Download presentation
Presentation is loading. Please wait.
Published byDella Hood Modified over 9 years ago
1
May 11, 20091/17 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting May 11, 2009 Gabriele Garzoglio Computing Division, Fermilab Overview 1.Action Items from previous meetings 2.Deliverables of Phase III 3.Focus The AuthZ Interop project is closing down Status of the VOMRS / VOMS-admin convergence. 4.Closing activities Maintenance plan and potential risks 5.Stakeholders' input
2
May 11, 20092/17 VO Services Project – Stakeholders’ Meeting Action Items from Past Meeting Distribute list of features in vomrs/voms- admin convergence project to interested parties (Mine Burt). Done Discuss gLExec move to GlideIn WMS project with Atlas representatives (Torre, Maxim, Jose). Done Hold future update meeting on vomrs/voms- admin convergence. See status below Discuss AuthZ Interop architecture w.r.t. LIGO and WS-GK v4.2 with Mine. Considered Done ? Gabriele Garzoglio
3
May 11, 20093/17 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting May 11, 2009 Gabriele Garzoglio Computing Division, Fermilab Overview 1.Action Items from previous meetings 2.Deliverables of Phase III 3.Focus The AuthZ Interop project is closing down Status of the VOMRS / VOMS-admin convergence. 4.Closing activities Maintenance plan and potential risks 5.Stakeholders' input
4
May 11, 20094/17 VO Services Project – Stakeholders’ Meeting Deliverables of Phase III OSG / EGEE Authorization Interoperability (*) Support Storage Groups in Defining Next Generation Storage Authorization Models Convergence of VOMS-admin with VOMRS (*) Investigate Mechanisms to Define and Enforce VO and Site AuthZ Policies (SVOPME w/ TechX) Provide a validation tool for AuthZ config. in OSG Enable VOMS-signed Attribute Certificate Validation at OSG Resource gateways Gabriele Garzoglio Legend: DONE IN-PROGRESS NOT-DONE * see discussion later
5
May 11, 20095/17 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting May 11, 2009 Gabriele Garzoglio Computing Division, Fermilab Overview 1.Action Items from previous meetings 2.Deliverables of Phase III 3.Focus The AuthZ Interop project is closing down Status of the VOMRS / VOMS-admin convergence. 4.Closing activities Maintenance plan and potential risks 5.Stakeholders' input
6
May 11, 20096/17 VO Services Project – Stakeholders’ Meeting Authorization Interoperability Status Software stack certified in EGEE and OSG. Currently being deployed. Middleware Integrated: –Pre-WS Globus GK & GridFTP (PRIMA) –WS-GK v4.2 for “simple” jobs (Native interface) –gLExec (L&L / PRIMA) –SRM/dCache (gPlazma/privilege.jar) & BeStMan (privilege.jar) –PDP: GUMS (privilege.jar) / SCAS Still missing: –WS-GT4.2 for Delegation and RFT (waiting on OSG) –GridFTP / Native interface –WS-GT4.0 : AuthZ Interop integration NOT PLANNED –PDP: SAZ –VOMS PIP incubator project: collab FNAL / ANL / INFN Closing after successfully proven production deployment (Est. 06/09) Gabriele Garzoglio
7
May 11, 20097/17 VO Services Project – Stakeholders’ Meeting Future of Authorization ? Using AuthZ Interop: –Software developed in the US/EU can seamlessly be deployed in the EU/US –Software groups in EGEE/OSG and Globus can share and reuse common code OSG can use EGEE call-out (L&L/SCAS) directly (requires some development, including for gLExec monitoring) Interaction with new EGEE AuthZ Service? –Steven Newhouse wants v1 to be compatible with AuthZ Interop. Gabriele Garzoglio
8
May 11, 20098/17 VO Services Project – Stakeholders’ Meeting PRIMA Pre-WS GK GUMS SAML1 XACML2 SCAS XACML2 SAZ Internal XACML2 GridFTPgLExec WS GK v4.0 SRM/dCache L&L SAML1 lib XACML2 gLite lib PRIMA WS SAML1 lib PRIMA SAML1 lib XACML2 gLite lib PRIMA SAML1 lib XACML2 gLite lib gPlazma SAML1 priv. lib XACML2 priv. lib SAZ Clnt SAZ Clnt SAZ Clnt SAZ Clnt Module Dependencies (OSG case) To SAZ clnts WN CE SE Gateway Call-out XACML lib PDP Legend: Cmpnt EGEE Comp. used in OSG
9
May 11, 20099/17 VO Services Project – Stakeholders’ Meeting Pre-WS GK GUMS SAML1 XACML2 SCAS XACML2 SAZ Internal XACML2 GridFTPgLExec WS GK v4.2 SRM/dCache L&L XACML2 gLite lib GT4.2 Security XACML2 gLite lib gPlazma XACML2 priv. lib XACML2 GT4.2 PEP Module Dependencies (OSG case in 2010) L&L GT4.2 Security WN CE SE XACML2 GT4.2 PEP Gateway Call-out XACML lib PDP Cmpnt Legend: Component or dependency foreseen by 01/2010 Cmpnt EGEE Comp. used in OSG
10
May 11, 200910/17 VO Services Project – Stakeholders’ Meeting Cmpnt Legend: Component or dependency available by 01/2010 Pre-WS GK GUMS SAML1 XACML2 SCAS XACML2 SAZ Internal XACML2 GridFTPgLExecSRM/dCache L&L XACML2 gLite lib XACML2 gLite lib XACML2 gLite lib gPlazma XACML2 priv. lib Module Dependencies (EGEE case) L&L GT4.2 Security WN CE SE XACML2 GT4.2 PEP Gateway Call-out XACML lib PDP L&L
11
May 11, 200911/17 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting May 11, 2009 Gabriele Garzoglio Computing Division, Fermilab Overview 1.Action Items from previous meetings 2.Deliverables of Phase III 3.Focus The AuthZ Interop project is closing down Status of the VOMRS / VOMS-admin convergence. 4.Closing activities Maintenance plan and potential risks 5.Stakeholders' input
12
May 11, 200912/17 VO Services Project – Stakeholders’ Meeting VOMRS / VOMS-admin convergence The convergence is organized in 5 phases: http://indico.cern.ch/getFile.py/access?resId=0&materialId=minut es&confId=42799 The VOMS-Admin developer has coded the features required for JSPG. No certification yet. Gabriele Garzoglio Phase IImplement JSPG requirementsMar 2009 Phase II Migrate essential VOMRS features to VOMS AdminJan 2010 Phase III Interface with third party directory services (CERN HR db)Spring 2010 Phase VIValidation and certification testsN/A Phase VData migration from VOMRS to VOMS AdminN/A
13
May 11, 200913/17 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting May 11, 2009 Gabriele Garzoglio Computing Division, Fermilab Overview 1.Action Items from previous meetings 2.Deliverables of Phase III 3.Focus The AuthZ Interop project is closing down Status of the VOMRS / VOMS-admin convergence. 4.Closing activities Maintenance plan and potential risks 5.Stakeholders' input
14
May 11, 200914/17 VO Services Project – Stakeholders’ Meeting Component Maintenance GUMS: BNL (John H. / Jay P.) –AuthZ RSV Validation Probes (STG / BNL) Prima (Dave D.) –Collab w/ EGEE-Nikhef / Globus for AuthZ Interop libs gPlamza: dCache (Ted H.) –Includes privilege.jar (Collab w/ Jay P.) –Collab w/ EGEE-SWITCH for AuthZ Interop libs gLExec: GlideIn WMS (Burt H. / Dave D.) –Includes Gratia probe VO Policy / SVOPME (Gabriele G.) VOM(R)S convergence (Tanya L.) Gabriele Garzoglio
15
May 11, 200915/17 VO Services Project – Stakeholders’ Meeting Risks Oversubscription of the STG in managing the end-to-end delivery of authorization- related features. Mitigation ? Missed convergence of VOMRS / VOMS- admin. Mitigation: managed as an independent project w/ EGEE Deviation from agreed interoperability standards as the structure of the forum becomes more relaxed. Mitigation ? Gabriele Garzoglio
16
May 11, 200916/17 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting May 11, 2009 Gabriele Garzoglio Computing Division, Fermilab Overview 1.Action Items from previous meetings 2.Deliverables of Phase III 3.Focus The AuthZ Interop project is closing down Status of the VOMRS / VOMS-admin convergence. 4.Closing activities Maintenance plan and potential risks 5.Stakeholders' input
17
May 11, 200917/17 VO Services Project – Stakeholders’ Meeting Conclusions VO Service umbrella project is closing down (est. Jun 09) Major deliverables are mostly either complete or within a project structure to follow up with them (with different degree of risks) –Exceptions: AC gateway validation Passing the baton for AuthZ in OSG to Mine. Gabriele will act as point of contact for triaging authorization questions. Future work on AuthZ will be handled as independent projects. Gabriele Garzoglio
18
May 11, 200918/17 VO Services Project – Stakeholders’ Meeting Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma ID Mapping? Yes / No + UserName VO Services VOMRSVOMS synch register get voms-proxy Submit request with voms-proxy synch 1 4 5 6 7 2 3 WN gLExec Prima Storage Batch System Submit Pilot OR Job (UID/GID) Access Data (UID/GID) 8 8 Schedule Pilot OR Job 9 Pilot SU Job (UID/GID) 10 VO Dave Dykstra PDP A Common Protocol for OSG and EGEE integrated with the GT PEPs AuthZ Components Legend Not Officially In OSG VO Management Services Authorization Infrastructure (the OSG case)
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.