MWSG Meeting Slides (Drafts)
Hi PGI team, I received some contributions already and setup a first draft for the slides I will present tomorrow! They are in GridForge - so please comment the whole day today: http://forge.gridforum.org/sf/docman/do/downloadDocument/projects.pgi-wg/doc... The discussions about attributes and constraints I will start just after the coffee break here. ;-) Best regards from Zuerich, Morris ------------------------------------------------------------------- ------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt, Dr. Sebastian M. Schmidt ------------------------------------------------------------------- -------------------------------------------------------------------
Hi Morris, Given the time available for this I would propose that we keep the presentation to a minimum and use the collection of 'experts' for discussion. I would cut 6, 7, 8, 9 & 11. Also 23. Defining a set of common attributes is important, will take work, but is not something I think we need to focus on here. I'd like to make sure that we all recognise that the proposed authentication & authorization mechanisms cover the mechanisms that we are currently using or can move towards. Cheers, Steven Dr Steven Newhouse EGEE Technical Director http://cern.ch/Steven.Newhouse
Morris, Concerning the MWSG Meeting Slides : About X509 proxies, I just got confirmation from Vincenzo CIASCHINI that : 1) OpenSSL and GSI are really incompatible as transport layers. 2) But they now accept exactly the same RFC compliant X509 proxies. 3) Old-style GSI X509 proxies are obsolete, and their usage should be forbidden I suggest that you provide information 2 and 3 at the beginning of the first slide 'TLS with GSI Proxies'. Best regards. ---------------------------------- Etienne URBAH IN2P3 - LAL Bat 200 91898 ORSAY France Tel: +33 1 64 46 84 87 Mob: +33 6 22 30 53 27 Skype: etienne.urbah mailto:urbah@lal.in2p3.fr ---------------------------------- On Mon, 30 Mar 2009, m.riedel@fz-juelich.de wrote:
Hi PGI team,
I received some contributions already and setup a first draft for the slides I will present tomorrow!
They are in GridForge - so please comment the whole day today:
http://forge.gridforum.org/sf/docman/do/downloadDocument/projects.pgi-wg/doc...
The discussions about attributes and constraints I will start just after the coffee break here. ;-)
Best regards from Zuerich, Morris
------------------------------------------------------------------- ------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich
Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt, Dr. Sebastian M. Schmidt ------------------------------------------------------------------- -------------------------------------------------------------------
2009/3/30 Etienne URBAH <urbah@lal.in2p3.fr>:
3) Old-style GSI X509 proxies are obsolete, and their usage should be forbidden
You mean "deprecated", surely? --jens
Hi Morris and PGI team, Thank you for our efforts regarding to this draft. I will comment on it in NAREGI perspective. 1)Authentication As jobs are submitted by Super Scheduler (SS) with delegated proxy certificates on behalf of end users, TLS with EEC is not possible in our system. We need TLS with RFC proxies for mutual authentication. 2)Authorization The present implementation is based on (VOMS) AC Certificates in Extensions, and SAML Assertions in SOAP Header is a future issue for NAREGI. I think this is a policy matter of resources, and if we take an ownership approach, each resource should have a right to decide which or both authorization policies to take. Best regards, Mineo
Hi PGI team,
I received some contributions already and setup a first draft for the slides I will present tomorrow!
They are in GridForge - so please comment the whole day today:
http://forge.gridforum.org/sf/docman/do/downloadDocument/projects.pgi-wg/doc...
The discussions about attributes and constraints I will start just after the coffee break here. ;-)
Best regards from Zuerich, Morris
------------------------------------------------------------------- ------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich
Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt, Dr. Sebastian M. Schmidt ------------------------------------------------------------------- ------------------------------------------------------------------- _______________________________________________ Pgi-wg mailing list Pgi-wg@ogf.org http://www.ogf.org/mailman/listinfo/pgi-wg
participants (5)
-
Etienne URBAH -
Jens Jensen -
m.riedel@fz-juelich.de -
mineo@riken.jp -
Steven Newhouse