[communities] GGF Proposal Submission

vwelch at ncsa.uiuc.edu vwelch at ncsa.uiuc.edu
Fri Aug 12 15:31:33 CDT 2005 

proposers_name: Von Welch 
 
affiliation: NCSA 

email: vwelch at ncsa.uiuc.edu 

proposed_title: Leveraging Site Infrastructute for Multi-Site Grids 

session_type: Workshop 

proposed_duration: Full day 

target_audience: Technical experts 

num_attendees: 50 

abstract: 
Deployment of production grids involved the establishment of an increasing number of services (e.g. authentication, authorization, directory). This requirement raises the bar for establishing a Grid significantly. However the establishment of services by existing organizations has shown some promise – for example DOE’s PKI and Kerberos-based PKIs at Fermilab and USC. And campus infrastructures are increasingly deploying outward-facing infrastructure such as Shibboleth. In this workshop we will explore the how Grids spanning multiple sites can benefit from increased leveraging of the infrastructure of those sites. We will consider both traditional high-performance computing sites as well as other types of institutions such as academic campuses.

 

synopsis: 
Virtual organizations (VOs) need a variety of information services to provide their structure. For example, it is typical for a Grid to have a certificate authority to provide identity information, an attribute authority to provide information regarding the roles of their users and a resource directory that provides an enumeration of the resources available to the VO. When a VO spans a number of underlying organizations (as opposed to a Grid deployed at a single campus), the best practice today is for the VO to establish their own services to enable its day-to-day functioning. Deploying and operating these services in a security, reliable manner is non-trivial, especially for small to medium virtual organizations, particularly when one considers that these services have a number of security implications in terms of being consulted as part of authorization decisions by end resources.

However, there have been some steps in the Grid community to allow for these services to be provided by leveraging and federation the services already provided by the sites on which the VO is based. For example, Fermilab provides a Kerberos CA allowing other sites in a VO to base their Grid authentication on the Kerberos authentication infrastructure already deployed at Fermilab. And campus infrastructures are increasingly deploying outward-facing infrastructure such as Shibboleth.

In this workshop we will explore the how VOs spanning multiple sites can benefit from increased leveraging of the infrastructure of those sites. We will consider both traditional high-performance computing sites as well as other types of institutions such as academic campuses. We will also explore some of the challenges involved in this model, for example:

•	There are no ubiquitous standards for site authentication, attribute, directory, etc. infrastructure. This implies that we need translation mechanisms to achieve interoperability. What translation mechanisms exist today and how well to they work?

•	While some information that sites can provide, such as identifiers for authentication, is generic and can be easily consumed by a VO, the VO may need to define other strucuture, such as roles for its users, which is not something sites possess today. How can a VO define this information, while still using the site infrastructures to propagate it?

•	Many sites have privacy concerns regarding information about their users. How can sites share information with VOs while addressing these concerns?

The workshop plans to produce an informational document capturing the following:
•	List of current success stories for leveraging site infrastructure to form multi-site VOs;
•	Enumeration of existing tools, APIs, standards and technologies for leveraging site infrastructure;
•	Current barriers to leveraging of multiple site infrastructures by VOs.

Workshop organizers:
Tom Barton, Jim Basney, Steven Carmody, Ken Klingensten, Frank Siebenlist, Von Welch and others TBD.

Outline:

The workshop will have a number of invited speakers, who will present attempts to address the challenges described previously (an initial list is give below and we will also produce a call to the community for additional presenters). The goal of each presenter will be to solicit feedback from the audience in regards to how well a particular solution does or does not meet the challenge from their point of view. Ample time will be allowed for discussion.

Preliminary speak list:
•	Ken Klingensten – Campus IT
•	Von Welch – Shibboleth for Grids
•	Jim Basney – MyProxy/LTER/NFC/NERSC
•	Tom Barton – Signet/Grouper
•	TBD (Dane Skow?) – Kerberos CA
•	Someone from IU or TeraGrid to discuss their Grid Operations Center/HelpDesk?
•	Condor-Shib?


Marketing plan:
The organizers are involved in GGF security working groups and activities related to this activity such as TeraGrid and Internet2. We will reach out to the constituency of those groups, plus other groups we believe will be interested, such as OSG and the EU Grid efforts.

 

tech_requirements: None 

prereq_participants: Basic understanding of virtual organizations and security 

advertise_suggestion: Related technical and security-oriented lists for GGF, Internet2, and large Grid projects (TeraGrid, OSG, etc.)

More information about the communities mailing list