Скачать презентацию A Model for Grid User Management Rich Baker Скачать презентацию A Model for Grid User Management Rich Baker

fc9430ec5ff8d1cb8771f01c7f876dcd.ppt

  • Количество слайдов: 11

A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab

Outline Motivation and System Requirements GUMS (Grid User Management System) System Design and Framework Outline Motivation and System Requirements GUMS (Grid User Management System) System Design and Framework Bigger Picture Current Status Future Work R Baker, LCG User Registration, VO Management and Authorization Workshop 10/15/03

GUMS: Scope & Limitations Develop Model for Distributed User Registration Work With Existing VO GUMS: Scope & Limitations Develop Model for Distributed User Registration Work With Existing VO Management Tools Including EDG VOMS Servers used in Grid 2003 Help Define Requirements for New & Improved VO Tools Focus on Site Tools for User Management R Baker, LCG User Registration, VO Management and Authorization Workshop 10/15/03

User Registration Many Sites Require Pre-registration of Users Sites Will Need to Serve Large User Registration Many Sites Require Pre-registration of Users Sites Will Need to Serve Large Sets of Users Will Need Access to a Large Number of Sites and VOs Will Need to Work Out User Registration Mechanisms Grid 2003 and LCG are Developing Procedures R Baker, LCG User Registration, VO Management and Authorization Workshop 10/15/03

Registration Requirements Site Requirements Collect Sufficient Information About User and Registration Chain Provide Information Registration Requirements Site Requirements Collect Sufficient Information About User and Registration Chain Provide Information to Site in Secure, Trusted, Auditable Manner “Reasonably” Static User List Store History Information, Keep Up-to-Date User Information User Requirements Register Once Per Virtual Organization Registration Must Be “Reasonably” Local “Reasonable” and Static Number of Data Items VO Requirements Sites Must Have “Reasonably” Complete and Up-to-date User List Extensibility of Including More Information R Baker, LCG User Registration, VO Management and Authorization Workshop 10/15/03

Automated Registration Software Tools – The Easy Part VO User Registry – N Column Automated Registration Software Tools – The Easy Part VO User Registry – N Column Database; Several Approaches: VOMS, VOMRS Site – User Database, Configurable Tool to Periodically Pull User Info From One or More VOs, Maintain History, Perform Local Account Mapping, Creating Grid-mapfile Trust Relationships – The Hard Part A VO Structure Needs to Be Created That Will Enforce Agreed Registration Requirements Every Site Must Be Able To Trust Every Registrar Protect User Privacy R Baker, LCG User Registration, VO Management and Authorization Workshop 10/15/03

Grid User Management System Architecture Download User Info Regional Registration Authority? Push Local Registration Grid User Management System Architecture Download User Info Regional Registration Authority? Push Local Registration Authority grid-mapfile Cron Job VOMS server User info importer VO User VOMS, VOMRS Registry DB VOMS server New user Membership User left VO CRL Remote Cron Job Site User Info DB User Grid-Mapfile Banned info Generation Synchronize User Module Account Creation And Mapping Update Mapping R Baker, LCG User Registration, VO Management and Authorization Workshop 10/15/03

Where Does GUMS Fit? VOMRS VOMS EDG Grid Cluster LRAS Local Center Registration Service Where Does GUMS Fit? VOMRS VOMS EDG Grid Cluster LRAS Local Center Registration Service Gatekeeper & callouts SAZ R Baker, LCG User Registration, VO Management and Authorization Workshop 10/15/03

Where Does GUMS Fit? VOMRS Local History GUMS VOMS EDG ? Grid Cluster LRAS Where Does GUMS Fit? VOMRS Local History GUMS VOMS EDG ? Grid Cluster LRAS Local Center Registration Service Gatekeeper & callouts SAZ R Baker, LCG User Registration, VO Management and Authorization Workshop 10/15/03

Current Status The First Stage Development Is Completed Ready to Download and Use Testing Current Status The First Stage Development Is Completed Ready to Download and Use Testing by VDT Testers Group Good Documentation http: //www. atlasgrid. bnl. gov/testbed/gums/ Characteristics Tractable, Flexible Satisfy the User Registration Requirements GUMS Can Easily Support Large Numbers of Users to Access Multiple Grid Sites Easy Installation and Management User Base Is Still Small Enough for Traditional Registration Methods Which Can Be Used in Parallel With Distributed/automated Tools R Baker, LCG User Registration, VO Management and Authorization Workshop 10/15/03

Future Plan Integrate Into Larger VOX Scheme Improve Usability and Security Having a Real Future Plan Integrate Into Larger VOX Scheme Improve Usability and Security Having a Real User Management System Will Expose Issues/problems and Begin Building Trust Infrastructure Force Some Sites to Start Addressing Remote User Registration Issues Promote Tools and Recruit Users! R Baker, LCG User Registration, VO Management and Authorization Workshop 10/15/03