Planning: Hardening the rabbit Steve Fisher / RAL 5/3/2004 WP3

Steve Fisher/RAL - 5/3/2004EDG - EGEE2 ARDA impact Our plans as submitted to GridPP2 did not include ARDA There can be no doubt that ARDA will have a major impact –It already has Had expected to have the time to plan properly –Instead we will be struggling to increase quality and rush out a prototype Concern that EGEE > LCG2 It will provide us with quick feedback –Good We will do our best –Have not got a very clear plan yet

Steve Fisher/RAL - 5/3/2004EDG - EGEE3 Accommodating ARDA It is an opportunity for us to rethink the API –Done We need web services now –Prototypes of all services done At the same time we need to come up with a good overall design –Then mostly refactoring –And some new code Need to find out what to implement first –In consultation with ARDA folk

Steve Fisher/RAL - 5/3/2004EDG - EGEE4 ARDA prototype ARDA gives us an opportunity to rethink the API Though only a prototype – will it last? In case it does – we must do a good job of API definition New ARDA document to become public at lunchtime today –It is still very much a working document

Steve Fisher/RAL - 5/3/2004EDG - EGEE5 ARDA API Have already put effort into redesigning the API: –Defined in terms of Java interfaces and Factories Allows implementation to be replaced –e.g. swap between servlets and web service –We have taken the chance to clean up names E.g. Archiver SecondaryProducer –Have also eliminated superfluous calls From maintaining backwards compatibility –Included Authorization design

Steve Fisher/RAL - 5/3/2004EDG - EGEE6 PrimaryProducer HistoryLatest Transitory Like old StreamProducer but will also support one- off (“History”) queries No old counterpart Persistent Combines old ResilientStreamProducer with DataBaseProducer Like old LatestProducer but will also support continuous queries Minimum Retention Period is used uniformly The old cleanup predicate has gone All support continuous queries

Steve Fisher/RAL - 5/3/2004EDG - EGEE7 Security Authorization rules –local to a VO –Define actions certificate holder may carry out ability to publish information (via a Producer) query (via a Consumer) to discover what Producers exist TableAuthorisation object passed into the declareTable() call. –Holds a set of (VO, AuthzRuleSet) pairs AuthzRule (for Consumer) is a pair of (View, AllowedCredentials) –May become a triplet

Steve Fisher/RAL - 5/3/2004EDG - EGEE8 View If you match the allowed credentials you will have read access to the data defined in that view If credentials match two rules you will be able to see the union of the two views So if you issue a query to see data you are not allowed to see, you will just receive an empty set. View and AllowedCredentials are parameterised –Keywords, enclosed in “[ ]” replaced by their actual values: DN, VO, GROUP, ROLE and CAPABILITY

Steve Fisher/RAL - 5/3/2004EDG - EGEE9 Example CREATE Table Job (Jobid…, State…, Owner…, OwnersGroup…, Usage…, JobDesc…) To impose the constraints that a row of the table is available to the owner of the job, i.e. if the DN matches: –SELECT * from Job where Owner=‘[DN]’ DN=‘[DN]’ To allow the VO admin role to see all but the JobDesc field: –SELECT JobID, State, Owner, OwnersGroup, Usage from Job ROLE=‘Voadmin’;

Steve Fisher/RAL - 5/3/2004EDG - EGEE10 Project planning and tracking In EDG WP3 used MSProject with generated HTML and s Thinking of using one of the various tools based on httpd+php+mysql to allow all to follow progress –e.g. aceproject at: commercial but quite cheap –At least 3 good looking free products DotProject – PHProjekt – The Ultimate Team Organization Software (TUTOS) –