[communities] GGF Proposal Submission

[adm35 at georgetown.edu]

proposers_name: Arnie Miles 
 
affiliation: Georgetown University 

email: adm35 at georgetown.edu 

proposed_title: Condor-Shib:  Connecting the Upper and Lower Layers of the Middleware Stack in Computational Grids 

session_type: Individual presentation, followed by a demonstration 

proposed_duration: 60 minutes 

target_audience: Managers and Technical Experts 

num_attendees: 30? 

abstract: Scalable control of resource access is an impediment to a true global grid infrastructure.  Extant tools that advertise and expose computational resources lack the scalable access controls that allow role-based authentication - and subsequent authorization - across administrative boundaries.  Georgetown University and the University of Wisconsin have teamed to create Condor-Shib, a product that will enable user authorization to resources based upon the varied attributes of individual users. By locally identifying individuals and assigning attributes, Condor-Shib will provide controlled access necessary for large computational grids. The proposed presentation debuts and details the Condor-Shib project. 
 

synopsis: Overview: 
Ref URL: http://141.161.231.225/CondorShib/index.html

Growing computational demands of researchers require greater access to increasing amounts of computing power. Condor addresses this need by providing a scalable, customized job scheduler capable of control over various computing systems ranging from Beowulf clusters to desktop PCs and complete compatibility with resources managed by Globus. Condor\'s \"flocking\" technology allows multiple Condor installations to work together to complete large job orders.

The merger of Condor and Shibboleth will create a scheduler software package capable of consuming roles attributes in a framework that allows rapid, scalable control of the utilization of computational resources for collaborations that span administrative domains. This coupling of Condor flocks encourages inter-realm computational scenarios, increasing access to idle computational resources.

The current state of grid technology allows government, industry, and academic institutions to stand up their own grids. Connecting these grids requires a high level of human intervention, with no mechanisms available for joining disparate administrative domains together. Remote sites can be connected together under a single administrative domain or if access control is not a concern. However, connecting disparate domains requires someone willing to manually enter individual names of resources allowed to access other resources into a grid map file, and map these names to local services on each resource involved. 

The Condor Project develops, implements, deploys, and evaluates mechanisms and policies that support High Throughput Computing (HTC) on large collections of distributively owned computing resources. Guided by both the technological and sociological challenges of such a computing environment, the Condor Team has been building software tools that enable scientists and engineers to increase their computing throughput. 

Shibboleth, a project of Internet2/MACE, is developing architectures, policy structures, practical technologies, and an open source implementation to support inter-institutional sharing of web resources subject to access controls. Shibboleth will develop a policy framework that will allow inter-operation within the higher education community. Shibboleth is an open source project that provides federated administration, access control based on attributes, active management of privacy, and a framework for multiple, scalable trust and policy sets, called federations.

Shibboleth complements Condor by creating a customizable, secured access point that can define any desired set of user parameters to regulate user priority, access time and resource usage, and securely make those parameters available to cooperating institutions. 


Session Goals:

The primary goal is to debut and demonstrate how the Condor-Shibboleth project, combined with a hierarchical global infrastructure, will resolve the scalability problems troubling current grid technologies. 

We will start with a brief overview of Condor and Shibboleth (referenced below), followed by respective values this merger brings to the grid space. 

The demonstration component of our presentation will include examples of access control files and job submission files, a description of our test environment, and finally an example of submitting a job to the grid and monitoring its progress.

We will end the presentation with an open discussion on suggestions and criticisms of our approach to solving the authorization problems via Condor-Shib. Will our product solve scalability problems troubling current grid technologies?  Until these problems are resolved, will there always be a difference between \'A\' grid and \'THE\' grid? 

References:

The Condor-Shib team

University of Wisconsin
Miron Livny, Professor of Computer Science and Condor Project Lead
Todd Tannenbaum, Manager of Condor Development Staff
Ian Alderman, Researcher of Data Security for Condor team

Georgetown University 
Charlie Leonhardt, Chief Technologist
Chad La Joie, Team Leader (Presenter)
Brent Putman, Programmer
Steve Moore Director, Advanced Research Computing 
Arnie Miles, Senior Systems Architect (Presenter)
Jess Cannata, Systems Administrator
Nick Marcou, Systems Administrator

Internet 2
Ken Klingenstein, Director of the Internet2 Middleware Initiative
Mike McGill, Program Manager for the Internet2 Health Sciences Initiative 

tech_requirements: Internet access and data projector. 

prereq_participants: None 

advertise_suggestion: This project has a high level of interest and support from Internet2. We will be demonstrating early stages of this to the Internet2 team in September in prepartion for a National Science Foundation proposal.  We anticipate a large, receptive audience once   I2 and NSF publicly express their support.