1 / 10

MWSG Meeting, Stanford Linear Accelerator Laboratory

MWSG Meeting, Stanford Linear Accelerator Laboratory. Privilege Project Recent Updates. MWSG Meeting June 5-6, 2006 Stanford Linear Accelerator Laboratory. Vikram Reddy Andem. 1.

lefty
Download Presentation

MWSG Meeting, Stanford Linear Accelerator Laboratory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege ProjectRecent Updates MWSG Meeting June 5-6, 2006 Stanford Linear Accelerator Laboratory Vikram Reddy Andem 1 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

  2. MWSG Meeting, Stanford Linear Accelerator Laboratory Where does Privilege fit in Grid Services Privilege Infrastructure Naturally fits Here. 2 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

  3. MWSG Meeting, Stanford Linear Accelerator Laboratory Project Goals • The primary goal of the project was to deliver the execution call-out for • finer-grained authorization of processing resources 3 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

  4. MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Architecture – Compute Element 4 Proposed architecture (Dane Skow, Markus Lorch, Ian Fisk) 04//2004 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

  5. MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Architecture (continued) VOMS Execution site SAZ Compute Element Gatekeeper GRAMgridFTP site GUMSServer PRIMA Storage Element SRM/dCache StorageAuthorizationService gPLAZMA 5 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

  6. MWSG Meeting, Stanford Linear Accelerator Laboratory Project Achievements • Privilege has delivered an infrastructure that has been deployed on OSG • The authorization system has been deployed on all CMS-T2 centers, the T1 • at FNAL, FermiGrid, BNL, etc. - CMS and ATLAS have defined roles that can be implemented within VOMS • VOMS extended proxy is parsed by the callout and given to GUMS for • authentication • The release for the pre-web service globus-gatekeeper callout is stable • - Relatively light operations support • A couple of tickets a month, so far rapidly solved 6 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

  7. MWSG Meeting, Stanford Linear Accelerator Laboratory Recent Advances and News • Prima Web services callout for GT4 has been developed and is currently • distributed with VDT 1.3.9 • Prima 64-bit callout version has been developed and is currently distributed • with VDT 1.3.9 • As a part of the Policy, Publication and Trust Project we delivered • - VO Policy Template for Open Science Grid • - Site Policy Template for Open Science Grid • Transition of Privilege Project leadership (Gabriele Garzoglio) • - gPLAZMA (Abhishek Rana, UCSD / Ted Hesselroth, FNAL) • - GUMS (John Hover, BNL) • - PRIMA (Vikram Andem) • - SAZ (Valery Sergeev, FNAL) • - SRM/d-Cache (DESY/FNAL teams) • - VOMS (INFN team, Italy) • Working with Igor Sfiligoi (INFN) on Glexec SAML callout to GUMS 7 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

  8. MWSG Meeting, Stanford Linear Accelerator Laboratory Current Activities • Support PRIMA and GUMS code for 32/64 bits for GT2 and GT4 for • CMS T1&2 + OSG VO (best effort) (50% Vikram) • Deploy and support gPlazma infrastructure for CMS Tier 1&2 • (important for SRM v2 deployment) (50% Ted for 3 mo) • Fix GUMS memory management problems (John Hover et al.: up to .5 FTE for 3 weeks) • Stress test of the GT4 PRIMA call-out (John W.: 5 FTE days) • Integration of gLexec with Privilege (8.5 FTE weeks) • Integrate GUMS with a monitoring/alarm infrastructure (.2 FTE/2 mo) 8 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

  9. MWSG Meeting, Stanford Linear Accelerator Laboratory Future Plans – Ideas ? • Simplify / Aggregate architecture • - Update communication protocols (from extended SAML v1.1 to SAML v2.0) • - Improve PRIMA build process • Publication of role-based privilege policy (with EGEE) • Extend privilege enforcing to network management • Long term directions • - Investigate direct DN rights enforcement (no UID mapping) • - Integrate Privilege Project with Policy Discovery Services 9 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

  10. MWSG Meeting, Stanford Linear Accelerator Laboratory Questions? 10 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

More Related