1. CRC exercises
Not happy with the way the document for testbed architecture is progressing
More a collection of contributions from the mware groups rather than a consistent, coherent architecture overview
Try to expand Use Cases for HEPCAL to verify we have identified all the elements involved and how they interact
Start with first use of the system:
Grid Credential Use Case
Then follow on with the steps involved in logging into the grid

2. Grid Credential Use Case
First use case needed to authenticate the user
Messages
User executes program grid_cert_request that sends a request via to CA including user name & cert type
CA signs certificate
CA returns signed certificate
Points Raised
This use case refers to Authentication not Authorization
What happens if multiple requests are received?

3. Grid Authorization Use Case
Follows on from Grid Authentication use case to make a user a member of a single VO
Messages
User sends registration request to VOMS
Minimum info sent by user is DN (user’s name) and Issuing CA but more can be sent if needed by VO manager (e.g. address, telephone number, home institution)
VOMS approves request
VOMS returns confirmation message
Points Raised
Interaction with VOMS for user to be authorized to become a member of a VO is not yet clear: roles and groups within the VO is not covered by this use case
User has to remember of which VOs he is a member
A third party (e.g. another user) could enroll a user with a VO but could not take their identity for activities within the VO
Certificate should really be considered an actor in this use case
Need use cases for the activities of the VO manager

4. Grid Authorization Use Case:EDG 1.2 version
Follows on from Grid Authentication use case to make a user a member of a single VO
Messages
Install cert in internet browser
Enter pass phrase
Browser connects to Marianne site
User fills in form
Minimum info sent by user is DN and Issuing CA, address, telephone number, home institution
This info may be used by VO manager to verify user is correctly identified

5. Grid login Use Case
Follows on from Grid Authentication use case to make a user a member of a single VO
Messages
User sends authenticated message (SSL handshake) to VOMS
VOMS-proxy-init includes DN & issuing CA
VOMS returns signed credential
Includes VO name, group(s), role(s), expiry time
Proxy is stored on the requesting machine as a result of this use case

6. Job Submission Use Case
Follows on from Grid login use case to submit a job
Messages
User Interface sends job description message to Resource Broker
Includes environ (OS=Linux), input files(sysinfo.sh), program(sysinfo.sh), output(stdout,stderr), griddatasets(0)
UI sends authentication message (SSL handshake) to RB
US sends JDL message (gridFTP) to RB
RB creates directory for files
RB returns URL (host& directory) location for files to be transferred
User Interface sends a sequence of messages gridFTP server
Input file: sysinfo.sh
Res Broker parses JDL and establishes requirements
Res Broker sends message to Info Service with query for CEs user is authorized to use
Points raised
Only considers simple job submission. More use cases needed for more sophisticated job submissions
User Interface and Res Broker client are modelled as one actor – Res Broker server is another actor
Need to model GridFTP as a separate actor
Not clear how we establish the list of CEs a user is qualified for – implies gridmapfile is published which breaks security – need to somehow secure Res Broker’s access to this info

7. Use Case order Grid authentication Grid authorization Grid login
Job submission
In these use cases the User Interface actor is considered to include the human user and User Interface service

8. What next Continue CRC exercises In person meetings
Pick use cases according to who is available
Suggested dates: use case cases 12,13,19,20 Sept
General ATF meeting week of 21 October
November: Wed 12th & Thurs 13th
December: Mon 9 & Tues 10th at RAL