This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/go/projects.pgi-wg/discussion.meetings.topc4241 at Sun, 06 Nov 2022 11:28:03 GMT SourceForge : Post

Project Home

Tracker

Documents

Tasks

Source Code

Discussions

File Releases

Wiki

Project Admin
Project: pgi-wg     Discussion > Meetings > Meeting on 2009-01-30, 15:00 (CET) Notes > List of Posts
Forum Topic - Meeting on 2009-01-30, 15:00 (CET) Notes: (1 Item)
View:  as 
 
 
Meeting on 2009-01-30, 15:00 (CET) Notes
ad 1)
Shortly review of minutes from the last Telcon
updates about actions, the infos were sent to Stephanie Parker for the eAnnouncement.

ad 2)
PGI at OGF25 - the wiki already has some initial thoughts...
only short overview to save time for the security part -- everything is in order

ad 3)
Technology survey with a particular focus on security this time. Security
standards matrix review and discussion about agreements and roadmaps on a
short-term perspective...

Morris: key issue: we have not only European people and middlewares in the pgi-wg.

The GENESIS delegation service is better than what there is in Europe now.
There is a SAML attribute assertion in the SOAP header which is similar to UNICORE
basically the same way in GENESIS and UNICORE

What about adopting the secure addressing?
Balazs: we should focus on the profiling thing
The goal is to have something like "pgi compliant endpoints".

in GENESIS no kerberos is used 
usage of username token and SAML token profile
The secure communication is similar to the European one
message level security if necessary

NAREGI:
NAREGI is not only an infrastructure but also an own middleware based on GT4
It uses myProxy to obtain proxy certificates
communiation:
X.509, VOMS proxy to contact each other
NAREGI does not use the SAML protocol but they plan to use it in the future.
In NAREGI XACML is not in production use but also planned for the future
NAREGI uses GridDMaps
credetial renewal service: Globus library
The user can set the options -- managed with a special service

Discussion round:
fill out / complete the MATRIX in Chapter 5 of Morris's document 

ARC:
no move to SAML at the moment
SAML support could be implemented in test version

GENESIS:
X.509 is used but no X.509 proxies
SAML assertion in SOAP headers
GENESIS uses resource identities
no GridMaps

all European middlewaress use X.509 server certificates

gLite:
has Delegation service
The delegation operation is done the same way as ARC
a gLite delegation document is uploaded
working on WS-trust profile

UNICORE:
no delegation service yet

GENESIS:
no proxies

NAREGI:
delegation service?
fine grained delegation: X.509 can also provide fine grained delegation

Proposal:
constraint delegation
-> add this to the document section

Discussion if Microsoft and Teragrid be part of the pgi-wg:
agreement: for the survey it is ok but not for the ongoing work.

ad 4)
What is the production Grid Infrastructure that runs GENESIS II?

The GENESIS approach is slightly different from the European approach.
GENESIS can not interoperate with OSG
The have Grid infrastructure which is used in production at Virginia Tech.

ad 5)
What exactly is the role of EDGES in PGI in relationship with EGEE and
gLite?

EdGES is a bridge between production Grid infrastructures and desktop grids such as BOINC, extremeweb, ...
It enables sending VOMS job from pgi to desktop Grids and vice versa
interoperation between ARC, EGEE and desktop Grids
EdGES is not providing any security technology but they try to adapt all the technologies between each other



Discussion round:
Everybody is using X.509
Define attributes in a clear manner
In gLite, OGS it is not planned to use SAML

GENESIS can be changed to be able to handle X.509 proxies
a) inside these proxies: attributes + attribute certificates
b) SAML assertions inside the SOAP header

It is nearly impossible to have a single profile doc:
but too many profiles are not the idea of the group.

GENESIS does not use SAML assertions

ad 6)
Figures/illustrations of security setups
GENESIS will prepare a figure to describe the protocol

(7)
The need for a delegation service?!
/
(8)
AOB 
/

Next time continue the survey
discuss the profile from the mailing list
presentation and discussion of the figures

 
 


The Open Grid Forum Contact Webmaster | Report a problem | GridForge Help
This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/go/projects.pgi-wg/discussion.meetings.topc4241 at Sun, 06 Nov 2022 11:28:03 GMT