[jsdl-wg] my view on execution user and group
Darren Pulsipher
darren at pulsipher.org
Wed Mar 30 07:38:52 CST 2005
Ok my turn to say something about the User section.
The User Section is attached to the Job definition and the Data Staging
areas for stage in and stage out.
I believe that we need to have Name, Group and some passthru for credentials
(or an extension for such) not only for POSIX applications but for all
different types of jobs. Web services typically have these concepts, sql
would have it, AFS with security uses it etc...
If it is not put into the JobDefinition or the DataStaging areas then people
will add it in through extensions all over the place. As most jobs require
some kind of identification of the user that will be running jobs and moving
data.
Putting this in the POSIX Application area is too limiting and does not
allow for referencing the User in other sections easily. For example in a
complex workflow where the user identity will change depending on the job
that is run it would be beneficial to reference the Users that are defined
potentially outside of the JobDefinition several times.
Any questions?
Darren
-----Original Message-----
From: owner-jsdl-wg at ggf.org [mailto:owner-jsdl-wg at ggf.org] On Behalf Of
Donal K. Fellows
Sent: Wednesday, March 30, 2005 5:14 AM
To: Ali Anjomshoaa
Cc: jsdl-wg at gridforum.org
Subject: Re: [jsdl-wg] my view on execution user and group
Ali Anjomshoaa wrote:
> ...again, any other thoughts on this?
I think Karl's got the interpretation of the ExecutionUser and
ExecutionGroup elements right. I'd just add that I would expect most
JSDL instances to not specify these elements, with the identity to
execute the job as being either implicit within the submission security
context or present explicitly through SAML/XACML elements. Our
experience with UNICORE is that this functionality is only rarely useful
(but invaluable in those situations, of course, so the elements are
worth retaining).
Donal.
More information about the jsdl-wg
mailing list