Privilege Project Vikram Andem
Upcoming SlideShare
Loading in...5
×
 

Privilege Project Vikram Andem

on

  • 354 views

Privilege Project Vikram Andem

Privilege Project Vikram Andem

Statistics

Views

Total Views
354
Views on SlideShare
354
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Privilege Project Vikram Andem Privilege Project Vikram Andem Presentation Transcript

  • MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Project Recent Updates MWSG Meeting June 5-6, 2006 Stanford Linear Accelerator Laboratory Vikram Reddy Andem 1 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • MWSG Meeting, Stanford Linear Accelerator Laboratory Where does Privilege fit in Grid Services Privilege Infrastructure Naturally fits Here. 2 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • MWSG Meeting, Stanford Linear Accelerator Laboratory Project Goals The primary goal of the project was to deliver the execution call-out for finer-grained authorization of processing resources 3 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Architecture – Compute Element Proposed architecture (Dane Skow, Markus Lorch, Ian Fisk) 04//2004 Vikram Reddy Andem, Fermilab Privilege Management 4 June 06, 2006
  • MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Architecture (continued) VOMS Execution site Compute Element Gatekeeper GRAM gridFTP PRIMA SAZ site GUMS Server Storage Element SRM/ dCache gPLAZMA Storage Authorization Service 5 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • MWSG Meeting, Stanford Linear Accelerator Laboratory Project Achievements • Privilege has delivered an infrastructure that has been deployed on OSG - The authorization system has been deployed on all CMS-T2 centers, the T1 at FNAL, FermiGrid, BNL, etc. - CMS and ATLAS have defined roles that can be implemented within VOMS - VOMS extended proxy is parsed by the callout and given to GUMS for authentication • The release for the pre-web service globus-gatekeeper callout is stable - Relatively light operations support - A couple of tickets a month, so far rapidly solved 6 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • MWSG Meeting, Stanford Linear Accelerator Laboratory Recent Advances and News • Prima Web services callout for GT4 has been developed and is currently distributed with VDT 1.3.9 • Prima 64-bit callout version has been developed and is currently distributed with VDT 1.3.9 • As a part of the Policy, Publication and Trust Project we delivered - VO Policy Template for Open Science Grid - Site Policy Template for Open Science Grid • Transition of Privilege Project leadership (Gabriele Garzoglio) - gPLAZMA (Abhishek Rana, UCSD / Ted Hesselroth, FNAL) - GUMS (John Hover, BNL) - PRIMA (Vikram Andem) - SAZ (Valery Sergeev, FNAL) - SRM/d-Cache (DESY/FNAL teams) - VOMS (INFN team, Italy) • Working with Igor Sfiligoi (INFN) on Glexec SAML callout to GUMS 7 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • MWSG Meeting, Stanford Linear Accelerator Laboratory Current Activities • Support PRIMA and GUMS code for 32/64 bits for GT2 and GT4 for CMS T1&2 + OSG VO (best effort) (50% Vikram) • Deploy and support gPlazma infrastructure for CMS Tier 1&2 (important for SRM v2 deployment) (50% Ted for 3 mo) • Fix GUMS memory management problems (John Hover et al.: up to .5 FTE for 3 weeks) • Stress test of the GT4 PRIMA call-out (John W.: 5 FTE days) • Integration of gLexec with Privilege (8.5 FTE weeks) • Integrate GUMS with a monitoring/alarm infrastructure (.2 FTE/2 mo) 8 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • MWSG Meeting, Stanford Linear Accelerator Laboratory Future Plans – Ideas ? • Simplify / Aggregate architecture - Update communication protocols (from extended SAML v1.1 to SAML v2.0) - Improve PRIMA build process • Publication of role-based privilege policy (with EGEE) • Extend privilege enforcing to network management • Long term directions - Investigate direct DN rights enforcement (no UID mapping) - Integrate Privilege Project with Policy Discovery Services 9 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006
  • MWSG Meeting, Stanford Linear Accelerator Laboratory Questions ? 10 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006