Overview - PowerPoint PPT Presentation

About This Presentation
Title:

Overview

Description:

keeping the pace with new security paradigms ... USCMS, OSG, FNAL VOs (Astronomy, Run II, ...), FermiGrid, Storage at FNAL ... – PowerPoint PPT presentation

Number of Views:23
Avg rating:3.0/5.0
Slides: 7
Provided by: cddocd
Category:
Tags: overview | run | up

less

Transcript and Presenter's Notes

Title: Overview


1
Grid Services Activities on Security
  • Overview
  • Grid Services Tactical Plan
  • VO Services Activities
  • ReSS and Other Activities

Gabriele Garzoglio Computing Division,
Fermilab Grid Coordination Meeting Sep 25, 2007
2
Grid Services Tactical Plan
Tactical Plan
This Talk
  1. Develop features and improve robustness of the VO
    Services infrastructure .
  2. Extend deployment of and support the VO Services
    infrastructure
  3. Integrate standard authorization call-out
    libraries, in order to enable
    interoperability .
  4. Integrate support for emerging standards and
    increasingly complex use cases in the VO Service
    infrastructure.
  5. Provide maintenance and support for the ReSS WMS
    . Understand operational needs for the
    infrastructure.
  • Support and Improvement of the base
    infrastructure
  • Authorization Interoperability
  • Next Generation Storage AuthZ Models
  • Privilege Policy Management
  • Other Activities

3
VO Services
  • VO user membership management and fine-grained
    authorization to Grid resources
  • Vision / Driving Forces for Phase III( Status
    report at http//cd-docdb.fnal.gov/cgi-bin/ShowDoc
    ument?docid2144 )
  • keeping the pace with new security paradigms
  • providing excellent support for the current
    infrastructure
  • reducing overall maintenance
  • Stakeholders
  • USCMS, OSG, FNAL VOs (Astronomy, Run II, ),
    FermiGrid, Storage at FNAL
  • Representatives contacted Burt Holzman, Ian
    Fisk, Mine Altunay, John Weigand, Doug Benjamin,
    Jim Annis, Timur Perelmutov
  • Base Infrastructure
  • PRIMA, GUMS, VOMRS VO Services proj.
  • gLexec VO Services proj.
  • See Igors talk
  • gPlazma Interfacing with dCache proj.
  • Effort
  • FNAL 1.1 FTE (0.6 CD 0.5 CMS) Total 1.6 FTE
    (FNAL 0.5 BNL)

4
VO Services Activities 1
  • Support and Improvement of the base
    infrastructure (High Priority)
  • Ongoing. FNAL Effort _at_ 0.6 FTE
  • Foci (1) Robustness and Usability (2) VOMRS
    vital features
  • Stakeholders FermiGrid, BNL, USCMS, OSG VOs,
    OSG Facility ?
  • Authorization Interoperability (Medium Priority)
  • Enables Middleware developed in the US (e.g. SRM)
    to use EU Authorization infrastructure and vice
    versa. Collaboration with EGEE and Globus
  • Stakeholders USCMS, Software Providers (Globus,
    OSG group, dCache, Condor ?, )
  • Milestones Date (activity) (FTE)
  • Aug 07 (alpha met) (0.1) Dec 07 (beta) (0.2)
    Feb 08 (beta Integration) (0.5) Apr 08 (v1)
    (0.2) Jun 08 (v1 Int.) (0.5)

5
VO Services Activities 2
  • Support Storage Groups in Defining Next
    Generation Storage AuthZ Models (Medium Priority)
  • Interaction with storage projects at FNAL
    (SRM/dCache, OSG Ext. and VDT)
  • Stakeholders OSG, USCMS
  • VO Service Proj. _at_ 0.1 FTE (Consulting Role)
    upon request
  • Privilege Policy Management (Medium Priority)
  • Allows VOs to express privileges directly Sites
    to implement and verify privileges. Evaluation
    and prototypical work. Collaboration with TechX,
    funded via SBIR Phase I
  • Stakeholders OSG
  • FNAL Effort _at_ 0.1 FTE from VO Service Proj.
    (Customer / Stakeholder role)
  • Plan in progress. Duration 9 months.
  • Deliverables
  • Policy schema/language (3 mo. _at_ 0.2? FNAL)
  • Policy tools (6 mo. _at_ 0.1? FNAL)

6
Other Activities
  • Requests from VO Service Proj. Stakeholders. May
    lack available effort. (Low Priority)
  • Attribute Certificate Validation at Resource
    Gateway
  • Depends on acceptance and deployment of new VOMS
  • Broaden / Standard AuthZ call-out Interfaces
  • Needed for Accounting. May lower overall
    maintenance.
  • Site Validation Service (Authentication Service)
  • Integrating Shibboleth Attribute Authority
  • End-to-end security / Epensys (see Igor)
  • Authenticate Client Access to ReSS central
    services (Low Priority)
  • Once a user community is formed (during OSG
    0.8.0), restrict access to providers and
    requesters of information
Write a Comment
User Comments (0)
About PowerShow.com