Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org VO Naming Proposals Explanation (first) and Discussion (after first) Oscar Koeroo JRA3.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org VO Naming Proposals Explanation (first) and Discussion (after first) Oscar Koeroo JRA3."— Presentation transcript:

1 INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org VO Naming Proposals Explanation (first) and Discussion (after first) Oscar Koeroo JRA3

2 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 2 Index.voms Widely known VO name constraints VO naming known guidelines Global VO Naming proposals Using normal DNS features to solve the problem What we did for GIN Discussion moment: Where do you want to go today?

3 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 3 VO Name Information Allowed VO (and group/role name) characters: –[a-zA-Z0-9-_\.] –In English:  VO names can start with a number  VO Names are alphanumeric and can also contain the characters minus/dash/hyphen, underscore and dot The FQAN format is ‘defacto’ standardized to the following format according to Vincenzo’s memo: –/ [[/ ]/ ] [/Role= ] Info from: VOMS developers (vomsd and VOMS-Admin)

4 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 4 VO Name Information VO names *should* not have a limited length (including the group and role names) –/United-Federation-Of-Planets_Starship.Enterprise.NGC1701 –/picard/whatistheexactamountofcharactersthatIcanputintothishugestring tobeusedforanormaltypeofgroupinthevonamedafterthecaptainoftheusse nterprisefromthestartrekthenextgenerationseriesfromthenineteennighte es –/picard/whatistheexactamountofcharactersthatIcanputintothishugestring tobeusedforanormaltypeofgroupinthevonamedafterthecaptainoftheusse nterprisefromthestartrekthenextgenerationseriesfromthenineteennighte es/Role=thisisanewrolespecificallycreatedtocrashasystemthatusesVOM SofcourseIhopethatmysoftwarewhichisLCMAPSprimarilywillholdoutofco urse An initiative of Steven Burke to test these things

5 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 5 Known Guidelines – Naming a VO Decide on a name for the VO that it: –Corresponds to its identity  e.g. DTEAM for the Deployment Team VO –Easy to remember and recognise  Also for Resource Admins how are not affiliated to the VO themselves like BIOMED for the Biomedical activity VO. –Don’t risk on using names longer then 6 characters or use special characters which could be mistaken for a regular expression  Like DZERO for the D0 experiment VO –Doesn’t clash with reserved service or file names in the Grid software distributions –Give appropriate DNS host aliases and host certificates, when necessary  e.g the sixt-vo.cern.ch is the host alias of the VODB server of the SIXT VO Info from: Maria Dimou

6 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 6 New Global VO naming proposal Problem: –No name (space) control –Name clashes are startinig to appear  FUSION and FUSION’  ATLAS vs. USATLAS vs. Swiss Atlas vs. NorduGrid ATLAS  uscms vs. cms  Biomed vs. Bio Italy Solution: –A hierarchical, extensible VO name space is needed Info from: Oxana Smirnova

7 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 7 #1 The proposal from Oxana Smirnova: Global VO Naming

8 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 8 New Global VO naming proposal Overall rules: Character set is limited to alphanumeric without punctuation marks Case-insensitive A full VO name is constructed of: –level (domain) name fragments –separated by a period (dot) –in level ascending order  level 0 name leftmost, level 1 - next to the right, etc  Like: [.level1][.level2]

9 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 9 level 0 Level 0: (top level) national, global/international –Consists of 241 domains  240 official two-letter country code  one cross-country domain named "int“ –Each national level is controlled by the respective national Grid Forum or a similar body –INT domain is controlled by the GGF/EGA Examples:  SE.SWEGRID (Swedish VOs)  RU.DUBNAGRID (Town Grid project)  IT.ENEA (a cross-national VO)  INT.CERN (International HEP lab)

10 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 10 level 1 Level 1: International regional level (optional) –INT domain may have several sub-domains, introduced whenever necessity appears –Each such sub-domain is controlled by the respective international Grid initiative, congress or another forum –This level is optional and can be omitted for global transnational organizations, such as CERN –The level can contain VOs or area/infrastructure sub-levels Examples: –INT.BALTIC.BALTICGRID (a regional VO) –INT.CE.VOCE (a regional VO) –INT.EU.EGEE (EU infrastructure sub-level)

11 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 11 level 2 Level 2: Area or infrastructure level (optional) –If necessary, regional, national or international domains may have area- or infrastructure-specific sub-domains, aiming at grouping VOs –Each such sub-domain is controlled by the respective infrastructure project or area-specific initiative Examples: –CH.SWISSGRID.ATLAS (Swiss ATLAS Grid VO) –SE.SWEGRID.snic-003-04-59 (a national VO) –INT.EU.EGEE.DTEAM (EGEE VO) –INT.CERN.ATLAS (International HEP VO)

12 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 12 level 3 Level 3: Virtual Organization Level –This is the actual level controlled by VOs and having VO-specific structure (not discussed here) –User communities can decide on a simple name here and should consider to use the guidelines of naming a VO

13 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 13 Summary of this proposal The complete VO name is thus composed from mandatory and optional components as: – [.level1][.level2] Valid VO names are: –NL.Astrop –EE.TTU –US.OSG.GROW –CH.SWISSGRID.ATLAS –INT.Dzero –INT.CERN.CMS –INT.NORDIC.ARC-COMMUNITY –INT.EU.EGEE.DTEAM

14 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 14 Personal feelings It looks like a reversed DNS naming, but it isn’t It relies on community effort –No formal bodies are do this work which means they’ll need to be appointed –People could freely interpret the rules if this scheme doesn’t come with (practical) guidelines –How to endorse?  Who is the boss of int.* or int.eu* or us.*? Tendency to put meta-data in these names –Some organizational meta-data could perhaps not fit the scheme

15 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 15 #2 An idea from David Groep / Oscar Koeroo: DNS (and making use of RFC 2782)

16 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 16 DNS Personally I would vote for a real DNS solution… Less confusion and mix-ups Why should we not use standards if they’re already available? –RFC 1034  Domain names - concepts and facilities Section 3.4 - Example name space Strong urge to only use 7-bit ASCII characters oa-zA-Z[a-zA-Z0-9-\.]*\. –RFC 2782  A DNS RR for specifying the location of services (DNS SRV)

17 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 17 RFC 1034 - Domain names You might know this RFC… the one with the ‘normal’ DNS names

18 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 18 RFC 2782 - DNS SRV The SVR RR allows administrators to use several servers for a single domain To move services from host to host with little fuss To designate some hosts as primary servers for a service and others as backups.

19 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 19 Small example If a SRV-cognizant LDAP client wants to discover an LDAP server that supports TCP and provides LDAP for the domain ‘example.com’, it does a lookup to: –_ldap._tcp.example.com Which could also have been: –_voms._tcp.nikhef.nl

20 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 20 The format _Service._Proto.Name TTL Class SRV Priority Weight Port Target Service: –The symbolic name for the desired service Proto: –The symbolic name for the desired protocol Name –The domain this RR refers to. TTL –Standard DNS meaning Class –Standard DNS meaning; SRV records occur in the IN Class Priority –The priority of this target host expressed in a 16 bit unsigned integer. –Lowest value is best and the client MUST try the best service first –The weight field is considered when two services have the same priority Weight –Expressed in a 16bit unsigned integer –Larger weight SHOULD be given a proportionately higher probability of being selected –When there is no server selection, the admin SHOULD use Weight 0 when there isn’t any server selection –Client computes the sum of all weights, then creates a random number between 0 and the sum of weights. The first weight greater or equal then the random number is the service to be used by the client Port –16 bit unsigned integer service port number Target –Domain name of the target host Note: the _ (underscore) is used to avoid collisions with DNS labels

21 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 21 RFC 2782 – fictional example $ORIGIN example.com. @ SOA server.example.com. root.example.com. ( 1995032001 3600 3600 604800 86400 ) NS server.example.com. NS ns1.ip-provider.net. NS ns2.ip-provider.net. ; voms - use old-slow-box or new-fast-box if either is ; available, make three quarters of the logins go to ; new-fast-box. _voms._tcp SRV 0 1 9 old-slow-box.example.com. SRV 0 3 9 new-fast-box.example.com. ; if neither old-slow-box or new-fast-box is up, switch to ; using the sysdmin's box and the server SRV 1 0 9 sysadmins-box.example.com. SRV 1 0 9 server.example.com. server A 172.30.79.10 old-slow-box A 172.30.79.11 sysadmins-box A 172.30.79.12 new-fast-box A 172.30.79.13 ; NO other services are supported *._tcp SRV 0 0 0. *._udp SRV 0 0 0.

22 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 22 Short explanation The client of the ‘voms’ service in the ‘example.com.’ domain needs an SRV lookup of “_voms._tcp.example.com” Possibly A lookups of “new-fast-box.example.com.” (and/or other hosts name)

23 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 23 Critical detail DNS Spoofing could become a whole new ballgame… As a service you are not controlling this information flow about your service

24 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 24 Time for GIN? Hot discussions on MWSG and GIN-Auth list about VO Naming and all kinds of things passed by –including the use a new TLD:.grid Since I was moved forward to be the VOMS-Admin for GIN therefore I’ve put all the ideas in my virtual blender and added my own twist to the mix The VO name:GIN-GGF-ORG is now active –Because it is clearly not DNS, but logically looks like DNS –Quote from my announcement e-mail:  This VO name can be changed when we have a common agreement on the VO naming convention

25 Enabling Grids for E-sciencE INFSO-RI-508833 To change: View -> Header and Footer 25 Where do you want to go today? A few options: 1.) We keep on hurdling with just the VO names –Pro: no change needed anywhere –Con: one can expect pitfalls down the road… 2.) Implement the VO Naming proposal –Pro: Name space regulation, controlled by ‘others’ –Cons: takes time to setup authoritive groups –Cons: relocation problems when pinned to a level0 to level3 domain 3.) A real DNS solution –RFC 1034 for Domain Names –RFC 2782 for the DNS SRV 4.) Something completely different? –DNS trickery  Logical DNS: GIN-GGF-ORG  DNS-alike: picard|kuiken.nikhef.nl  e-mail-alike: picard@kuiken.nikhef.nlpicard@kuiken.nikhef.nl 5.) Please fill in blank with your idea: ______

Download ppt "INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org VO Naming Proposals Explanation (first) and Discussion (after first) Oscar Koeroo JRA3."

Similar presentations

EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
INTERNET PROTOCOLS Class 9 CSCI 6433 David C. Roberts Entire contents copyright 2011, David C. Roberts, all rights reserved.

INTERNET PROTOCOLS Class 9 CSCI 6433 David C. Roberts Entire contents copyright 2011, David C. Roberts, all rights reserved.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
A Question of Protocol Geoff Huston APNIC. Originally there was RFC791:

A Question of Protocol Geoff Huston APNIC. Originally there was RFC791:
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Domain Name System: DNS

Domain Name System: DNS
Chapter 3: Introduction to C Programming Language C development environment A simple program example Characters and tokens Structure of a C program –comment.

Chapter 3: Introduction to C Programming Language C development environment A simple program example Characters and tokens Structure of a C program –comment.
DNS.

DNS.
Distributed Computing COEN 317 DC2: Naming, part 1.

Distributed Computing COEN 317 DC2: Naming, part 1.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org XACML and G-PBox update MWSG 14-15/09/2005 Presenter: Vincenzo Ciaschini.

INFSO-RI Enabling Grids for E-sciencE XACML and G-PBox update MWSG 14-15/09/2005 Presenter: Vincenzo Ciaschini.
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)

TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
DNS: Domain Name System

DNS: Domain Name System
Module 2: Implementing DNS to Support Active Directory

Module 2: Implementing DNS to Support Active Directory
Chapter 17 Domain Name System

Chapter 17 Domain Name System
October 2003Bent Thomsen - FIT 3-21 IT – som værktøj Bent Thomsen Institut for Datalogi Aalborg Universitet.

October 2003Bent Thomsen - FIT 3-21 IT – som værktøj Bent Thomsen Institut for Datalogi Aalborg Universitet.
Profiling Metadata Specifications David Massart, EUN Budapest, Hungary – Nov. 2, 2009.

Profiling Metadata Specifications David Massart, EUN Budapest, Hungary – Nov. 2, 2009.
1 Data List Spreadsheets or simple databases - a different use of Spreadsheets Bent Thomsen.

1 Data List Spreadsheets or simple databases - a different use of Spreadsheets Bent Thomsen.
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.

October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks What GGUS can do for you JRA1 All hands.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks What GGUS can do for you JRA1 All hands.

Similar presentations

Ads by Google