Owen Synge [mailto:owen.synge@desy.de] said:
Well, in the medium term I think the implementations will have to converge on a common authorisation model,
I hope so, but cannot see a reason why this as a desire, should be driven by Glue.
It shouldn't - that was a general observation about the usefulness of grids.
Why will Glue be less useful if it does not include these details?
The *grid* will be less useful if authz is not interoperable. The extent to which glue needs to reflect authz depends on the use cases - but if the underlying middleware can't support a particular use case then glue is pretty much powerless to help.
Err, yes - and if it is like that (as often seems to be the case in the grid world) it will be totally unusable in practice!
Here I disagree, We have abstraction as our friend here, Grid catalogues and FTS allow data to be transferred.
Only to the extent that they make assumptions that everything is configured suitably - we regularly have failures because permissions are set incorrectly (in a different mailing list I just saw a request for a sysadmin to reconfigure a DPM for exactly that reason).
Can you explain why expressing ACL's is a requirement for Glue?
Expressing *some* ACLs is a requirement to support use cases like "find me a CE where I'm authorised to run a job and where my job will run as quickly as possible", or "find me an SE where I'm authorised to write atlas DPDs and which has enough space for 10 Tb of data".
Expecting Castor and DPM to change their getting and setting ACL model at this stage of development just to be pure in our Glue implementation I think is a bad idea.
I don't, I expect (or at least hope) that dcache and castor (and storm) will change to support the DPM model, and the reason for that is nothing to do with glue, it's because anything else makes life very difficult for a VO like atlas which has to use all of them (and because DPM seems to have the best model for LCG purposes). The same goes for any necessary piece of functionality whether represented in glue or not, e.g. the fact that castor treats pinning differently from all the others also makes life difficult (ultimately it's the reason for all the complications of D1T1 spaces, which does impact on Glue and many other things). Stephen