[jsdl-wg] my view on "user credentials"
Ali Anjomshoaa
ali at epcc.ed.ac.uk
Wed Mar 30 04:16:32 CST 2005
Any other takers...? I guess I should wait for US to wake up...
Ali
On Wed, 30 Mar 2005, Michel Drescher wrote:
> Guys,
>
> my view basically matches Karls view. To me, the consequence would be
> to refactor out the User section to an embracing document, which then
> maps User credentials to particular elements in the JSDL document
> (hence the ability to construct QNames referring to elements in a JSDL
> document).
>
> Referring to Karls other mail concerning Execution(User|Group), these
> would consequently permeate to the POSIXApplication element I think.
>
> Cheers,
> Michel
>
> N.B.: Ali, I didn't check, but did you already upload the conf minutes
> to Gridforge?
>
> On 30 Mar 2005, at 10:00, Ali Anjomshoaa wrote:
>
> >
> > Many thanks for this Karl. It is very clear. Any other thoughts on
> > this?
> > Donal, Michel, Darren...?
> >
> > Thanks in advance,
> >
> > Ali
> >
> >
> > On Wed, 30 Mar 2005, Karl Czajkowski wrote:
> >
> >> I don't disagree that user credentials will be important for many
> >> jobs. However, I disagree that a type and semantics-free
> >> UserCredential field, as in the current draft, actually helps.
> >>
> >> I think a consumer of a JSDL document needs to know two things to make
> >> use of credentials: 1) what is it, and 2) what is it for. I think it
> >> is wishful thinking to say there is one generic user credential
> >> category and the consumer can divine the rest from the value
> >> itself. If this is so, we might as well put this expressive value in
> >> the xsd:any##other slot as an extension (understood by some, but not
> >> all, consumers).
> >>
> >> For example, in WS-GRAM for GT4, we do not pass around credentials per
> >> se, but we do pass around references to credentials (the actual
> >> credentials are moved ahead of time by out-of-band means relative to
> >> WS-GRAM). Because each of these references is of the same type (and
> >> referring to the same type of credential: our GSI proxies), we have
> >> separate fields in the WS-GRAM job language to designate the purpose
> >> of each one: one to put in the job's environment (as a file), one for
> >> WS-GRAM to use when invoking our RFT file transfer service, and a
> >> third to pass through (by reference) to the RFT service itself (which
> >> it then uses to authenticate with GridFTP).
> >>
> >> We would have to use these wrappers in the JSDL transliteration, since
> >> "user credentials" is too abstract to actually convey the different
> >> meanings we have. I suspect that any meaningful "pass through" would
> >> have to do the same thing---designate _which_ target mechanism to pass
> >> the values to. It wouldn't help much if a JSDL consumer "passed" a
> >> Kerberos ticket in the file where we expect GSI proxies, or vice
> >> versa.
> >>
> >>
> >> karl
> >>
> >> --
> >> Karl Czajkowski
> >> karlcz at univa.com
> >>
> >>
> >
> > --
> >
> > ---------------------------------------------------- |epcc| -
> > Ali Anjomshoaa
> > EPCC, University of Edinburgh
> > James Clerk Maxwell Building
> > Mayfield Road E-mail: ali at epcc.ed.ac.uk
> > Edinburgh EH9 3JZ Phone: + 44 (0) 131 651 3388
> > United Kingdom Fax: + 44 (0) 131 650 6555
> > -------------------------------------------------------------
>
>
--
---------------------------------------------------- |epcc| -
Ali Anjomshoaa
EPCC, University of Edinburgh
James Clerk Maxwell Building
Mayfield Road E-mail: ali at epcc.ed.ac.uk
Edinburgh EH9 3JZ Phone: + 44 (0) 131 651 3388
United Kingdom Fax: + 44 (0) 131 650 6555
-------------------------------------------------------------
More information about the jsdl-wg
mailing list