2006-11-14 1 AstroGrid-D Meeting MPE Garching, M. Braun 2006-11-14 VO Management.

Slides:



Advertisements
Similar presentations
29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Advertisements

Global Grid Forum GridWorld GGF15 Boston USA October Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science.
FP7-INFRA Enabling Grids for E-sciencE EGEE Induction Grid training for users, Institute of Physics Belgrade, Serbia Sep. 19, 2008.
Dec 14, 20061/10 VO Services Project – Status Report Gabriele Garzoglio VO Services Project WBS Dec 14, 2006 OSG Executive Board Meeting Gabriele Garzoglio.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
Site Authorization Service (SAZ) at Fermilab Vijay Sekhri and Igor Mandrichenko Fermilab CHEP03, March 25, 2003.
GUMS status Gabriele Carcassi PPDG Common Project 12/9/2004.
OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.
Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
OSG End User Tools Overview OSG Grid school – March 19, 2009 Marco Mambelli - University of Chicago A brief summary about the system.
VO Management in D-Grid, 2. WS, H. Enke (AstroGrid-D) AGD Grid Account Management.
OSG Middleware Roadmap Rob Gardner University of Chicago OSG / EGEE Operations Workshop CERN June 19-20, 2006.
VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.
May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,
Grid Security 1. Grid security is a crucial component Need for secure communication between grid elements  Authenticated ( verify entities are who they.
G RID M IDDLEWARE AND S ECURITY Suchandra Thapa Computation Institute University of Chicago.
Apr 30, 20081/11 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Apr 30, 2008 Gabriele Garzoglio.
Mine Altunay OSG Security Officer Open Science Grid: Security Gateway Security Summit January 28-30, 2008 San Diego Supercomputer Center.
Mar 28, 20071/9 VO Services Project Gabriele Garzoglio The VO Services Project Don Petravick for Gabriele Garzoglio Computing Division, Fermilab ISGC 2007.
VOMRS/VOMS-Admin Convergence and VO Services Project Status Tanya Levshina Computing Division, Fermilab.
May 11, 20091/17 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting May 11, 2009 Gabriele Garzoglio.
Grid User Management System Gabriele Carcassi HEPIX October 2004.
GUMS Gabriele Carcassi PPDG Collaboration meeting June 27, 2004.
Jan 10, 20091/16 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Jan 10, 2009 Gabriele Garzoglio.
Global Grid Forum GridWorld GGF15 Boston USA October Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science.
Status of the Adoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware 1/18 Status of the Adoption of a SAML-XACML Profile.
Maarten Litmaath (CERN), GDB meeting, CERN, 2006/02/08 VOMS deployment Extent of VOMS usage in LCG-2 –Node types gLite 3.0 Issues Conclusions.
EDG Security European DataGrid Project Security Coordination Group
Mine Altunay July 30, 2007 Security and Privacy in OSG.
VO. VOMS 1. Authentication2. Credentials 3. Authentication Client Resource.
INFSO-RI Enabling Grids for E-sciencE LCAS/LCMAPS and WSS Site Access Control boundary conditions David Groep NIKHEF.
Status of the Adoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware 1/17 Status of the Adoption of a SAML-XACML Profile.
Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.
INFSO-RI Enabling Grids for E-sciencE LCAS/LCMAPS and WSS Site Access Control boundary conditions David Groep et al. NIKHEF.
Oct 19, 20101/16 Adoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware in OSG and EGEE CHEP 2010 Oct 19, 2010 Gabriele.
VO Privilege Activity. The VO Privilege Project develops and implements fine-grained authorization to grid- enabled resources and services Started Spring.
OSG AuthZ components Dane Skow Gabriele Carcassi.
Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.
Ad Hoc VO Akylbek Zhumabayev Images. Node Discovery vs. Registration VO Node Resource User discover register Resource.
VO Membership Registration Workflow, Policies and VOMRS software (VOX Project) Tanya Levshina Fermilab.
Jun 12, 20071/17 AuthZ Interoperability – Status and Plan Gabriele Garzoglio AuthZ Interoperability Status and Plans June 12, 2007 Middleware Security.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Last update 21/01/ :05 LCG 1Maria Dimou- cern-it-gd Current LCG User Registration, VO management and Authorisation Procedures VOMS workshop
Virtual Organization Membership Service eXtension (VOX) Ian Fisk On behalf of the VOX Project Fermilab.
Auditing Project Architecture VERY HIGH LEVEL Tanya Levshina.
OSG Site Admin Workshop - Mar 2008Using gLExec to improve security1 OSG Site Administrators Workshop Using gLExec to improve security of Grid jobs by Alain.
Sep 25, 20071/5 Grid Services Activities on Security Gabriele Garzoglio Grid Services Activities on Security Gabriele Garzoglio Computing Division, Fermilab.
INFSO-RI Enabling Grids for E-sciencE SAML-XACML interoperability Oscar Koeroo.
VOX Project Tanya Levshina. 05/17/2004 VOX Project2 Presentation overview Introduction VOX Project VOMRS Concepts Roles Registration flow EDG VOMS Open.
Sep 17, 20081/16 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Sep 17, 2008 Gabriele Garzoglio.
VOX Project Status T. Levshina. 5/7/2003LCG SEC meetings2 Goals, team and collaborators Purpose: To facilitate the remote participation of US based physicists.
Feb 15, 20071/6 OSG EB Meeting – VO Services Status Gabriele Garzoglio VO Services Status OSG EB Meeting Feb 15, 2007 Gabriele Garzoglio, Fermilab.
Site Authorization Service Local Resource Authorization Service (VOX Project) Vijay Sekhri Tanya Levshina Fermilab.
OSG PKI Transition Impact on CMS. Impact on End User After March , DOEGrids CA will stop issuing or renewing certificates. If a user is entitled.
OSG Status and Rob Gardner University of Chicago US ATLAS Tier2 Meeting Harvard University, August 17-18, 2006.
VO Management Tanya Levshina Computing Division, Fermilab.
Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid ConsortiumCHEP 2006 Mumbai INDIA February gPLAZMA:
OSG VO Security Policies and Requirements Mine Altunay OSG Security Team July 2007.
Why you should care about glexec OSG Site Administrator’s Meeting Written by Igor Sfiligoi Presented by Alain Roy Hint: It’s about security.
Job Priorities and Resource sharing in CMS A. Sciabà ECGI meeting on job priorities 15 May 2006.
Virtual Organization Management Registration Service (VOMRS) T. Levshina J. Weigand S. White Co-Authors: L. Bauerdick, G. Carcassi, I. Fisk, A. Heavey,
Classic Storage Element
A Model for Grid User Management
f f FermiGrid – Site AuthoriZation (SAZ) Service
AuthZ Interop report out
Overview OSG & EGEE Authorization Models
Presentation transcript:

AstroGrid-D Meeting MPE Garching, M. Braun VO Management

AstroGrid-D Meeting MPE Garching, M. Braun Outline VO Management in running projects:  EGEE gLite  Open Science Grid (OSG) – VO Privilege VOMRS Features Using VOMRS with GT4  Pragmatic solution: volist & merge-gridmap  merge-gridmap: Flowchart  Serving multiple VOs & Sub-VOs

AstroGrid-D Meeting MPE Garching, M. Braun VOMS/VOMRS in EGEE gLite VOMRS (Igor Sfiligoi: gLite Authentication)

4 AstroGrid-D Meeting MPE Garching, M. Braun VOMS/VOMRS in OSG VOMRS VOMS Globus Gatekeeper GUMS Facility Authorization Management Grid Facility CE Certificate register submit job callouts membership/ privileges get uid Is authorized? JobManager Certificate Proxy get proxy job Member membership/ privileges PRIMA SE SRM callouts gPlazma get uid, gid, rootpath SAZ (Tanya Levshina: VOMRS)

5 AstroGrid-D Meeting MPE Garching, M. Braun VOMRS Features secure & authenticated management of VO membership, grid resource authorization and privileges:  2-phase registration workflow to register with a VO  Dynamic set of collected personal information  Management of multiple grid certificates per member  VO-level control of member's privileges  notifications of selected changes and events  Permits delegation of responsibilities within the various VO administrators and group managers  Manages hierarchies of groups and group roles  Interfaces to third-party systems like VOMS

6 AstroGrid-D Meeting MPE Garching, M. Braun VOMRS & GT4 Pragmatic solution: Use VOMRS as “VO Information Service” VOMRS DB “volist“ servlet Member Certificate register Grid resource Globus Gatekeeper JobManager job grid- mapfile merge-gridmap job local grid- mapfile local config Auth lists group name Proxy Certificate Submit job List (DN+ID) (crontab)

7 AstroGrid-D Meeting MPE Garching, M. Braun Merge-gridmap flow volist/ VOMRS VO list wget Map to pool account schema Remove non-allowed DNs Remove denied DNs Remap DNs to non-pool accounts Allowed DNs Denied DNs Remap DN+ID Merge with local map local grid- mapfile Check accounts’ existence List of unknown accounts Remove DNs with unknown account names Higher priority Write grid-mapfile grid- mapfile Create sudoers entries RunAs aliases Command entries Lower priority Prefix+format “agd” %.3d

8 AstroGrid-D Meeting MPE Garching, M. Braun Serving multiple (Sub-)VOs VOMRS  VOMRS DB VOMRS A VOMRS DB “volist“ servlet A “volist“ servlet  Grid resource merge-gridmap local grid- mapfile Config Sub-VO /Omega/Uno Auth lists merge-gridmap grid- mapfile Config VO /Alpha Config VO /Omega

9 AstroGrid-D Meeting MPE Garching, M. Braun Summary Using volist/merge-gridmap with VOMRS  offers a lean VO management tool  promises the chance to switch to future EGEE or OSG/VO-Privilege developments via the VOMS interface of VOMRS  provides the possibility to delegate access right management to a central VO management but to keep fine-grained local control  allows a resource to serve multiple VOs

10 AstroGrid-D Meeting MPE Garching, M. Braun Appendix: Glossary VOMRS  Virtual Organisation Management Registration Service  VOMS  Virtual Organization Membership services  LCMAPS  Local Credential MAPping Service

11 AstroGrid-D Meeting MPE Garching, M. Braun Glossary II GUMS  Grid User Management System  PRIMA  PRIvilege Management and Authorization  SAZ  Site AuthoriZation service 

12 AstroGrid-D Meeting MPE Garching, M. Braun Glossary III gPlazma  Grid-aware PLuggable AuthoriZation Management 

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.