110 likes | 281 Views
VO Services Project Stakeholders’ Meeting. Overview Goals and Stakeholders The VO Service project: Status, Effort WBS Focus of Phase III (Nov 07 - Now) Requests on the table. Apr 30, 2008. Gabriele Garzoglio Computing Division, Fermilab. Goals.
E N D
VO Services Project Stakeholders’ Meeting • Overview • Goals and Stakeholders • The VO Service project: Status, Effort • WBS • Focus of Phase III (Nov 07 - Now) • Requests on the table Apr 30, 2008 Gabriele Garzoglio Computing Division, Fermilab Gabriele Garzoglio
Goals • Get input from stakeholders on priorities and tasks • Present project status and current WBS Stakeholders CD, USCMS, USATLAS, OSG VOMRS: CERN, LHC VOs Gabriele Garzoglio
Project Definition From Project Database: “The VO Services project provides user registration services and fine-graned access management to computing and storage resources on the Grid.” Gabriele Garzoglio
Scope: Software Components • Policy Enforcement Points (PEP) • PRIMA, PRIMA-WS • gLExec (collaboration w/ EGEE) • Policy Decision Point (PDP) • GUMS • GUMS Operational / Monitoring framework • Registration Services • VOMRS • Related Projects, external to VO Services • SAZ (FermiGrid) • gPLazma (dCache) Gabriele Garzoglio
Nominal Effort Other experts: J. Hover (BNL) J. Weigand (FNAL) Nominal Effort Table 2008 2007 Gabriele Garzoglio
WBS Phase III • Support and deployment (High Priority) • Support the PRIMA and GUMS code.Few %, Ongoing • Support “stable” VOMRS release 15% Tanya, Ongoing. • Deployment at sites. (Few %, Ongoing) • VOMRS maintenance (High Prio) • Fix critical bugs • Implementation of “vital” features • Convergence of VOMS-admin 2.5 with VOMRS. • gLExec maintenance (High Prio) Ongoing Maintenance/Support Activities Gabriele Garzoglio
WBS Phase III • Improve robustness of GUMS (Medium-Low Prio) • Improve GUMS configuration management (3 FTE weeks) • implement stand-alone configuration validator • improve debugging capabilities (date fields in database?). • add query interface for “last changed date”. • Redundant servers configuration (Done: FermiGrid HA) • Refuse authorization if cannot synch with VOMS several times (1 FTE Week) • Improve GUMS usability (Medium Prio) • Implement history log querying interface (2 FTE week) • Map pool accounts to DN AND FQAN, rather than DN only. • Pool accounts should NOT be mapped to users during VOMS synchronization simply to create vo name maps • Recycle pool accounts (4 FTE weeks) • Validation Tool to Check the Site Authorization Infrastructure configuration (1st Release Done) Feature improvements for GUMS Gabriele Garzoglio - New Proposal in Phase III - Expired or Addressed in another project
WBS Phase III • Support Storage Groups in Defining Next Generation Storage Authorization Models (Medium Prio) • Investigate Mechanisms to Define and Enforce VO and Site AuthZ Policies (SBIR w/ TechX) • Authorization Interoperability (Medium-High Prio) • Manage transition of development team [Done Jan 08] • Project Oversight [Ongoing] • Define Interoperability XACML Profile (Feb 08) • Develop XACML/SAML library (Chad / Hakon) • Test XACML / SAML library with different infrastructures • Integrate XACML/SAML library with existing infrastructures • Packaging , deployment, and user documentation • Test interoperability Investigative and Refurbishing work Gabriele Garzoglio
WBS Phase III • Enable VOMS-signed Attribute Certificate Validation (stop VOMS/GUMS synch.) • Site Validation Service • Integrate Shibboleth with Registration and Authorization infrastructure • Broaden and standardize authorization call-out interfaces • Improve software validation (8 FTE weeks) (Low Prio) • Improve validation of basic functionalities • Implement validation of software dependencies. • Outreach (Medium Prio) (Ongoing) • Understand Requirements from new VOs and groups • Keep contacts with other groups, such as EGEE and GT. Requests bound by limited effort and other work Not enough effort available Gabriele Garzoglio
Focus of Phase III (Nov 07 – Now) • Ongoing Maintenance and Support • Authorization Interoperability (Due Aug 08) • Successful collaboration w/ EGEE, Globus, and Condor via MWSG and regular meetings • Investigate Mechanisms to Define and Enforce VO and Site AuthZ Policies (SBIR Phase I Done; Phase II pending) • Validation tool to check consistency of site AuthZ configuration (1st release Done) Gabriele Garzoglio
OSG Requests • Document usage of AuthZ configuration variables at a site • Extends: “3.5 Validation Tool to Check the Site Authorization Infrastructure configuration” • Document differences in the usage of FQAN between EGEE and OSG • Check VOMS identity before GUMS synch. • Enable VOMS-signed Attribute Certificate Validation (stop VOMS/GUMS synch.) Gabriele Garzoglio