A Model for Grid User Management

Slides:

Advertisements

Similar presentations

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Advertisements

Site Authorization Service (SAZ) at Fermilab Vijay Sekhri and Igor Mandrichenko Fermilab CHEP03, March 25, 2003.

GUMS status Gabriele Carcassi PPDG Common Project 12/9/2004.

CMS Applications Towards Requirements for Data Processing and Analysis on the Open Science Grid Greg Graham FNAL CD/CMS for OSG Deployment 16-Dec-2004.

Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.

A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.

Sample School Website Sydney Region ITSU School Support

WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.

VO Management in D-Grid, 2. WS, H. Enke (AstroGrid-D) AGD Grid Account Management.

Software Licensing, Made Simple SELECT Server XM Edition

OSG Operations and Interoperations Rob Quick Open Science Grid Operations Center - Indiana University EGEE Operations Meeting Stockholm, Sweden - 14 June.

OSG Middleware Roadmap Rob Gardner University of Chicago OSG / EGEE Operations Workshop CERN June 19-20, 2006.

VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.

INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.

INFSO-RI Enabling Grids for E-sciencE Logging and Bookkeeping and Job Provenance Services Ludek Matyska (CESNET) on behalf of the.

May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,

Apr 30, 20081/11 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Apr 30, 2008 Gabriele Garzoglio.

Mine Altunay OSG Security Officer Open Science Grid: Security Gateway Security Summit January 28-30, 2008 San Diego Supercomputer Center.

1 1 Service Composition for LHC Computing Grid Monitoring Beob Kyun Kim e-Science Division, KISTI

Mar 28, 20071/9 VO Services Project Gabriele Garzoglio The VO Services Project Don Petravick for Gabriele Garzoglio Computing Division, Fermilab ISGC 2007.

VOMRS/VOMS-Admin Convergence and VO Services Project Status Tanya Levshina Computing Division, Fermilab.

Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager

Grid User Management System Gabriele Carcassi HEPIX October 2004.

GUMS Gabriele Carcassi PPDG Collaboration meeting June 27, 2004.

Global Grid Forum GridWorld GGF15 Boston USA October Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science.

CERN-PH-SFT-SPI August Ernesto Rivera Contents Context Automation Results To Do…

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX1 LCG Security Update HEPiX-HEPNT, TRIUMF, 23 October 2003 David Kelsey CCLRC/RAL, UK

8-Jul-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) RAL, 8 July 2003 David Kelsey CCLRC/RAL, UK

Virtual Batch Queues A Service Oriented View of “The Fabric” Rich Baker Brookhaven National Laboratory April 4, 2002.

Mine Altunay July 30, 2007 Security and Privacy in OSG.

Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.

6/23/2005 R. GARDNER OSG Baseline Services 1 OSG Baseline Services In my talk I’d like to discuss two questions:  What capabilities are we aiming for.

VO Privilege Activity. The VO Privilege Project develops and implements fine-grained authorization to grid- enabled resources and services Started Spring.

December 17, 2015 A Secure VO Software for ATLAS Grid User Management Dantong Yu Brookhaven National Lab.

The OSG and Grid Operations Center Rob Quick Open Science Grid Operations Center - Indiana University ATLAS Tier 2-Tier 3 Meeting Bloomington, Indiana.

VO Membership Registration Workflow, Policies and VOMRS software (VOX Project) Tanya Levshina Fermilab.

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

AstroGrid-D Meeting MPE Garching, M. Braun VO Management.

Virtual Organization Membership Service eXtension (VOX) Ian Fisk On behalf of the VOX Project Fermilab.

verifone HQtm Estate Management Solution

Last update 29/02/ :31 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD VOMS status IT GD Group Meeting

Distributed Data Access Control Mechanisms and the SRM Peter Kunszt Manager Swiss Grid Initiative Swiss National Supercomputing Centre CSCS GGF Grid Data.

VOX Project Tanya Levshina. 05/17/2004 VOX Project2 Presentation overview Introduction VOX Project VOMRS Concepts Roles Registration flow EDG VOMS Open.

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

Sep 17, 20081/16 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Sep 17, 2008 Gabriele Garzoglio.

VOX Project Status T. Levshina. 5/7/2003LCG SEC meetings2 Goals, team and collaborators Purpose: To facilitate the remote participation of US based physicists.

Site Authorization Service Local Resource Authorization Service (VOX Project) Vijay Sekhri Tanya Levshina Fermilab.

VOX Project Status T. Levshina. 8/06/2003VOX Project Status Report2 Task List and Schedule for Virtual Organization and Related Work for USCMS vs. 1.0.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Grid is a Bazaar of Resource Providers and.

VO Management Tanya Levshina Computing Division, Fermilab.

Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,

OSG VO Security Policies and Requirements Mine Altunay OSG Security Team July 2007.

VOX Project Status Report Tanya Levshina. 03/10/2004 VOX Project Status Report2 Presentation overview Introduction Stakeholders, team and collaborators.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Operations Portal OTAG September, 21th 2011 Cyril L’Orphelin – CCIN2P3/CNRS.

Virtual Organization Management Registration Service (VOMRS) T. Levshina J. Weigand S. White Co-Authors: L. Bauerdick, G. Carcassi, I. Fisk, A. Heavey,

Regional Operations Centres Core infrastructure Centres

OGF PGI – EDGI Security Use Case and Requirements

David Kelsey CCLRC/RAL, UK

LCG Security Status and Issues

f f FermiGrid – Site AuthoriZation (SAZ) Service

Summary from last MB “The MB agreed that a detailed deployment plan and a realistic time scale are required for deploying glexec with setuid mode at WLCG.

Class project by Piyush Ranjan Satapathy & Van Lepham

Patrick Dreher Research Scientist & Associate Director

Leigh Grundhoefer Indiana University

Report on GLUE activities 5th EU-DataGRID Conference

Presentation transcript:

A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab

Outline Motivation and System Requirements GUMS (Grid User Management System) System Design and Framework Bigger Picture Current Status Future Work

GUMS: Scope & Limitations Develop Model for Distributed User Registration Work With Existing VO Management Tools Including EDG VOMS Servers used in Grid2003 Help Define Requirements for New & Improved VO Tools Focus on Site Tools for User Management

User Registration Many Sites Require Pre-registration of Users Sites Will Need to Serve Large Sets of Users Users Will Need Access to a Large Number of Sites Sites and VOs Will Need to Work Out User Registration Mechanisms Grid2003 and LCG are Developing Procedures

Registration Requirements Site Requirements Collect Sufficient Information About User and Registration Chain Provide Information to Site in Secure, Trusted, Auditable Manner “Reasonably” Static User List Store History Information, Keep Up-to-Date User Information User Requirements Register Once Per Virtual Organization Registration Must Be “Reasonably” Local “Reasonable” and Static Number of Data Items VO Requirements Sites Must Have “Reasonably” Complete and Up-to-date User List Extensibility of Including More Information

Automated Registration Software Tools – The Easy Part VO User Registry – N Column Database; Several Approaches: VOMS, VOMRS Site – User Database, Configurable Tool to Periodically Pull User Info From One or More VOs, Maintain History, Perform Local Account Mapping, Creating Grid-mapfile Trust Relationships – The Hard Part A VO Structure Needs to Be Created That Will Enforce Agreed Registration Requirements Every Site Must Be Able To Trust Every Registrar Protect User Privacy

Grid User Management System Architecture VO User Registry DB Download User Info VOMS server Cron Job VOMS, VOMRS Regional Registration Authority? VOMS server User info importer New user Membership User left VO CRL Push Remote Local Registration Authority Account Creation And Mapping Cron Job Site User Info DB Grid-Mapfile Generation Module User info Banned User grid-mapfile Synchronize Update Mapping

Where Does GUMS Fit? VOMS EDG SAZ LRAS VOMRS Grid Cluster Local Center Gatekeeper & callouts Local Center Registration Service

Where Does GUMS Fit? ? GUMS VOMRS VOMS EDG Local History LRAS SAZ Grid Cluster Local History LRAS Local Center Registration Service Gatekeeper & callouts SAZ

Current Status The First Stage Development Is Completed Ready to Download and Use Testing by VDT Testers Group Good Documentation http://www.atlasgrid.bnl.gov/testbed/gums/ Characteristics Tractable, Flexible Satisfy the User Registration Requirements GUMS Can Easily Support Large Numbers of Users to Access Multiple Grid Sites Easy Installation and Management User Base Is Still Small Enough for Traditional Registration Methods Which Can Be Used in Parallel With Distributed/automated Tools

Future Plan Integrate Into Larger VOX Scheme Improve Usability and Security Having a Real User Management System Will Expose Issues/problems and Begin Building Trust Infrastructure Force Some Sites to Start Addressing Remote User Registration Issues Promote Tools and Recruit Users!