Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org VO Naming practice and suggested development Oscar Koeroo.

Published byEllen Montgomery Modified over 8 years ago

Similar presentations

Presentation on theme: "INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org VO Naming practice and suggested development Oscar Koeroo."— Presentation transcript:

1 INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org VO Naming practice and suggested development Oscar Koeroo

2 Enabling Grids for E-sciencE INFSO-RI-031688 Oscar Koeroo - Pilzen 2 Index.voms VO Name Information New Global VO Naming convention The solution What we did for GGF AuthZ workgroup The accepted VO Naming statement The document highlights

3 Enabling Grids for E-sciencE INFSO-RI-031688 Oscar Koeroo - Pilzen 3 VO Name Information (1) Allowed VO (and group/role name) characters: –[a-zA-Z0-9-_\.] –In English:  VO names can start with a number  VO Names are alphanumeric and can also contain the characters minus/dash/hyphen, underscore and dot The FQAN format is defacto standardized to the following format: –Group(s) part:  / [[/ ]/ ] Where equals the root group which equals the VO Name –Role part:  [/Role= ] –Capability part (deprecated but still available):  [/Capability= ] –An FQAN is a concatenation of the Group(s), Role and Capability part

4 Enabling Grids for E-sciencE INFSO-RI-031688 Oscar Koeroo - Pilzen 4 VO Name Information (2) VO names *should* not have a limited length (including the group and role names) Examples: /United-Federation-Of-Planets_Starship.Enterprise.NGC1701/Role=NULL/Capability=NULL 83 characters: VO Name (root group) only /picard/whatistheexactamountofcharactersthatIcanputintothishugestringtobeusedforanormaltypeofgroupinthev onamedafterthecaptainoftheussenterprisefromthestartrekthenextgenerationseriesfromthenineteennightees/Rol e=NULL/Capability=NULL 230 characters: VO Name and one group /picard/whatistheexactamountofcharactersthatIcanputintothishugestringtobeusedforanormaltypeofgroupinthev onamedafterthecaptainoftheussenterprisefromthestartrekthenextgenerationseriesfromthenineteennightees/Rol e=thisisanewrolespecificallycreatedtocrashasystemthatusesVOMSofcourseIhopethatmysoftwarewhichisLCMAP Sprimarilywillholdoutofcourse/Capability=NULL 354 characters: VO Name, one group and one role /TEST/012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345 678901234567890123456789012345678901234567890123456789012345678/Role=NULL/Capability=NULL 281 characters: VO Name and one group which combined are a max length /TEST/012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345 678901234567890123456789012345678901234567890123456789012345678/Role=012345678901234567890123456 789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012 345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678 9012345678901234567890123456789/Capability=NULL 527 characters: VO Name and previous displayed group plus a Role of max length On initiative of Steven Burke to test these things

5 Enabling Grids for E-sciencE INFSO-RI-031688 Oscar Koeroo - Pilzen 5 VO Name Information (3) voms-proxy-info –all subject : /O=dutchgrid/O=users/O=nikhef/CN=Oscar Koeroo/CN=proxy issuer : /O=dutchgrid/O=users/O=nikhef/CN=Oscar Koeroo identity : /O=dutchgrid/O=users/O=nikhef/CN=Oscar Koeroo type : proxy strength : 512 bits path : /tmp/x509up_u7381 timeleft : 11:59:19 VO : TEST subject : /O=dutchgrid/O=users/O=nikhef/CN=Oscar Koeroo issuer : /O=dutchgrid/O=hosts/OU=nikhef.nl/CN=kuiken.nikhef.nl attribute : /TEST/012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234 5678901234567890123456789012345678901234567890123456789012345678/Role=01234567890123456789012345 67890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345 6789012345678901234567890123456789/Capability=NULL attribute : /TEST/blaat/Role=NULL/Capability=NULL attribute : /TEST/workshop/Role=NULL/Capability=NULL attribute : /TEST/workshop_with_a_long_or_more_or_less_huge_name/Role=NULL/Capability=NULL attribute : /TEST/blaat/test/Role=NULL/Capability=NULL attribute : /TEST/012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234 5678901234567890123456789012345678901234567890123456789012345678/Role=NULL/Capability=NULL timeleft : 11:59:18

6 Enabling Grids for E-sciencE INFSO-RI-031688 Oscar Koeroo - Pilzen 6 VO Name Information (4) In theory there is no limit to the names –This MUST be honored in all middleware that uses FQANs –In reality the VOMS Database itself has a (practical) limitation to the length originating from the VOMS DB schema The Group(s), Role and Capability parts currently have a database limited length of 255 characters each –Which means 255 -1 characters are possible for a VO name at maximum because all group FQANs are prefixed with a slash  No (sub) groups can then be created within such string –The Role string (without “/Role=“) can be 255 characters –The Capability string (without the “/Capability=“) can be 255 characters

7 Enabling Grids for E-sciencE INFSO-RI-031688 Oscar Koeroo - Pilzen 7 VO Name Information (5) …which means that an FQAN can be: Groups part = 255 characters Role part = “/Role=“ (6) + 255 = 261 chars Capability part = “/Capability=” (12) + 255 = 267 chars … as large as: 255 + 261 + 267 = 783 characters

8 Enabling Grids for E-sciencE INFSO-RI-031688 Oscar Koeroo - Pilzen 8 New Global VO naming proposal The Problem: –No name (space) control –Name clashes are starting to appear  FUSION and FUSION’ first real name clash  ATLAS vs. USATLAS vs. Swiss Atlas vs. NorduGrid ATLAS One VO with different names  uscms vs. cms One VO with different names  Biomed vs. Bio Italy Two VOs same area of work even same prefix The Solution: –A hierarchical, extensible VO name space is needed

9 Enabling Grids for E-sciencE INFSO-RI-031688 Oscar Koeroo - Pilzen 9 The DNS solution Less confusion and less mix-ups The DNS scheme serves the same kind of purpose RFC 1034: Domain names - concepts and facilities –Section 3.4 - Example name space –Strong urge to only use 7-bit ASCII characters  a-zA-Z[a-zA-Z0-9-\.]*\.

10 Enabling Grids for E-sciencE INFSO-RI-031688 Oscar Koeroo - Pilzen 10 Time for GIN? The VO Grid Interoperability Now is the first to be created in the new scheme gin.ggf.org

11 Enabling Grids for E-sciencE INFSO-RI-031688 Oscar Koeroo - Pilzen 11 Time for a change? The VO Grid Interoperability Now is the first to be created in the new scheme gin.ogf.org

12 Enabling Grids for E-sciencE INFSO-RI-031688 Oscar Koeroo - Pilzen 12 The VO Naming statement The VO name is a string, used to represent the VO in all interactions with grid software, such as in expressions of policy and access rights. The VO name MUST be formatted as a subdomain name as specified in RFC 1034 section 3.5. The VO Manager of a VO using a thus-formatted name MUST be entitled to the use of this name, when interpreted as a name in the Internet Domain Name System. This entitlement MUST stem either from a direct delegation of the corresponding name in the Domain Name System by an accredited registrar for the next-higher level subdomain, or from a direct delegation of the equivalent name in the Domain Name System by ICANN, or from the consent of the administrative or operational contact of the next-higher equivalent subdomain name for that VO name that itself is registered with such an accredited registrar. Considering that RFC1034 section 3.5 states that both upper case and lower case letters are allowed, but no significance is to be attached to the case, but that today the software handling VO names may still be case sensitive, all VO names MUST be entirely in lower case.

13 Enabling Grids for E-sciencE INFSO-RI-031688 Oscar Koeroo - Pilzen 13 The document… The GGF draft document for VO Naming will contain: An overview on the current EGEE/LCG (and GGF) VO practices –A summary of the available documents created by the JSPG regarding the technical implementation of a VO name and the procedures to run a VO The proposed VO naming convention –Its pros and cons –Middleware implications The dos’ and don’ts’ in working with International Domain Names (IDN) as VO names Describing a solution to the VOMS Certificates distribution problem, for instance: –Secure DNS –Or using an other model by only distribute the DN of the host

14 Enabling Grids for E-sciencE INFSO-RI-031688 Oscar Koeroo - Pilzen 14 Questions ?

Download ppt "INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org VO Naming practice and suggested development Oscar Koeroo."

Similar presentations

IDN TLD Variants Implementation Guideline draft-yao-dnsop-idntld-implementation-01.txt Yao Jiankang.

IDN TLD Variants Implementation Guideline draft-yao-dnsop-idntld-implementation-01.txt Yao Jiankang.
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
The VOMS Attribute Authority and its relation with Shibboleth Presenter: Vincenzo Ciaschini 8 th TF-EMC2 Meeting Firenze, March 2007.

The VOMS Attribute Authority and its relation with Shibboleth Presenter: Vincenzo Ciaschini 8 th TF-EMC2 Meeting Firenze, March 2007.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE Tutorial Getting started with GILDA.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Tutorial Getting started with GILDA.
Www.eu-eela.eu E-science grid facility for Europe and Latin America A Data Access Policy based on VOMS attributes in the Secure Storage Service Diego Scardaci.

E-science grid facility for Europe and Latin America A Data Access Policy based on VOMS attributes in the Secure Storage Service Diego Scardaci.
Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.

Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org VO Naming Proposals Explanation (first) and Discussion (after first) Oscar Koeroo JRA3.

INFSO-RI Enabling Grids for E-sciencE VO Naming Proposals Explanation (first) and Discussion (after first) Oscar Koeroo JRA3.
Using Visual Basic 6.0 to Create Web-Based Database Applications

Using Visual Basic 6.0 to Create Web-Based Database Applications
New gTLD Basics. 2  Overview about domain names, gTLD timeline and the New gTLD Program  Why is ICANN doing this; potential impact of this initiative.

New gTLD Basics. 2  Overview about domain names, gTLD timeline and the New gTLD Program  Why is ICANN doing this; potential impact of this initiative.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org XACML and G-PBox update MWSG 14-15/09/2005 Presenter: Vincenzo Ciaschini.

INFSO-RI Enabling Grids for E-sciencE XACML and G-PBox update MWSG 14-15/09/2005 Presenter: Vincenzo Ciaschini.
1 The Geography and Governance of Internet Addresses Paul Wilson APNIC.

1 The Geography and Governance of Internet Addresses Paul Wilson APNIC.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,

INFSO-RI Enabling Grids for E-sciencE Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.

INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
Summary of Accounting Discussion at the GDB in Bologna Dave Kant CCLRC, e-Science Centre.

Summary of Accounting Discussion at the GDB in Bologna Dave Kant CCLRC, e-Science Centre.
New gTLD Basics. 2  Overview about domain names, gTLD timeline and the New gTLD Program  Why is ICANN doing this; potential impact of this initiative.

New gTLD Basics. 2  Overview about domain names, gTLD timeline and the New gTLD Program  Why is ICANN doing this; potential impact of this initiative.
JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.

JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org VO BOX Summary Conclusions from Joint OSG and EGEE Operations Workshop - 3 Abingdon, 27 -

INFSO-RI Enabling Grids for E-sciencE VO BOX Summary Conclusions from Joint OSG and EGEE Operations Workshop - 3 Abingdon, 27 -
Global Grid Forum GridWorld GGF15 Boston USA October 03 2005 Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science.

Global Grid Forum GridWorld GGF15 Boston USA October Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science.

Similar presentations

Ads by Google