licensing issues Phase III could be closed. Should we open Phase IV or change paradigm ? Gabriele Garzoglio

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.