100 likes | 248 Vues
WP3. Planning: Hardening the rabbit. Steve Fisher / RAL 5/3/2004 <s.m.fisher@rl.ac.uk>. ARDA impact. Our plans as submitted to GridPP2 did not include ARDA There can be no doubt that ARDA will have a major impact It already has Had expected to have the time to plan properly
E N D
WP3 Planning:Hardening the rabbit Steve Fisher / RAL 5/3/2004 <s.m.fisher@rl.ac.uk>
ARDA impact • Our plans as submitted to GridPP2 did not include ARDA • There can be no doubt that ARDA will have a major impact • It already has • Had expected to have the time to plan properly • Instead we will be struggling to increase quality and rush out a prototype • Concern that EGEE > LCG2 • It will provide us with quick feedback • Good • We will do our best • Have not got a very clear plan yet EDG - EGEE
Accommodating ARDA • It is an opportunity for us to rethink the API • Done • We need web services now • Prototypes of all services done • At the same time we need to come up with a good overall design • Then mostly refactoring • And some new code • Need to find out what to implement first • In consultation with ARDA folk EDG - EGEE
ARDA prototype • ARDA gives us an opportunity to rethink the API • Though only a prototype – will it last? • In case it does – we must do a good job of API definition • New ARDA document to become public at lunchtime today • It is still very much a working document EDG - EGEE
ARDA API • Have already put effort into redesigning the API: • Defined in terms of Java interfaces and Factories • Allows implementation to be replaced • e.g. swap between servlets and web service • We have taken the chance to clean up names • E.g. Archiver SecondaryProducer • Have also eliminated superfluous calls • From maintaining backwards compatibility • Included Authorization design EDG - EGEE
PrimaryProducer Minimum Retention Period is used uniformly The old cleanup predicate has gone All support continuous queries EDG - EGEE
Security • Authorization rules • local to a VO • Define actions certificate holder may carry out • ability to publish information (via a Producer) • query (via a Consumer) • to discover what Producers exist • TableAuthorisation object passed into the declareTable() call. • Holds a set of (VO, AuthzRuleSet) pairs • AuthzRule (for Consumer) is a pair of (View, AllowedCredentials) • May become a triplet EDG - EGEE
View • If you match the allowed credentials you will have read access to the data defined in that view • If credentials match two rules you will be able to see the union of the two views • So if you issue a query to see data you are not allowed to see, you will just receive an empty set. • View and AllowedCredentials are parameterised • Keywords, enclosed in “[ ]” replaced by their actual values: DN, VO, GROUP, ROLE and CAPABILITY EDG - EGEE
Example • CREATE Table Job (Jobid…, State…, Owner…, OwnersGroup…, Usage…, JobDesc…) • To impose the constraints that a row of the table is available to the owner of the job, i.e. if the DN matches: • SELECT * from Job where Owner=‘[DN]’ • DN=‘[DN]’ • To allow the VO admin role to see all but the JobDesc field: • SELECT JobID, State, Owner, OwnersGroup, Usage from Job • ROLE=‘Voadmin’; EDG - EGEE
Project planning and tracking • In EDG WP3 used MSProject with generated HTML and emails • Thinking of using one of the various tools based on httpd+php+mysql to allow all to follow progress • e.g. aceproject at: http://www.aceproject.com/ • commercial but quite cheap • At least 3 good looking free products • DotProject • http://www.dotproject.net/ • PHProjekt • http://www.phprojekt.com/ • The Ultimate Team Organization Software (TUTOS) • http://www.tutos.org/homepage/index.html EDG - EGEE