CRC exercises Not happy with the way the document for testbed architecture is progressing More a collection of contributions from the mware groups rather.

Slides:



Advertisements
Similar presentations
CHEP 2000, Roberto Barbera Roberto Barbera (*) GENIUS: a Web Portal for the GRID Meeting Grid.it, Bologna, (*) work in collaboration.
Advertisements

DataTAG WP4 Meeting CNAF Jan 14, 2003 Interfacing AliEn and EDG 1/13 Stefano Bagnasco, INFN Torino Interfacing AliEn to EDG Stefano Bagnasco, INFN Torino.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Introduction to EGEE hands-on Gergely Sipos.
Enabling Secure Internet Access with ISA Server
FP7-INFRA Enabling Grids for E-sciencE EGEE Induction Grid training for users, Institute of Physics Belgrade, Serbia Sep. 19, 2008.
Grid Resource Allocation Management (GRAM) GRAM provides the user to access the grid in order to run, terminate and monitor jobs remotely. The job request.
Riccardo Bruno, INFN.CT Sevilla, 10-14/09/2007 GENIUS Exercises.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Services Abderrahman El Kharrim
EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.
Summer School Certificates Diego Romano & Gilda Team.
Basic Grid Job Submission Alessandra Forti 28 March 2006.
AustrianGrid, LCG & more Reinhard Bischof HPC-Seminar April 8 th 2005.
Security Mechanisms The European DataGrid Project Team
Session 11: Security with ASP.NET
Riccardo Bruno INFN.CT Sevilla, Sep 2007 The GENIUS Grid portal.
Lecture 7 Interaction. Topics Implementing data flows An internet solution Transactions in MySQL 4-tier systems – business rule/presentation separation.
CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.
VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Nadia LAJILI User Interface User Interface 4 Février 2002.
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.
Module 11: Securing a Microsoft ASP.NET Web Application.
Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.
June 24-25, 2008 Regional Grid Training, University of Belgrade, Serbia Introduction to gLite gLite Basic Services Antun Balaž SCL, Institute of Physics.
CLRC and the European DataGrid Middleware Information and Monitoring Services The current information service is built on the hierarchical database OpenLDAP.
OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland
WWW: an Internet application Bill Chu. © Bei-Tseng Chu Aug 2000 WWW Web and HTTP WWW web is an interconnected information servers each server maintains.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
VO management: Progress since Chicago Workshop Vincenzo Ciaschini 23/5/2002 CNAF – Bologna.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
VO Box Issues Summary of concerns expressed following publication of Jeff’s slides Ian Bird GDB, Bologna, 12 Oct 2005 (not necessarily the opinion of)
Last update 21/01/ :05 LCG 1Maria Dimou- cern-it-gd Current LCG User Registration, VO management and Authorisation Procedures VOMS workshop
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
Open Science Grid Build a Grid Session Siddhartha E.S University of Florida.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Practical using WMProxy advanced job submission.
VOX Project Tanya Levshina. 05/17/2004 VOX Project2 Presentation overview Introduction VOX Project VOMRS Concepts Roles Registration flow EDG VOMS Open.
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
User Interface UI TP: UI User Interface installation & configuration.
Site Authorization Service Local Resource Authorization Service (VOX Project) Vijay Sekhri Tanya Levshina Fermilab.
LCG2 Tutorial Viet Tran Institute of Informatics Slovakia.
Hands on Security, Authentication and Authorization Virginia Martín-Rubio Pascual RedIRIS/Red.es Curso Grid y e-Ciencia.
EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.
Enabling Grids for E-sciencE gLite security pratical tutorial Dario Russo INFN Catania Catania,
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Antonio Fuentes RedIRIS Barcelona, 15 Abril 2008 The GENIUS Grid portal.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Introduction Salma Saber Electronic.
Enabling Grids for E-sciencE Claudio Cherubino INFN DGAS (Distributed Grid Accounting System)
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI solution for high throughput data analysis Peter Solagna EGI.eu Operations.
FESR Trinacria Grid Virtual Laboratory Practical using WMProxy advanced job submission Emidio Giorgio INFN Catania.
Practical using C++ WMProxy API advanced job submission
SFS-HTTP: Securing the Web with Self-Certifying URLs
OGF PGI – EDGI Security Use Case and Requirements
Third Party Transfers & Attribute URI ideas
How to connect your DG to EDGeS? Zoltán Farkas, MTA SZTAKI
Web Development Web Servers.
MyProxy Server Installation
UVOS and VOMS differences
Practicals on VOMS and MyProxy
NAREGI-CA Development of NAREGI-CA NAREGI-CA Software CP/CPS Audit
Certificate management Miroslav Dobrucký Institute of Informatics SAS
PHP / MySQL Introduction
Update on EDG Security (VOMS)
Using SSL – Secure Socket Layer
Network Services.
The New Virtual Organization Membership Service (VOMS)
Grid Security M. Jouvin / C. Loomis (LAL-Orsay)
X-Road as a Platform to Exchange MyData
The GENIUS Security Services
Electronic Payment Security Technologies
Presentation transcript:

CRC exercises Not happy with the way the document for testbed architecture is progressing More a collection of contributions from the mware groups rather than a consistent, coherent architecture overview Try to expand Use Cases for HEPCAL to verify we have identified all the elements involved and how they interact Start with first use of the system: Grid Credential Use Case Then follow on with the steps involved in logging into the grid

Grid Credential Use Case First use case needed to authenticate the user Messages User executes program grid_cert_request that sends a request via email to CA including user name & cert type CA signs certificate CA returns signed certificate Points Raised This use case refers to Authentication not Authorization What happens if multiple requests are received?

Grid Authorization Use Case Follows on from Grid Authentication use case to make a user a member of a single VO Messages User sends registration request to VOMS Minimum info sent by user is DN (user’s name) and Issuing CA but more can be sent if needed by VO manager (e.g. email address, telephone number, home institution) VOMS approves request VOMS returns confirmation message Points Raised Interaction with VOMS for user to be authorized to become a member of a VO is not yet clear: roles and groups within the VO is not covered by this use case User has to remember of which VOs he is a member A third party (e.g. another user) could enroll a user with a VO but could not take their identity for activities within the VO Certificate should really be considered an actor in this use case Need use cases for the activities of the VO manager

Grid Authorization Use Case:EDG 1.2 version Follows on from Grid Authentication use case to make a user a member of a single VO Messages Install cert in internet browser Enter pass phrase Browser connects to Marianne site User fills in form Minimum info sent by user is DN and Issuing CA,email address, telephone number, home institution This info may be used by VO manager to verify user is correctly identified

Grid login Use Case Follows on from Grid Authentication use case to make a user a member of a single VO Messages User sends authenticated message (SSL handshake) to VOMS VOMS-proxy-init includes DN & issuing CA VOMS returns signed credential Includes VO name, group(s), role(s), expiry time Proxy is stored on the requesting machine as a result of this use case

Job Submission Use Case Follows on from Grid login use case to submit a job Messages User Interface sends job description message to Resource Broker Includes environ (OS=Linux), input files(sysinfo.sh), program(sysinfo.sh), output(stdout,stderr), griddatasets(0) UI sends authentication message (SSL handshake) to RB US sends JDL message (gridFTP) to RB RB creates directory for files RB returns URL (host& directory) location for files to be transferred User Interface sends a sequence of messages gridFTP server Input file: sysinfo.sh Res Broker parses JDL and establishes requirements Res Broker sends message to Info Service with query for CEs user is authorized to use Points raised Only considers simple job submission. More use cases needed for more sophisticated job submissions User Interface and Res Broker client are modelled as one actor – Res Broker server is another actor Need to model GridFTP as a separate actor Not clear how we establish the list of CEs a user is qualified for – implies gridmapfile is published which breaks security – need to somehow secure Res Broker’s access to this info

Use Case order Grid authentication Grid authorization Grid login Job submission In these use cases the User Interface actor is considered to include the human user and User Interface service

What next Continue CRC exercises In person meetings Pick use cases according to who is available Suggested dates: use case cases 12,13,19,20 Sept General ATF meeting week of 21 October November: Wed 12th & Thurs 13th December: Mon 9 & Tues 10th at RAL