1 / 9

VOM(R)S WG activity planning

VOM(R)S WG activity planning. https://twiki.cern.ch/twiki/bin/view/LCG/VomsWG Grid Deployment Board 2008-03-05. Reminder of the current WG mandate.

april
Télécharger la présentation

VOM(R)S WG activity planning

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. March 2008 GDB VOM(R)S WG activity planning https://twiki.cern.ch/twiki/bin/view/LCG/VomsWG Grid Deployment Board 2008-03-05

  2. March 2008 GDB Reminder of the current WG mandate • Bring together the VOMS/VOMS-ADMIN/VOMRS developers to ensure the products evolve in a coordinated fashion matching users', VO/ROC Managers', services' and security requirements. • Maintain the quality of CERN HR database link, adapt to the new Oracle versions and report problems with other paraphernalia (e.g. java, tomcat etc) to the relevant gLite deployment bodies for performance and quality. • Ensure thorough product testing and a forum to discuss issues before adoption in production. • Agree on the priorities for bug fixing and information dissemination to users at large. https://twiki.cern.ch/twiki/bin/view/LCG/VomsWG#Mandate

  3. March 2008 GDB Current support situation • Fermilab is willing to keep the responsibility for VOMRS product support and maintainance but does not do: • VOMRS testing in the CERN environment (Oracle and ORGDB == CERN HR DB for LHC VOs)). • Implementation of new features. • In a period of reduced resources, it is hard to maintain expertise for testing and operating our special service set-up (see the list of the required relevant documentation here).

  4. March 2008 GDB How today’s idea was born • VOMS developers are adding more and more features that exist in VOMRS • This started to show with the introduction of voms-admin-2.x and continues. (See material from recent presentation at FNAL discussed in our VOM(R)S WG regular check-point meeting of 2008-02-26 http://indico.cern.ch/materialDisplay.py?materialId=slides&confId=29598 )

  5. March 2008 GDB So it seems • If all JSPG requirements like: • Periodic user expiration in the VO • Periodic AUP re-signing • And additional VOMRS features like: • Multiple user DN support • Group/Role description/ownership/management • get implemented in voms-admin …

  6. March 2008 GDB Which could mean • Envisaging a switch to one product voms-admin instead of two, vomrs on top of voms-admin (?) • Hoping for a simpler operation (?) • the automatic fail-over would be based on a dynamic load-balanced DNS alias instead of LinuxHA. • Service operation and monitoring will be simpler.

  7. March 2008 GDB BUT • The major stopper is the absence of ability in voms-admin to talk to third party software (ORGDB) to verify the user identity. • This is very important for security and reliable management of large VOs. • A wise and elegant GDB requirement in 2004, the only way to manage Authentication of distributed VO population reliably.

  8. March 2008 GDB Hence • It is more profitable to request resources for porting the ORGDB interface to voms-admin than continuing to maintain vomrs/voms-admin development coordination. • This will require time to be examined and carefully compare the products’ functionality but… lets hear first reactions.

  9. March 2008 GDB References • Why vomrs on top of voms-admin https://twiki.cern.ch/twiki/bin/view/LCG/VomrsFunctionality • Proposal to the July 2004 GDB about ORGDB interface support http://edms.cern.ch/document/481701/

More Related