Focus on:  Hide Contributions
Login

EGEE Workshop on Management of Rights in Production Grids

Europe/Zurich
HPDC 15, Paris

HPDC 15, Paris
Erwin Laure and Ake Edlund
Description
See also the Workshop Homepage
    • 09:00 11:00
      Experiences from Major Production Grids
      • 09:00
        Introduction and EGEE 20m
        Speaker: Erwin Laure (CERN)
        transparencies
      • 09:20
        Naregi 20m
        Speaker: Hideo Matsuda (Univ. of Osaka)
        transparencies
      • 09:40
        OSG 20m
        Speaker: Miron Livny (Univ. of Wisconsin, Madison)
        transparencies
      • 10:00
        TeraGrid 20m
        Speaker: Tony Rimovsky (NCSA)
        transparencies
      • 10:20
        Coffee 20m
      • 10:40
        DEISA 20m
        Speaker: Denis Girou (IDRIS)
        transparencies
    • 11:00 11:45
      Standards and Frameworks
      • 11:00
        Standards and Frameworks 45m
        This talk will cover some of the common mechanisms and themes in the authentication and authorization frameworks used in today's middleware stacks, and describe their capabilities and limitations. Efforts currently underway in standards organizations such as OASIS and GGF will be discussed, as well as some of the "wild ideas" that lurk around the corner. The OSG privilege project will also be described.
        Speaker: Christos Kanellopoulos & Gabriele Gargzoglio (GRNET, FNAL)
        transparencies
    • 11:45 15:45
      Management of Rights in Data Management Tools
      • 11:45
        Data management in LCG & EGEE 30m
        I will describe features of the software used in LCG & EGEE for data management, in the context of rights management. In particular I shall look at encrypted data storage and key management components as well as considering ACL support.
        Speaker: David Smith (CERN)
        transparencies
      • 12:15
        Rights Management for Shared Collections 30m
        Data grids are becoming the standard data management infrastructure for organizing shared collections. Data grids implement the data and trust virtualization mechanisms needed to support rights management on distributed data. The usual approach is to identify explicitly the persons who will have special privileges, such as the ability to change metadata or files. Non-public access is through authentication and authorization mechanisms to assure the integrity of the shared collection. The approaches used in data grids and federations of data grids will be illustrated.
        Speaker: Reagan Moore (SDSC)
        transparencies
      • 12:45
        Lunch 1h
      • 13:45
        Rights Management in Globus Data Services 30m
        In this talk, we will discuss rights management requirements for data services in the Globus Toolkit, including GridFTP, the Reliable File Transfer Service, Replica Location Services, and the Data Replication Service. We will discuss our initial work on utilizing the Globus Toolkit Version 4 authorization framework to support richer and more fine-grained authorization of data operations. We will also discuss future plans for providing rights management in Globus data services.
        Speaker: Ann Chervenak/Bill Allcock (ISI/ANL)
        transparencies
      • 14:15
        Authorization Models for Data Services 30m
        This talk summarises different authorization models which can be applied to data services, with particular focus on efforts based on OGSA-DAI services from inteligrid, SIMDAT, and Wright State University. It examines potential authorization points within OGSA-DAI and requirements to support more detailed and dynamic authorization for database services in general.
        Speaker: Neil Chue Hong (EPCC)
        transparencies
      • 14:45
        Distributed Data Access Control Mechanisms in the SRM 30m
        Controlling access to Data that is replicated to several administrative domains is a nontrivial distributed problem. The current approaches, pros and cons are discussed and compared for supporting access control lists, as well as encryption of data, with special emphasis on the implementation and possible solutions in the Storage Resource Manager (SRM) Interface.
        Speaker: Peter Kunszt (CSCS)
        transparencies
      • 15:15
        Coffee 30m
    • 15:45 18:15
      Management of Rights in Job Management Tools
      • 15:45
        Policy management and fair share in gLite 30m
        The talk is about policy management issues in grid computing and about the approach to those issues proposed within the EGEE project. A flexible approach to policy management will be of great importance to the real usability of the grid infrastructure. We describe the gpBox policy management system and the capabilities it delivers to VO administrators and site managers to define access policies. We then describe the usage of gpBox integrated with the DGAS accounting system to implement usage qouta based access policies and fair-share acces to computing resources
        Speaker: Andrea Guarise (INFN)
        transparencies
      • 16:15
        Explicit Trust Delegation: Dynamic Security in Unicore 30m
        This talk addresses the issue of how to build dynamic grids without using the proxy extensions that cause concern within the security community. This discussion is made in the context of the Unicore grid infrastructure. Unicore is known to have a strong, respected security model, but at the cost of not supporting some dynamic grid capabilities. The discussion shows how Unicore is enhanced using Explicit Trust Delegation to provide dynamic capabilities.
        Speaker: David Snelling (Fujitsu)
        transparencies
      • 16:45
        Dynamic Accounts: Identity Management for site operations 30m
        This talk will discuss the requirements and design of a site-oriented identity management service to facilitate the use of dynamic accounts. We will describe a GT4-based service allowing authorized Grid clients to dynamically associate a Grid identity with a local site identity allocated from a pre-configured pool and manage this association. We will discuss both user and administrator views of the service as well as describe its implementation and performance.
        Speaker: Kate Keahey (ANL)
        transparencies
      • 17:15
        Management of Rights in Heterogeneous Environment 30m
        As jobs traverse the different layers of the middleware stacks on their way from the submission point to the execution site and back, they assume different identities and interact with different right management systems. Technologies developed by the Condor project have to deal with this diversity of systems as they are used at different layers of the stack. We will discuss the challenges of supporting and operating in such a heterogeneous environment and present possible approaches and solutions.
        Speaker: Miron Livny (Univ. of Wisconsin, Madison)
        transparencies
      • 17:45
        Standards driven AAA for Job Management within the OMII-UK distribution 30m
        The OMII-UK distribution has to support Authenticated and Authorised access to a variety of different services within the same hosting environment, some of which may need to account for usage against a defined quota. Geographically dispersed hosting environments may be deployed as part of a virtual organisation which need to be managed through defined policies. This talk will describe the infrastructure used to manage access to the deployment of the GridSAM Job Submission and Monitoring Service, the available accounting support, and the use of standards within the OMII-UK container.
        Speaker: Steven Newhouse (OMII-UK)
        transparencies
    • 18:15 19:00
      Discussions
Powered by Indico v3.3.3-pre