Instrumentation of the SAM-Grid Gabriele Garzoglio CSC 426 Research Proposal.
May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project –...
-
Upload
jeffry-andrews -
Category
Documents
-
view
217 -
download
2
Transcript of May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project –...
Gabriele GarzoglioMay 8, 2007 1/15
VO Services Project – Status Report
VO Services Project – Status Report
Overview and PlansMay 8, 2007
Computing Division, Fermilab
Gabriele Garzoglio
Gabriele GarzoglioMay 8, 2007 2/15
VO Services Project – Status Report
Overview
• Status
• Effort
• Closing Phase II – Phase I closed as VO Privilege Project on
transition from Ian Fisk a year ago
• Phase III ?
Gabriele GarzoglioMay 8, 2007 3/15
VO Services Project – Status Report
Project Definition
From Project Database:
“The VO Services project provides user registration services and fine-graned access management to computing and storage resources on the Grid.”
Gabriele GarzoglioMay 8, 2007 4/15
VO Services Project – Status Report
synchronizes
VO Services Architecture
Gabriele GarzoglioMay 8, 2007 5/15
VO Services Project – Status Report
WBS Update since last status Nov 2006
• Support ongoing for all of the above.
• Integration with ML not needed - ML deprecated on OSG
• GUMS monitor in place at GOC.
• Still want to improve validation framework
• Scalability measur. by end of Phase II
Gabriele GarzoglioMay 8, 2007 6/15
VO Services Project – Status Report
• Memory leak fix released to all of OSG.
• GUMS release V1.2 developed and in test addresses many but not all requests
• GPlazma deployed.• gLExec deployed (see Igor’s talk)
Gabriele GarzoglioMay 8, 2007 7/15
VO Services Project – Status Report
• VOMRS developments done (see slides from Tanya)• Work on longer term roadmap proceeding and now defined as VO
Services / Grid Security Services Phase III.
Gabriele GarzoglioMay 8, 2007 8/15
VO Services Project – Status Report
Deployment on OSG
• The authorization system GUMS has been deployed at O(10) sites– US CMS T2 centers and T1 at FNAL– US ATLAS T2 centers and T1 at BNL– FermiGrid (includes SAZ) et al.
• US CMS, US ATLAS, DZero, et al. have defined roles that are implemented within VOMS.
• Sites configure GUMS (PDP) to implement local identity mapping
Gabriele GarzoglioMay 8, 2007 9/15
VO Services Project – Status Report
Effort
VO Services Effort
0
0.5
1
1.5
2
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Months since J an 2006
FTE
s
Management
Support
Devel./Int. (CMS)
Devel./Int.
Disclaimer: effort from John Weigand NOT reported (~20%)
Change of Project LeadershipStart Phase II
New Reporting Activities
Gabriele GarzoglioMay 8, 2007 10/15
VO Services Project – Status Report
Closing Project Phase II
Deliverable of Phase II are due in the time scale of OSG V0.8.0 release (Aug 07):
• GUMS v1.2 implementing most of WBS items above.• LIGO Authentication Requirements (see Igor’s Talk)• gLExec deployment for CDF/CMS (see Igor’s Talk).
– Will be in VDT.
• gPlazma– Deployment underway. Further development and maintenance
part of dCache.– Storage role/access requirements part of Phase III
• VOMRS 1.3. Part of VDT release 1.6.1 in May 2006.– CERN (01/07), Fermilab (04/07), APAC (11/06)
Gabriele GarzoglioMay 8, 2007 11/15
VO Services Project – Status Report
New Request from OSG
• Document current use of credential attributes precisely and completely. – Document how attributes are used by VOs and Sites.– Due for OSG Blueprint meeting Jun 7.– Identify inconsistencies. – Record typical sites configurations.
• Use as a basis in OSG and at Fermilab to discuss future directions.
Gabriele GarzoglioMay 8, 2007 12/15
VO Services Project – Status Report
Options for Phase III?• Phase II of the project is minimally operations and maintenance for
the stakeholders. Will require ~0.5 FTE. – May be new requirements to meet interoperability with EGEE once Job
Prioritization really in use. – May be new requirements to meet security requirements of Fermilab
and other sites.
• Could include completing current requests for GUMS (V2.0) (~6 FTE months. Request for BNL to continue OSG support for GUMS development is under discussion). Improve:– configuration management (hot swapping configs)– usability (access historical mapping information, full role-mapping to
pool accounts)– debugging capabilities– redundant service configurations (with FermiGrid)
Gabriele GarzoglioMay 8, 2007 13/15
VO Services Project – Status Report
Goals for Phase III ?• Interface/integrate/migrate OSG AuthZ components more into emerging
standards.
• Set path for less effort in the future
• Prepare for use of new AuthN mechanisms (ie Shiboleth).• VOMRS
– Interface to Shib; Use more standard workflow engine, persistency, UI technology• Accounting integration : Interface roles GRAM-Auditing and Gratia• Support finer-grain access to Storage
– SRM/dCache does not manage privileges directly via X509 credential attributes. UID, GID, Root Path, … mappings are required.
– Stakeholders are interested in supporting combinations of read / write accesses to files / directories by VO, VO groups, and group roles.
• Improve software stack validation and regression tests across releases.• Ongoing OSG - EGEE AuthZ interoperability. Already started:
– Globus develops the common library (based on XACML2/SAML2): β-version released on schedule (Apr 07).
– Understanding and feeding back OSG and EGEE requirements: implementation of some key features estimated for June
– Holding regular meetings (Oct 06, Feb 07, Mar 07, Apr 07, planned Jun 07)
Gabriele GarzoglioMay 8, 2007 14/15
VO Services Project – Status Report
What about Policy ?
• Currently no mechanism to define VO authorization policies and apply them consistently across sites.– SBIR Phase I grant approved
• More maintainable authentication management by implementing certificate validation service site-centralized.
• Integration with distributed Identity Management Services (Shibboleth)
Gabriele GarzoglioMay 8, 2007 15/15
VO Services Project – Status Report
How do we decide the roadmap?
• Complete Phase II in August.• Review and respond to “Credential Attribute Usage
Paper”.• Establish commitment of EGEE to common protocols:
Visit to EGEE in June. • Establish commitment of Globus to collaboration:
Deliverables in progress.• Update the requirements of stakeholders for Policy
definition and enforcement.
Briefing to CD in July as part of the activity based budget planning?