Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org XACML and G-PBox update MWSG 14-15/09/2005 Presenter: Vincenzo Ciaschini.

Published byCatherine Snow Modified over 8 years ago

Similar presentations

Presentation on theme: "INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org XACML and G-PBox update MWSG 14-15/09/2005 Presenter: Vincenzo Ciaschini."— Presentation transcript:

1 INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org XACML and G-PBox update MWSG 14-15/09/2005 Presenter: Vincenzo Ciaschini

2 Enabling Grids for E-sciencE INFSO-RI-508833 XACML Updates

3 Enabling Grids for E-sciencE INFSO-RI-508833 XACML extensions (1) We need requests to refer to more than a resource –Otherwise WMS would get unacceptable delays But XACML Requests may refer to just one resource. Solution: –Specify multiple resources in the tag by using the ‘#’ separator. –If an attribute should get different values for the different resources, also separate them with ‘#’. Advantages: –Normal syntax is also allowed. The PDP remains standard compliant. Disadvantages: –Requires a bit of extra code in the PDP.

4 Enabling Grids for E-sciencE INFSO-RI-508833 XACML extensions (2) Our policies are parameterized, with parameter values coming from external sources. The PDP needs to be informed of the fact. Solution: –We marked the external parameters with the “it:infn:pbox:external: : ” AttributeID.  Example: it:infn:pbox:external:grid-se-available:griditse01.cnaf.infn.it Advantages: –The PDP can clearly know what parameters it must look for. –Fully standard policies are still supported. –The policies can be received by another PDP and not cause errors. Simply, they would not find the parameter needed and so not apply. Disadvantages: –Extra code in the PDP

5 Enabling Grids for E-sciencE INFSO-RI-508833 G-PBox Updates

6 Enabling Grids for E-sciencE INFSO-RI-508833 G-PBox update First version in the EGEE CVS (org.glite.gpbox.*) –An update will be committed soon. RB-PEP and CE-PEP development has started. VOMS Integration

7 Enabling Grids for E-sciencE INFSO-RI-508833 Admin Interface

8 Enabling Grids for E-sciencE INFSO-RI-508833 Admin Interface

9 Enabling Grids for E-sciencE INFSO-RI-508833 Admin Interface

10 Enabling Grids for E-sciencE INFSO-RI-508833 Admin Interface

11 Enabling Grids for E-sciencE INFSO-RI-508833 Admin Interface

12 Enabling Grids for E-sciencE INFSO-RI-508833 Admin Interface

13 Enabling Grids for E-sciencE INFSO-RI-508833 G-PBox VOMS Integration A user can express policies using the admin interface. The admin interface shows the VO name, groups and resources. VO name and VO groups are retrieved from a VOMS server by G-PBox via GSI. Only certified PBox servers can ask VOMS.

14 Enabling Grids for E-sciencE INFSO-RI-508833 RB Integration WMS PBox XACML reqs Attributes Convert and filter XACML response Request List of resources All the responses must be converted in a “readable” format for the WMS All the responses must be converted in a “readable” format for the WMS The policy enforcing process is the merging process between the resource list of the WMS and the set of responses of the PBox. The policy enforcing process is the merging process between the resource list of the WMS and the set of responses of the PBox. List of resources after policy enforcement

15 Enabling Grids for E-sciencE INFSO-RI-508833 CE Integration Really primitive: –Just LCAS/LCMAPS plugin to delegate the choice of the user mapping account to G-PBox.  Still, it has its uses! (no *mapfile whatsoever) We plan on better integration with new CEs, and are in contact with CREAM developers to do this.

16 Enabling Grids for E-sciencE INFSO-RI-508833 Policies supported Policy requests regarding multiple resources! No updates, really: –ACLs –Static policies, –Priority policies.

17 Enabling Grids for E-sciencE INFSO-RI-508833 G-PBox Priority use case (1) ) VOMS and G-PBox (for Job submission Policies) VOMS server Group A Group B Group C PBox Policies Group A : high priority CEs Group B : low priority CEs Group C : deny everywhere CE HIGH CE LOW RB

18 Enabling Grids for E-sciencE INFSO-RI-508833 G-PBox Priority Use Case (2) Sources: ATLAS and CMS This is ready and will be tested on a dedicated testbed starting next week. Reasons for this implementation: –A CE is a QUEUE => The choice of the queue, and hence the priority must be delegated to the RB. –A Priority element is already present in the Glue Schema => It must only be filled.

19 Enabling Grids for E-sciencE INFSO-RI-508833 Further development: Integration with accounting and monitoring, as planned, to implement dynamic policies. Software consolidation for EGEE deadline (15/10/05)

Download ppt "INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org XACML and G-PBox update MWSG 14-15/09/2005 Presenter: Vincenzo Ciaschini."

Similar presentations

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,

INFSO-RI Enabling Grids for E-sciencE Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Logging and Bookkeeping and Job Provenance Services Ludek Matyska (CESNET) on behalf of the.

INFSO-RI Enabling Grids for E-sciencE Logging and Bookkeeping and Job Provenance Services Ludek Matyska (CESNET) on behalf of the.
INFSO-RI-508833 Enabling Grids for E-sciencE Workload Management System Mike Mineter

INFSO-RI Enabling Grids for E-sciencE Workload Management System Mike Mineter
EMI INFSO-RI-261611 EMI Structure, Plans, Deliverables Alberto Di Meglio (CERN) Project Director ATLAS Software & Computing Week Geneva, 21 July 2011.

EMI INFSO-RI EMI Structure, Plans, Deliverables Alberto Di Meglio (CERN) Project Director ATLAS Software & Computing Week Geneva, 21 July 2011.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Voms & Voms-admin report Vincenzo Ciaschini.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Voms & Voms-admin report Vincenzo Ciaschini.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org www.glite.org EGEE and gLite are registered trademarks Security and Job Management.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security and Job Management.
Interoperability in OMII – Europe (using the new standard compliant SAML-based VOMS to handle attribute-based authz.) Morris Riedel (FZJ), Valerio Venturi.

Interoperability in OMII – Europe (using the new standard compliant SAML-based VOMS to handle attribute-based authz.) Morris Riedel (FZJ), Valerio Venturi.
EMI is partially funded by the European Commission under Grant Agreement RI-261611 Argus Policies Tutorial Valery Tschopp - SWITCH EGI TF Prague.

EMI is partially funded by the European Commission under Grant Agreement RI Argus Policies Tutorial Valery Tschopp - SWITCH EGI TF Prague.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.
Maarten Litmaath (CERN), GDB meeting, CERN, 2006/02/08 VOMS deployment Extent of VOMS usage in LCG-2 –Node types gLite 3.0 Issues Conclusions.

Maarten Litmaath (CERN), GDB meeting, CERN, 2006/02/08 VOMS deployment Extent of VOMS usage in LCG-2 –Node types gLite 3.0 Issues Conclusions.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org WMS + LB Installation Emidio Giorgio Giuseppe La Rocca INFN EGEE Tutorial, Rome 02-04.November.2005.

INFSO-RI Enabling Grids for E-sciencE WMS + LB Installation Emidio Giorgio Giuseppe La Rocca INFN EGEE Tutorial, Rome November.2005.
AN INTEGRATED FRAMEWORK FOR VO-ORIENTED AUTHORIZATION, POLICY-BASED MANAGEMENT AND ACCOUNTING Andrea Caltroni 3, Vincenzo Ciaschini 1, Andrea Ferraro 1,

AN INTEGRATED FRAMEWORK FOR VO-ORIENTED AUTHORIZATION, POLICY-BASED MANAGEMENT AND ACCOUNTING Andrea Caltroni 3, Vincenzo Ciaschini 1, Andrea Ferraro 1,
June 24-25, 2008 Regional Grid Training, University of Belgrade, Serbia Introduction to gLite gLite Basic Services Antun Balaž SCL, Institute of Physics.

June 24-25, 2008 Regional Grid Training, University of Belgrade, Serbia Introduction to gLite gLite Basic Services Antun Balaž SCL, Institute of Physics.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks State of Interoperability Laurence Field.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks State of Interoperability Laurence Field.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org LCAS/LCMAPS and WSS Site Access Control boundary conditions David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE LCAS/LCMAPS and WSS Site Access Control boundary conditions David Groep NIKHEF.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks gLite Authorization Service: Technical Overview.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks gLite Authorization Service: Technical Overview.
Conference name Company name INFSOM-RI-1234567 Speaker name The ETICS Job management architecture EGEE ‘08 Istanbul, September 25 th 2008 Valerio Venturi.

Conference name Company name INFSOM-RI Speaker name The ETICS Job management architecture EGEE ‘08 Istanbul, September 25 th 2008 Valerio Venturi.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Use of VOMS Attributes: semantics and suggestions Vincenzo Ciaschini MWSG 12 Stockholm 12-13/06/07.

INFSO-RI Enabling Grids for E-sciencE Use of VOMS Attributes: semantics and suggestions Vincenzo Ciaschini MWSG 12 Stockholm 12-13/06/07.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org LCAS/LCMAPS and WSS Site Access Control boundary conditions David Groep et al. NIKHEF.

INFSO-RI Enabling Grids for E-sciencE LCAS/LCMAPS and WSS Site Access Control boundary conditions David Groep et al. NIKHEF.

Similar presentations

Ads by Google