[glue-wg] v1.3 documentation, please!
Paul Millar
paul.millar at desy.de
Thu May 8 12:10:24 CDT 2008
Hi Stephen,
Thanks for the comments and info. My comments are...
On Thursday 08 May 2008 16:37:57 Burke, S (Stephen) wrote:
> glue-wg-bounces at ogf.org
>
> > [mailto:glue-wg-bounces at ogf.org] On Behalf Of Paul Millar said:
> > True, but OGF-GLUE-WG does provide the GLUE/LDAP binding,
> > which I feel currently is lacking some documentation.
>
> GLUE is only an OGF WG for the Glue 2.0 spec, so while it will produce
> an LDAP binding for 2.0 it doesn't have any direct responsibility for
> 1.3. Indeed for 1.2 and 1.3 there was no GLUE project as such, the
> original GLUE wound up several years back.
OK, fair enough, but I'd mark this one down as "inherited debt": someone
should be "maintaining" (in the ISO meaning of the word) the GLUE v1.3
standard since it's in active use. Perhaps this should be the OGF GLUE WG?
Besides, many of the people in GLUE WG are among the authors of the GLUE v1.3
specification and adding a wiki page isn't such an onerous task.
> > So, for these reasons, one cannot (reasonably) claim that the
> > schema is the
> > single authoritative source as schemata can only validate a
> > document, which is a lesser requirement than correctness.
>
> Being picky, the schema is in fact the only authoritative source
Yes, with the schema one can make an authoritative statement, but only in
answer to one question: is a document is valid?
Ensuring documents are valid is very useful, but it really isn't sufficient:
we want documents (i.e., LDIF information) that are going to be *useful* to
people. Not all valid documents are useful.
Here's an explicit example. (I believe) one can publish the following object:
dn:
GlueSEAccessProtocolLocalID=gridftp at example.org,GlueSEUniqueID=example.org,mds-vo-name=resource,o=grid
objectClass: GlueSETop
objectClass: GlueSEAccessProtocol
objectClass: GlueKey
GlueSEAccessProtocolLocalID: gridftp at example.org
GlueSEAccessProtocolType: gridftp
GlueSEAccessProtocolEndpoint: gridftp://milliways.example.org:2811
GlueSEAccessProtocolCapability: file transfer
GlueSEAccessProtocolVersion: 1.0
GlueSEAccessProtocolMaxStreams: 20
GlueSEAccessProtocolPort: 2811
GlueSEAccessProtocolSupportedSecurity: GSI
GlueChunkKey: GlueSEUniqueID=bogusValue
(I believe) this will pass the LDAP Schema checks (the attribute value is a
valid IA5String) so the object is valid; however, it's certainly
not "correct" as the GlueChunkKey points the end-user to a GlueSEUniqueID
that doesn't match the corresponding RDN within the DN.
Another example would be the same object, but published without the GlueKey
objectClass and without any GlueChunkKey attribute. This, too, would be
valid LDIF (I believe) and also not "correct": Glue-v1.3 specifies a link
from AccessProtocol to StorageElement (see Glue-v1.3, page 14). This link
would be missing on LDAPv2 implementations (with LDAPv3 it is available
through the :dn: extension to the query language, but I believe we're leaving
that out of the current discussion).
This is the difference between a document being valid and (what I mean
by) "correct": valid documents pass the schema, correct documents mean no one
can (reasonably) complain the information is in some way wrong.
> while it might be nice to have some additional definitive document we don't
> actually have one!
Exactly: someone should create this additional definitive document; a wiki
page would be sufficient.
(IMHO the absence, so-far, of documentation is not a great argument for its
continued absence!)
> > Most things are, but the GlueChunkKey (as one example) isn't.
>
> That's because it's only in the LDAP implementation
Exactly! GLUE/LDAP has some information that should be document that are
both:
i) specific to the GLUE/LDAP binding,
ii) for technical reasons, are not covered by the LDAP Schema.
The format of GlueChunkKey is one, there may be other things.
> but anyway, as I say I don't think [GlueChunkKey] should be obsoleted, and
> it certainly isn't for 1.3.
Yup, fair enough. Personally, I don't care one way or the other. If it's
needed by people querying the info-system, we should provide it.
However, by the same token, if it *is* needed, there should be a document
describing how to generate the values, for which objectClasses it is needed,
etc...
> > [GlueService -URI and -URL attributes being removed]
> The GlueService things are LCG-specific because those attributes were
> never officially part of GLUE at all
Err... so, out of idle curiosity, if these attributes are LCG extensions, why
did the attributes being with "Glue"? Would something else (for
example, "LCG") not have been a better prefix?
There's a more general issue here: should GLUE reserve some part of the
name-space? (This could be more of a "Gentleman's agreement" than a rigid
partitioning.)
Apart from avoiding confusion, Glue reserving some part of the name-space
might help prevent future problems; for example, if a version 1.4 of GLUE was
introduced that defines a new attribute "GlueServiceURI", but with different
semantics to LCG's usage (e.g., LCG allowed GlueServiceURI attribute values
that are not a URI, but GLUE requires all values to be a URI), this would
cause problems.
> (LCG had its own Service object at one time).
Fair enough. I guess EGEE, LCG or any group should feel free to publish
additional information, provided it doesn't conflict with Glue information.
[...]
> > [As an aside: does EGEE/WLCG document that GlueService -URI /
> > -URL are no
> > longer required? Is there anyway of being notification when these
> > requirements change?]
>
> Not really, because it's a question of fixing individual bugs - those
> attributes should never have been used in the first place, but they were
> published because there was code that did in fact use them.
The correctness or otherwise of publishing some attributes aside, if there are
changes in what data the info-providers should provide then the people
writing those info-providers *need* to know. When there are changes, there
must be timely dissemination of these changes within the developer community.
> > [changes to GLUE schema]
> Unfortunately we quite often hit problems like that, where we can't in
> practice publish according to the schema because there is broken code
> making invalid assumptions and it takes time to get things fixed.
Hmm... I'm not sure if, with "code making invalid assumptions", you're
referring to the info-providers or the underlying systems.
I first read this as referring to the underlying services and a little warning
bell (marked "horse before cart") just went off in my head. If so, to me
this sounds more like the schema is making invalid assumptions about the
services so the schema is broken; requiring the underlying services to change
so the correct information can be publish seems bizarre.
Of course, if you're referring to the info-providers, then that's fair enough
(although it does hint that "correct" is insufficiently defined).
> > [publishing GLUE (v1.3 in particular) as a EGEE issue]
>
> Well, yes and no - SRM is a general standard and now also an OGF WG so
> the general question of how SRM v2 should be reflected in GLUE goes
> beyond WLCG, it just happens to be the case that WLCG is currently the
> main user.
This sounds like a good idea to me. Does this mean that (someone within) GLUE
is going to provide documentation that describes how to map SRM v2.2 concepts
to GLUE v1.3? A wiki page would be good.
> > Agreed. Which forum within EGEE (or WLCG) discusses its
> > adoption of GLUE?
>
> It was the GSSD group, but I'm not sure if that still exists (Maarten?).
Aye, but I believe GSSD is specifically storage and not specifically GLUE; so,
although the should (IMHO) have a strong influence on EGEE's usage of GLUE
for storage, they're not the forum that decides how EGEE should use GLUE.
Cheers,
Paul.
(who often gets confused due to the plethora of groups, boards and panels our
community seems to develop!)
More information about the glue-wg
mailing list