[jsdl-wg] my view on execution user and group

William Lee wwhl at doc.ic.ac.uk
Thu Mar 31 04:07:35 CST 2005 

I agree with Chris. I would even suggest put the POSIX user ID and 
group ID elements in the <application-executable/> (If that's what we 
have decided to call) section than the wrapping <application/> section, 
because it's quite 'binary job' specific.

William

On 31 Mar 2005, at 10:59, Ali Anjomshoaa wrote:

>
> Hi Chris,
>
>> I think that retaining the user name and group is useful, as I have 
>> customer
>> use cases where the template of a job is permanently attached to a
>> particular user identity for execution, so I think I'd like to see 
>> these
>> stay.
>
> Will a POSIX user ID in the Application section satisfy your use-case? 
> If
> not, can you please suggest a more concrete definition for a user 
> element
> that would satisfy your use-case?
>
> There is currently no definition for the UserCredential element in the
> Spec, but, there is one for UserGroup - anyone able to explain this? 
> The
> UserGroup element's definition says that it contains the credentials
> necessary to run the job in a Grid!
>
>
>>
>> The management and establishment of credentials, on the other hand, is
>> generally very dependent on the protocol being used and the specific 
>> context
>> of the job submission itself, that it doesn't make sense to put this 
>> in a
>> job description. Having just finished a project Kerberizing one of our
>
> I agree with Chris here. It doesn't make sense to have credentials in 
> the
> JSDL. We decided in Berlin that security and credentials were out of
> JSDL's scope. We shouldn't let them creep back in!
>
>
> Cheers,
>
> Ali
>
>
>> products, I'm feeling this first hand.
>>
>> -- Chris
>>
>>
>> On 30/3/05 05:38, "Darren Pulsipher" <darren at pulsipher.org> wrote:
>>
>>> Ok my turn to say something about the User section.
>>>
>>> The User Section is attached to the Job definition and the Data 
>>> Staging
>>> areas for stage in and stage out.
>>>
>>> I believe that we need to have Name, Group and some passthru for 
>>> credentials
>>> (or an extension for such) not only for POSIX applications but for 
>>> all
>>> different types of jobs. Web services typically have these concepts, 
>>> sql
>>> would have it, AFS with security uses it etc...
>>>
>>> If it is not put into the JobDefinition or the DataStaging areas 
>>> then people
>>> will add it in through extensions all over the place. As most jobs 
>>> require
>>> some kind of identification of the user that will be running jobs 
>>> and moving
>>> data.
>>>
>>> Putting this in the POSIX Application area is too limiting and does 
>>> not
>>> allow for referencing the User in other sections easily. For example 
>>> in a
>>> complex workflow where the user identity will change depending on 
>>> the job
>>> that is run it would be beneficial to reference the Users that are 
>>> defined
>>> potentially outside of the JobDefinition several times.
>>>
>>> Any questions?
>>>
>>> Darren
>>>
>>> -----Original Message-----
>>> From: owner-jsdl-wg at ggf.org [mailto:owner-jsdl-wg at ggf.org] On Behalf 
>>> Of
>>> Donal K. Fellows
>>> Sent: Wednesday, March 30, 2005 5:14 AM
>>> To: Ali Anjomshoaa
>>> Cc: jsdl-wg at gridforum.org
>>> Subject: Re: [jsdl-wg] my view on execution user and group
>>>
>>> Ali Anjomshoaa wrote:
>>>> ...again, any other thoughts on this?
>>>
>>> I think Karl's got the interpretation of the ExecutionUser and
>>> ExecutionGroup elements right. I'd just add that I would expect most
>>> JSDL instances to not specify these elements, with the identity to
>>> execute the job as being either implicit within the submission 
>>> security
>>> context or present explicitly through SAML/XACML elements. Our
>>> experience with UNICORE is that this functionality is only rarely 
>>> useful
>>> (but invaluable in those situations, of course, so the elements are
>>> worth retaining).
>>>
>>> Donal.
>>>
>>
>>
>
> --
>
>         ---------------------------------------------------- |epcc| -
>         Ali Anjomshoaa
>         EPCC, University of Edinburgh
>         James Clerk Maxwell Building
>         Mayfield Road                   E-mail: ali at epcc.ed.ac.uk
>         Edinburgh EH9 3JZ               Phone:  + 44 (0) 131 651 3388
>         United Kingdom                  Fax:    + 44 (0) 131 650 6555
>         -------------------------------------------------------------
>
>
>
--- William Lee @  London e-Science Centre, Imperial College London --
--- Software Coordinator ---
A: Room 380, Department of Computing, Imperial College London,  Huxley
Building, South Kensington campus, London SW7 2AZ, UK
E: wwhl at doc.ic.ac.uk | william at imageunion.com
W: www.lesc.ic.ac.uk | www.imageunion.com
P: +44(0)20 7594 8251
F: +44(0)20 7581 8024

--- Projects ----------------------------
GridSAM: http://www.lesc.ic.ac.uk/gridsam
Markets: http://www.lesc.ic.ac.uk/markets
ICENI:   http://www.lesc.ic.ac.uk/iceni
-----------------------------------------

More information about the jsdl-wg mailing list