CRC exercises Not happy with the way the document for testbed architecture is progressing More a collection of contributions from the mware groups rather than a consistent, coherent architecture overview Try to expand Use Cases for HEPCAL to verify we have identified all the elements involved and how they interact Start with first use of the system: Grid Credential Use Case Then follow on with the steps involved in logging into the grid

Grid Credential Use Case First use case needed to authenticate the user Messages User executes program grid_cert_request that sends a request via email to CA including user name & cert type CA signs certificate CA returns signed certificate Points Raised This use case refers to Authentication not Authorization What happens if multiple requests are received?

Grid Authorization Use Case Follows on from Grid Authentication use case to make a user a member of a single VO Messages User sends registration request to VOMS Minimum info sent by user is DN (user’s name) and Issuing CA but more can be sent if needed by VO manager (e.g. email address, telephone number, home institution) VOMS approves request VOMS returns confirmation message Points Raised Interaction with VOMS for user to be authorized to become a member of a VO is not yet clear: roles and groups within the VO is not covered by this use case User has to remember of which VOs he is a member A third party (e.g. another user) could enroll a user with a VO but could not take their identity for activities within the VO Certificate should really be considered an actor in this use case Need use cases for the activities of the VO manager

Grid Authorization Use Case:EDG 1.2 version Follows on from Grid Authentication use case to make a user a member of a single VO Messages Install cert in internet browser Enter pass phrase Browser connects to Marianne site User fills in form Minimum info sent by user is DN and Issuing CA,email address, telephone number, home institution This info may be used by VO manager to verify user is correctly identified

Grid login Use Case Follows on from Grid Authentication use case to make a user a member of a single VO Messages User sends authenticated message (SSL handshake) to VOMS VOMS-proxy-init includes DN & issuing CA VOMS returns signed credential Includes VO name, group(s), role(s), expiry time Proxy is stored on the requesting machine as a result of this use case

Job Submission Use Case Follows on from Grid login use case to submit a job Messages User Interface sends job description message to Resource Broker Includes environ (OS=Linux), input files(sysinfo.sh), program(sysinfo.sh), output(stdout,stderr), griddatasets(0) UI sends authentication message (SSL handshake) to RB US sends JDL message (gridFTP) to RB RB creates directory for files RB returns URL (host& directory) location for files to be transferred User Interface sends a sequence of messages gridFTP server Input file: sysinfo.sh Res Broker parses JDL and establishes requirements Res Broker sends message to Info Service with query for CEs user is authorized to use Points raised Only considers simple job submission. More use cases needed for more sophisticated job submissions User Interface and Res Broker client are modelled as one actor – Res Broker server is another actor Need to model GridFTP as a separate actor Not clear how we establish the list of CEs a user is qualified for – implies gridmapfile is published which breaks security – need to somehow secure Res Broker’s access to this info

Use Case order Grid authentication Grid authorization Grid login Job submission In these use cases the User Interface actor is considered to include the human user and User Interface service

What next Continue CRC exercises In person meetings Pick use cases according to who is available Suggested dates: use case cases 12,13,19,20 Sept General ATF meeting week of 21 October November: Wed 12th & Thurs 13th December: Mon 9 & Tues 10th at RAL