180 likes | 197 Views
A detailed report on HTASC meetings covering sub-groups, regional centers, X.509 Certificates, and future plans. Discussions on security, Windows 2000, LDAP, and more. Recommendations for better coordination and standardization.
E N D
HTASC - Report to HEP-CCC David Kelsey, RALd.p.kelsey@ rl.ac.uk8 July 2000, SLAC (http://home.cern.ch/~eauge/htasc/public/) D.P.Kelsey, HTASC report
HTASC #15 8th/9th June 2000, CERN Agenda included: • HTASC sub-groups • Security group • Windows 2000 Coordination Group • LDAP coordination (not a group!) • Roundtable reports • Regional Centres • X.509 Certificates • Future meetings/topics n.b. was to have been at Bologna - perhaps in October? D.P.Kelsey, HTASC report
Membership of HTASC • New members • E. Auge (France) replaced by Francois Etienne • C. Declercq (Belgium) replaced by Rosette Vandenbroucke • Jorge Gomes (Portugal) - new member • Good attendance this time • We still need to appoint a new Secretary • Nicanor Colino (Spain) has volunteered to maintain the web pages D.P.Kelsey, HTASC report
HTASC sub-groups • Security group (Tobias Haas, DESY) • action on HTASC to collect list of HEP security contacts • this continues - Tobias Haas will coordinate, with help from HTASC members • Tobias will leave HTASC now but stay as Security group Chair - next HTASC review in March 2001. • Windows 2000 Coordination group • this was created at Nov 99 HEP-CCC meeting • Christian Trachimow (DESY) reported to HTASC • Two meetings: DESY (30/31 March) and CERN (29/30 June) • June agenda: Active Dir, Kerberos/UNIX, App. support • W2000 workshop at HEPiX/HEPNT in October (USA) D.P.Kelsey, HTASC report
Directories/LDAP • At last HEP-CCC (March 2000) • Directories/LDAP are becoming very important - Windows 2000, GRIDs, common access rights (e-groups), etc. • Strong support from HEP-CCC - CERN/IN2P3 group should organise an LDAP workshop for White Pages service • LDAP workshop has not yet happened • staff changes at CERN! • But various discussions about Globus Info Service • Proposal… • Ask Michel Jouvin to organise an LDAP workshop at next HEPiX? (October 2000) (Advantage: USA+Europe) D.P.Kelsey, HTASC report
Roundtable reports • Germany • Univ of Mainz copied 100 GB from CERN (NA48) in 10 days (1 MB/s overnight) but had to stop as CERN complained it was clogging the network • he believed he was using the network for good purpose • good example of need for DiffServ. • GRID will require large bulk transfers. • Many reported congested networking to USA • There is a need for dissemination of info about GRID activities D.P.Kelsey, HTASC report
Regional Centres • Aimed at coordination issues *between* the big data producers • particularly current experiments. • No wish to repeat/duplicate discussions in other places (MONARC, LHC Computing Review, DataGrid, FOCUS...) • Presentations • Woj Wojcik (IN2P3) • Luciano Barone (INFN) • John Gordon (RAL) • Kors Bos (NIKHEF) D.P.Kelsey, HTASC report
Regional Centres (2) HTASC summary • IN2P3 and RAL - coordination issues • INFN and NIKHEF - plans for GRID facilities. • But, if the LHC GRID prototypes/testbeds are open to other experiments - will hit similar problems • Problems reported included • conflict between different experiments' choices of • hardware platform • operating systems (flavours and version numbers) • versions of compilers and libraries. • conflicts often make it very difficult to run a shared facility! D.P.Kelsey, HTASC report
Regional Centres (3) • Data exchange formats (physical and logical) also cause problems • The exchange formats should be based on standards, not internal formats, and the number of interfaces to the data should be minimised (e.g. use RFIO?). • There are too many experiment-specific versions of general applications • BaBar has its own modified version of Objectivity • LHC++ has flags for LHCb. D.P.Kelsey, HTASC report
Regional Centres (4) • AFS has been a success • a useful tool for remote use of s/w • but concerns about stability and scaling • GRID will require greater standardisation • HTASC encourages HEP-CCC to consider how to coordinate with HEP outside of Europe. • Worldwide coordination is highly desirable. D.P.Kelsey, HTASC report
Regional Centres (5) • HTASC recommends • coordination between labs and experiments (how?) • early involvement of Regional centres in planning of new experiments • Continue standardisation on reduced h/w platforms. • Linux coordination would be very useful • working together on certification of new versions(as suggested at last HEPiX) • better tools for keeping s/w in step (between centres) D.P.Kelsey, HTASC report
X.509 Certificates • Presentations to HTASC • Per Hagen (CERN) • Denise Heagerty (CERN) • also input from Roberto Cecchini (INFN) D.P.Kelsey, HTASC report
X.509 Certificates (2) HTASC summary • Driving reason for X.509 Certificate Authorities (CA’s) in HEP is GRID/Globus software. • HTASC recommends that any infrastructure for Globus should also support other uses (if desirable?) • We need sufficient CA’s for the PP GRID • Who will operate them? • Which users will they support? • One model: Accelerator Lab issues certificates to all GRID users on an experiment • Alternatively: home institutes or national authorities. D.P.Kelsey, HTASC report
X.509 Certificates (3) • Whatever, the advice of the GLOBUS team is to minimise the number of CA’s. • these need to be coordinated across HEP • all Globus clients/servers have a list of "trusted" CA’s. • easy way to distribute/maintain this list - should be static • Does a CA hierarchy add value? • hierarchy of real CA’s - a root HEP CA certifies the hierarchy of CA’s below it. • Or a few CA’s issuing the actual certificates for all HEP • but supported by a hierarchy of user registration authorities checking user credentials. D.P.Kelsey, HTASC report
X.509 Certificates (4) • Must agree procedures for CA’s • to check user identities • to protect their servers and CA keys • so we can trust each other's certificates. • Many institutes are considering issuing certificates • for certifying exchange of official documents • Use same certificates for GRID? (Maybe - long term) D.P.Kelsey, HTASC report
X.509 Certificates (5) • In the short term • we need an infrastructure for GRID testbeds • The DataGrid testbeds meeting in Lyon (30 Jun) • create a Task Force - coordinate national CA’s • must compare benefits of official institute-based scheme with the scaling problem of lists of "trusted" CA’s. • Security is a vital part of the GRID • need testing of certificates and CA’s (e.g. interworking) • And no mention of Smartcards! D.P.Kelsey, HTASC report
Future HTASC meetings/Topics(provisional dates/plans) • 19/20 October 2000 (Provisional - Bologna?) • Markup Languages • Networking (evolution of WAN costs)/Diffserv/QoS • revisit LDAP? (if after the HEPiX meeting) • March 2001 (CERN) • review network security • Windows 2000 review • Other topics: • ideas always welcome! D.P.Kelsey, HTASC report
Summary • HTASC invites HEP-CCC to consider/give advice on • LDAP coordination - White pages (and GRID?) • Workshop at next HEPiX? • Regional Centres • how to standardise s/w? how to coordinate? • HEP-CCC and/or HEPiX? • Other approaches? (HTASC group?) • X.509 certificates • leave it to DataGrid? • HTASC sub-group? • How to collaborate with USA? • future topics for HTASC consideration? D.P.Kelsey, HTASC report