[jsdl-wg] my view on execution user and group

Ali Anjomshoaa ali at epcc.ed.ac.uk
Wed Mar 30 03:01:41 CST 2005 

...again, any other thoughts on this?

Thanks in advance,

Ali


On Wed, 30 Mar 2005, Karl Czajkowski wrote:

> The concrete use case I have from Globus is to indicate under which
> POSIX username a job should be executed.  I see group (actually,
> default or primary group) as a reasonable extension of the concept,
> though we do not do that today.  This use case is job configuration
> details, just like POSIX limits, environment variables, etc.  It is
> important in situations where there is not a one-to-one mapping of
> global user identity (PKI subject) to local accounts for the GRAM
> service to apply, e.g. when a user has several role-specific accounts
> or temporary "scratch" accounts. Of course, such configuration values
> are subject to authorization checks in practice.
> 
> I am not clear on whether this is the intended purpose of the existing
> user and group fields in the User section, but if it is not then I am
> not clear on what it is for at all...
> 
> I admit my bias is towards thinking of the use of JSDL in distributed
> protocols like GRAM.  I guess if we were to use it in the local
> "adapter" interface between the GRAM service and the local scheduler
> scripts, we might have a use for specifying the authenticated user
> name, which for GRAM would be a PKI subject name. This makes sense
> because the adapter scripts inherently trust GRAM; GRAM would reject
> the presence of such a field in the over-the-wire transmission of
> JSDL, since the user identification comes from the binding-level
> security mechanisms. I can see this kind of info belonging in a User
> section for the adapter case, but I still need the POSIX username in
> the executable section.
> 
> karl
> 
> -- 
> Karl Czajkowski
> karlcz at univa.com
> 
> 

--

        ---------------------------------------------------- |epcc| -
        Ali Anjomshoaa
        EPCC, University of Edinburgh
        James Clerk Maxwell Building
        Mayfield Road                   E-mail: ali at epcc.ed.ac.uk
        Edinburgh EH9 3JZ               Phone:  + 44 (0) 131 651 3388
        United Kingdom                  Fax:    + 44 (0) 131 650 6555
        -------------------------------------------------------------

More information about the jsdl-wg mailing list