VOMS chapter 1&1/2 Alessandra Forti Sergey Dolgodobrov HEP Sysman meeting 5 December 2005.

Slides:

Advertisements

Similar presentations

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

Advertisements

NorthGrid status Alessandra Forti Gridpp15 RAL, 11 th January 2006.

INFSO-RI Enabling Grids for E-sciencE Information and Monitoring Status and Plans GridPP16, QMUL, 29 Jun 2006 Steve.

NorthGrid status Alessandra Forti Gridpp12 Brunel, 1 February 2005.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

Andrew McNab - Manchester HEP - 24 May 2001 WorkGroup H: Software Support Both middleware and application support Installation tools and expertise Communication.

The LHC experiments AuthZ Interoperation requirements GGF16, Athens 16 February 2006 David Kelsey CCLRC/RAL, UK

Steve Traylen Particle Physics Department Experiences of DCache at RAL UK HEP Sysman, 11/11/04 Steve Traylen

4/2/2002HEP Globus Testing Request - Jae Yu x Participating in Globus Test-bed Activity for DØGrid UTA HEP group is playing a leading role in establishing.

Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Southgrid Status Pete Gronbech: 27th June 2006 GridPP 16 QMUL.

NorthGrid status Alessandra Forti Gridpp13 Durham, 4 July 2005.

Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.

Database Infrastructure Major Current Projects –CDF Connection Metering, codegen rewrite, hep w/ TRGSim++ – Dennis –CDF DB Client Monitor Server and MySQL.

Andrew McNab - Manchester HEP - 22 April 2002 UK Rollout and Support Plan Aim of this talk is to the answer question “As a site admin, what are the steps.

WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.

Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.

Windows 2000 Operating System -- Active Directory Service COSC 516 Yuan YAO 08/29/2000.

VOMS Alessandra Forti HEP Sysman meeting April 2005.

CERN Manual Installation of a UI – Oxford July - 1 LCG2 Administrator’s Course Oxford University, 19 th – 21 st July Developed.

Grid User Management System Gabriele Carcassi HEPIX October 2004.

BOSS Business Objects Shared Service Steve Rademacher – June 2009.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Next steps with EGEE EGEE training community.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE-EGI Grid Operations Transition Maite.

30-Sep-03D.P.Kelsey, SCG Summary1 Security Co-ordination Group (WP7 SCG) EDG Heidelberg 30 September 2003 David Kelsey CCLRC/RAL, UK

Owen SyngeTitle of TalkSlide 1 Storage Management Owen Synge – Developer, Packager, and first line support to System Administrators. Talks Scope –GridPP.

INFSO-RI Enabling Grids for E-sciencE OSG-LCG Interoperability Activity Author: Laurence Field (CERN)

Deployment Summary GridPP11 Jeremy Coles 15th September 2004.

INFSO-RI Enabling Grids for E-sciencE Enabling Grids for E-sciencE Pre-GDB Storage Classes summary of discussions Flavia Donno Pre-GDB.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Production Manager’s Report PMB Jeremy Coles 13 rd September 2004.

Conference name Company name INFSOM-RI Speaker name The ETICS Job management architecture EGEE ‘08 Istanbul, September 25 th 2008 Valerio Venturi.

INFSO-RI Enabling Grids for E-sciencE Information and Monitoring Status and Plans Plzeň, 10 July 2006 Steve Fisher/RAL.

Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.

OSG AuthZ components Dane Skow Gabriele Carcassi.

Derek Ross E-Science Department DCache Deployment at Tier1A UK HEP Sysman April 2005.

HEP SYSMAN 23 May 2007 National Grid Service Steven Young National Grid Service Manager Oxford e-Research Centre University of Oxford.

2-Sep-02Steve Traylen, RAL WP6 Test Bed Report1 RAL and UK WP6 Test Bed Report Steve Traylen, WP6

Andrew McNab - Manchester HEP - 17 September 2002 UK Testbed Deployment Aim of this talk is to the answer the questions: –“How much of the Testbed has.

A. Aimar - EP/SFT LCG - Software Process & Infrastructure1 SPI Software Process & Infrastructure for LCG Project Overview LCG Application Area Internal.

Last update 21/01/ :05 LCG 1Maria Dimou- cern-it-gd Current LCG User Registration, VO management and Authorisation Procedures VOMS workshop

Last update 29/01/ :01 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD CERN VOMS server deployment LCG Grid Deployment Board

LCG CERN David Foster LCG WP4 Meeting 20 th June 2002 LCG Project Status WP4 Meeting Presentation David Foster IT/LCG 20 June 2002.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Update Authorization Service Christoph Witzig,

INFSO-RI Enabling Grids for E-sciencE Policy management and fair share in gLite Andrea Guarise HPDC 2006 Paris June 19th, 2006.

1Maria Dimou- cern-it-gd LCG November 2007 GDB October 2007 VOM(R)S Workshop report Grid Deployment Board.

CNAF Database Service Barbara Martelli CNAF-INFN Elisabetta Vilucchi CNAF-INFN Simone Dalla Fina INFN-Padua.

15-Feb-02Steve Traylen, RAL WP6 Test Bed Report1 RAL/UK WP6 Test Bed Report Steve Traylen, WP6 PPGRID/RAL, UK

SRM-2 Road Map and CASTOR Certification Shaun de Witt 3/3/08.

Stephen Burke – Sysman meeting - 22/4/2002 Partner Logo The Testbed – A User View Stephen Burke, PPARC/RAL.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Study on Authorization Christoph Witzig,

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI VOMS Proxy Lifetime UCB 21 Aug 2012 David Kelsey STFC.

INFSO-RI Enabling Grids for E-sciencE File Transfer Software and Service SC3 Gavin McCance – JRA1 Data Management Cluster Service.

EMI is partially funded by the European Commission under Grant Agreement RI Argus Policies Tutorial Valery Tschopp (SWITCH) – Argus Product Team.

II EGEE conference Den Haag November, ROC-CIC status in Italy

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Grid is a Bazaar of Resource Providers and.

COMP1321 Digital Infrastructure Richard Henson March 2016.

LCG Accounting Update John Gordon, CCLRC-RAL 10/1/2007.

EGEE-II INFSO-RI Enabling Grids for E-sciencE Simone Campana (CERN) Job Priorities: status.

Jean-Philippe Baud, IT-GD, CERN November 2007

Regional Operations Centres Core infrastructure Centres

David Kelsey CCLRC/RAL, UK

UVOS and VOMS differences

A Model for Grid User Management

EGEE VO Management.

Artem Trunov, Günter Quast EKP – Uni Karlsruhe

VOMS deployment for small national VOs and local groups

QoS and SLA in INFN Grid INFN team: Andrea Ceccanti, Vincenzo Ciaschini, Alberto Forti, Andrea Ferraro, Valerio Venturi Location Catania (Italy) Date 4/3/2008.

G-PBox: current status and future plans

Presentation transcript:

VOMS chapter 1&1/2 Alessandra Forti Sergey Dolgodobrov HEP Sysman meeting 5 December 2005

Summary of the previous chapter VOMS software introduced in LCG-2_4_0 No automatic installation but very good installation notes. LCAS/LCMAPS weren’t working properly Grid-mapfile could however be built –Support for small VO –No support for groups/roles in big VOs –Or for users belonging to more than one VO A server was installed in Manchester as part of the Northgrid contribution to the UK testzone. –Could be used but wasn’t “official”

GridPP and NGS GridPP national VOMS to support smaller VOs: phenogrid, t2k Agreement with NGS for mutual support –Common infrastructure to maintain the VOMS servers –Common VOs support –Common distribution of information –Enable each other VOs on each other systems

What is happening in Manchester Manchester –½ FTE for this support: Sergey Dolgodobrov –Tier2 is becoming slowly alive Support part of the Tier2 infrastructure –3 servers for GridPP: 1 Test, 1 production, 1 backup –2 servers for NGS: 1 production, 1 backup Sergey will be the VOMS administrator and will do VOs support –NGS FTE not yet there will give support on best effort

VOMS software At first glance it doesn’t look good Central VOMS servers are unstable –Expected to be fixed with next versions of gLite (current is gLite 1.4) Still in a hybrid phase –LCG clients still under the edg tree of directories –Servers pure gLite –ldap/grid-mapfile and VOMS authz mechanism cohexist. –DN/UID mapping still static

VOMS software (2) Server can still be installed quite easily –Even with gLite tools LCAS/LCMAPS work on the machines installed with LCG tools –Users can be mapped to different VOs correctly –Roles can be assigned Authz hybrid is to allow users to keep on using the system during the transition. –They’ll have to re-register sometimes in the future. Voms-proxy-init works Clients and servers interoperate The system is easy to back up and restore

Local Tests There are 2 test servers in Manchester –Started with gLite 1.3 now moving to gLite 1.4 One system has been reinstalled using the database back up of the other. The upgrade has being completed in the same way T2K VO has been created on IC request RAL and IC RBs and Manchester and IC CE/SE have enabled the VO People testing can be mapped to dteam and t2k

Open questions How will the general infrastructure be? How do VOs can request to be enabled? How do we enable them on the system? How do we distribute the server certificate? How the end point? i.e. how do we configure the mkgridmap.conf And the contact strings? Most importantly: How do we support local VOs to give them privileged access to their resources without backdoors? Voms server naming scheme?

Conclusions Some solutions are on the way, some others are temporary and others need discussion However the production system will be set up next week A gridpp VO will be created for testing –but it could also end up being a mother VO and the real VOs being subgroups T2K will be maintained for now as it is. Other VOs will have to send a request to be created for now to Jeremy Coles until a formal procedure is established.