Results of PPDG Site Requirements on AAA Project - PowerPoint PPT Presentation

About This Presentation
Title:

Results of PPDG Site Requirements on AAA Project

Description:

Condor-G proposal looks promising (initial contender) Relies on Proxy Generation Service ... Push Condor-G/MyProxy collab. Incident handling. What forum ? Who ... – PowerPoint PPT presentation

Number of Views:21
Avg rating:3.0/5.0
Slides: 24
Provided by: chep0
Learn more at: https://chep03.ucsd.edu
Category:

less

Transcript and Presenter's Notes

Title: Results of PPDG Site Requirements on AAA Project


1
Results of PPDG Site Requirements on AAA Project
  • Dane Skow
  • Robert Cowles
  • PPDG SiteAAA Project
  • CHEP03
  • March 25, 2003

PPDG Work Supported by the SciDAC Project of the
US Dept. of Energy
2
Summary
  • Site-AAA evaluated current GRID toolkits with
    respect to Resource Provider needs
  • Sites took on specific integration tasks as
    concrete tests of how well they could work with
    existing toolkits.
  • Project advanced both site understanding of GRID
    infrastructure and developers understanding of
    Resource Providers needs.
  • Significant follow-up work remains and should be
    included in the various Grid projects.

3
Tasks Evaluated
4
Community
  • Large HEP Labs represented
  • Integration efforts included working with
    friendly University groups.
  • GRID scale integration tests just now beginning
  • Clash of world views yet to be resolved
  • Site policies
  • Sponsor policies
  • Legal requirements

5
Operational Context
  • Testbed efforts with kludged solutions
  • Some eye to operational needs but mostly from
    reliability aspects, little analysis of
    efficiency measures.

6
From Development to Production
  • The GRID is protocols not implementations
  • Time to begin standardization
  • Integration work hampered by lack of documented
    standards for interfaces, protocols, libraries,
    etc.
  • de facto touchstone is interoperability with
    Globus Toolkit.

7
Reliability
  • Most components still finding bugs in serious
    testing.
  • CMS/D0 had many problems with GridFTP
  • Default accept in GridFTPd non-root
  • Weak encryption tending for grid-proxy-init
  • Need to focus effort (integrators, distributors
    and developers) to eliminate bugs at appropriate
    point. When?
  • We found proper bug reporting to be tedious

8
Exception Handling
  • Currently systems are operated assuming
    competence and goodwill (and that errors aren't
    costly).
  • Need some level of validation effort at
    appropriate time
  • The method for dealing with Exceptions needs to
    be specified as part of a Grid definition.
  • Incident Handling
  • Accreditation
  • Service Level Agreements

9
Outstanding Issues
  • Authentication for Long Running Jobs
  • Condor-G proposal looks promising (initial
    contender)
  • Relies on Proxy Generation Service
  • Standardize
  • MyProxy (NCSA product)
  • KCA (NMI product and FNAL project)
  • VSC (Virtual Smart Card) (SLAC project)
  • Authorization for Long Running Jobs
  • No agreement on whether or how this is done.

10
Federation of Identity
  • Who needs to know which PKI identities correspond
    to the same individual ?
  • Resources that need to map different identities
    to same local account.
  • Virtual Organizations that need to map different
    identities to same member and/or roles.
  • Relying parties that want to correlate actions
    and/or block access to an individual.
  • Accounting system for chargeback mechanisms ?
  • What are the privacy issues ?
  • Who holds the federation ?

11
Incident Response
  • Real-time incident response expected through
    authorization control.
  • Investigation, resolution, and feedback channels
    unclear.
  • Who owns an investigation ?

12
Migration to OGSA
  • Web Services is a new framework with richer
    communications.
  • Some current methods should be re-implemented in
    new framework.
  • Expect same level of integration testing/feedback
    will be needed.

13
Services
  • GRID Level Services provide
  • Standards
  • GGF working hard to transform into an IETF for
    GRIDs.
  • Need to document specifications independent of a
    toolkit.
  • National Level Services provide
  • Clarification of identity privacy requirements.
  • Integration with National ID systems ( is this
    planned ? )

14
Grid Instance Level Services
  • Provide
  • Standards
  • GGF standards allow for non-interoperable
    choices.
  • Minimum standards required for interoperability
  • de facto standard is Globus Toolkit
  • Need
  • Software components (applications, libraries,
    etc.)

15
VO Level Services
  • Provides
  • VO membership and roles management
  • Registration Service (for Resource Providers)
  • Resource Brokering
  • Needs
  • Standard method of asserting authorizations
  • Standard interfaces with Resource Providers
  • Registration
  • Standard Resource Descriptions (incl.
    Authorization requirements

16
Resource Provider Services
  • Provides
  • Minimum standard policy requirements
  • Local Policy Enforcement
  • Point of Contact for Incident Response
  • Needs
  • Policy description schema
  • Local Policy Enforcement Callout
  • Points of contact for VOs and CAs
  • Authentication Method Description

17
GRID Resource Services
  • Provide
  • Fine-grained access control
  • Accounting information
  • Grid transaction support
  • Need
  • Attribute information
  • Authorization services

18
Transaction Services
  • Provide
  • Error handling
  • Need
  • Authorization Services

19
Expected Community Growth
  • Growth of Current Communities
  • Current active PKI community is few 100s in HEP
  • Expect 10X demand within year
  • Interested Parties
  • LHC collaborations
  • Current Large Collaborations (BaBar, CDF, D0)
  • Current Distributed Collaborations (SDSS, LIGO,
    AUGER,...)

20
Trust Relationships
  • Timescale
  • Negotiations contain a good deal of detailed
    discussion, terminology checks, and verification.
  • Start in pair-wise fashion and allow 6 months
  • Establishing Bona Fides
  • Peer review process has been very helpful in
    understanding community practices and consensus
    solutions
  • Maintenance
  • Agreements will tend to decay and periodic checks
    against as built implementations are required.
  • Method of establishing personal contacts

21
eCommerce Parallels
  • eCommerce relies on 2 key aspects
  • Requestor provides identity that can be billed
    charges appropriate to the request.
  • Credit card company insures resource providers
    against loss.
  • What are possible losses in Grids ?
  • Loss of Grid Resource consumables
  • Liability for misuse
  • Manpower for troubleshooting

22
Conclusions
  • Requirements exercise useful earlier in
    development
  • Integration testing useful about now in
    development
  • Written Specifications and Standards needed.
  • Most items needed for Production quality are also
    needed to handoff code to vendors.
  • Problems largely due to (anticipated) success.

23
What needs to be done next?
  • Authorization framework definitions
  • Push Globus/EDG/PRIMA/FNAL collab
  • Interface definitions
  • Globus and GGF drive
  • Virtual Organizations remain virtual
  • EDG and BNL projects
  • Authentication refresh (long running jobs)
  • Push Condor-G/MyProxy collab
  • Incident handling
  • What forum ? Who drives ?
  • Private Key management for the masses
  • KCA/VCS/MyProxy activities are interesting
  • Restricted execution environment
Write a Comment
User Comments (0)
About PowerShow.com