Security-I session, june 20th Brno
Minutes: Joni Hahkala

Wss, suexec
-----------

Predrac: su exec on head node only or also on WNs?
Martijn: on the head node for now, aim is to have it also on WNs

Fork discussion

Peter: direct user interaction to WSS?
Martijn:  because in gLite1.x the interaction between the WMS and the WSS does not exist, the WSS can only be used by end-users. This is not particularly useful perhaps except for software managers that can 'create' special accounts to be used for their software management activities....


JR
--
How ofter do you fill the database? User cert used to auth?
Oscar: the user credentials are known by the gatekeeper when the job is submitted.

(Oscar continued discussion to get more information, with Rosario Piro - piro@to.infn.it, 
Giuseppe Patania - patania@to.infn.it after session).


Vulnerability
-------------
erwin: Is it good to have it in separate savannah?
MWSG group people's role
- feedback, risk assesment.

how will this be used foe external software
- core should inform the developers of that software

for example GT2?
- the same procedure as normally, CSERT, etc.
- if it is globus, contact them, if it is not grid software, handle the normal way.
  If config problem, inform sysadmins

Linda: Is this good way to go?
Frederic: ask the clusters
Linda: this will happen anyway, this is just more systematic
Peter: seems good

Savannah project name is Grid vulnerability

Frederic: people should file bugs
Erwin: MWSG people should be a good start

Frederic: so, this is a decision of how to continue, adding two persons per cluster to the Vulnerability 
group?
Ake: Yes, now we have decided this two times (first time at Athens), so yes this is a decision. We start with 
the members of the MWSG group as Erwin suggested (there are today one representative per cluster in 
MWSG with alternates).