[occi-wg] OCCI testing tutorial and q on use with secured services

alexander.papaspyrou at tu-dortmund.de alexander.papaspyrou at tu-dortmund.de
Wed Jan 5 09:52:43 CST 2011 

I'll try and ask Floris Sluiter whether he can contribute regarding security. Currently, the use cases into that direction are a bit meager, but probably the most obvious ones...

-Alexander

Am 05.01.2011 um 10:58 schrieb Thijs Metsch:

> 
> Hi,
> 
> Thanks for the links - regarding a GUI for testing to show how OCCI works on the inside: maybe Michael Behrens from R2AD can help? They developed a cool JavaFX GUI for OGF 28...
> 
> Regarding security: I might be able to help: I can deploy my implementation on an apache secured container. I wrote a blog article about it once (need to find it). If you can help write an article on OCCI & security I would volunteer to help - I guess other people also have some security ideas in mind. We could use such an article for getting an extension on our spec on security. I was also wondering if the DCI-fed group in OGF can help here? @Alexander? Maybe with a set of use-cases? So the model would be in DCI-fed an the OCCI spec extension would describe the more 'technical' implementation.
> 
> Cheers,
> 
> -Thijs
> 
> -----Original Message-----
> From: Alan Sill [mailto:alan.sill at ttu.edu]
> Sent: Tue 04/01/2011 18:37
> To: Thijs Metsch
> Cc: Alan Sill; David Wallom; alexander.papaspyrou at tu-dortmund.de; occi-wg at ogf.org
> Subject: Re: [occi-wg] OCCI testing tutorial and q on use with secured services
> 
> Thijs, this tool looks good!  It is beyond what I had aimed at, which was an article, perhaps using a more general REST command-line or GUI tool, to allow people to see the "inner workings" of how OCCI-based control and interaction with a resource worked.  You went all the way to a packaged took for testing, which is great, if perhaps less instructive and pedagogical for the community. Still, all of the ingredients are there for a nice Linux Journal-type of article or blog entry on OCCI testing.
> 
> Re. the HPC profile, I have to admit ahead of time that I am not a great fan of that work, which I saw as very disconnected from the actual ways that grid jobs and data are handled and scheduled by large-scale infrastructure projects in practice.  It is true, however, that a nice body of work was done that led to a set of demonstrations before that group concluded.
> 
> The best link to documents that are related to this work is probably this one:  http://www.ogf.org/hpcp/specs.php 
> 
> It contains a nice catalog of related OGF published documents, some of which have valuable content.
> 
> For practical utility with existing grid projects, we have got to be able to use certificates for AuthN and have some sort of usable AuthZ behind it.  GSI-AuthZ is one example but even simple Apache certificate parsing would be useful for low level-of-assurance AuthN in portal settings.  I have in mind demonstrating use of a "super-portal" that can launch canned grid jobs and interact with them in ways that conventional portals cannot.
> 
> That goed beyond the testing topic mentioned above, however, which probably be separated from this as a topic.  For that, I think the time is right to put an article or two out into the literature for pedagogical value.  Any ideas?
> 
> Thanks!
> 
> Alan
> 
> On Jan 4, 2011, at 9:42 AM, Thijs Metsch wrote:
> 
> >
> > Hi,
> >
> > Is that similar to what Andre Merzky did with SAGA for last OGF? Since OCCI can also be used for job submission we can demo that demo with OCCI soon as well - but that's another topic :-)
> >
> > Is there a link/documentation for the HPC profile stuff?
> >
> > Attached is a Screenshot of what I guess Alan had in mind - will share the code soon.
> >
> > Cheers,
> >
> > -Thijs
> >
> > -----Original Message-----
> > From: David Wallom [mailto:david.wallom at oerc.ox.ac.uk]
> > Sent: Tue 04/01/2011 15:38
> > To: Thijs Metsch; alexander.papaspyrou at tu-dortmund.de; alan.sill at ttu.edu
> > Cc: occi-wg at ogf.org
> > Subject: Re: [occi-wg] OCCI testing tutorial and q on use with secured services
> >
> > Hi,
> >
> > Another thing that should be considered is to replicate what has been done
> > with the HPC Basic Profile Interoperability demonstration that has
> > successfully run at a number of OGF and other meetings. That uses all
> > known implementations  and is a good example that OGF management and
> > community can use to show 'success'.
> >
> > Regards
> >
> > David
> > --
> > ===================================
> > Dr David Wallom
> > Oxford e-Research Centre
> > University of Oxford
> > Rm 160, 7 Keble Road
> > Oxford
> > OX1 3QG
> >
> > +44(0)1865 610601
> > ===================================
> >
> >
> >
> >
> >
> > On 04/01/2011 09:40, "Thijs Metsch" <tmetsch at platform.com> wrote:
> >
> > >Indeed a good idea - will try to create such a thingy soon.
> > >
> > >BTW. I have tested using my implementation with SSL activated. Had it
> > >running with GSI-Authz also a while back. Currently I do not support
> > >that anymore (I changed the framework in the background). But at least I
> > >can verify that it can be done :-)
> > >
> > >Cheers,
> > >
> > >-Thijs
> > >
> > >> -----Original Message-----
> > >> From: occi-wg-bounces at ogf.org [mailto:occi-wg-bounces at ogf.org] On
> > >> Behalf Of alexander.papaspyrou at tu-dortmund.de
> > >> Sent: Tuesday, January 04, 2011 10:25 AM
> > >> To: alan.sill at ttu.edu
> > >> Cc: occi-wg at ogf.org
> > >> Subject: Re: [occi-wg] OCCI testing tutorial and q on use with secured
> > >> services
> > >>
> > >> A very good idea, Alan.
> > >>
> > >> It would be great if we could provide an automated test suite running
> > >> somewhere "in the cloud" (GAE maybe?) which people can use to verify
> > >> their OCCI implementations. Any opinions on this?
> > >>
> > >> -Alexander
> > >>
> > >> Am 20.12.2010 um 23:52 schrieb Alan Sill:
> > >>
> > >> > How about an OCCI testing tutorial using some of the deployed
> > >> instances as an example?  A starting point might be the tool at the
> > >> following link.  (Version 2.3.3 released today.)
> > >> >
> > >> > Project:
> > >> > rest-client - Project Hosting on Google Code
> > >> >
> > >> > Link:
> > >> > http://code.google.com/p/rest-client/
> > >> >
> > >> > I'd also like to see a test with SSL-secured httpd services,
> > >> preferably in a GSI AuthZ or other user cert-secured context.  I know
> > >> this will be trivial but I'd just like to see if anyone has done it in
> > >> a deployed context to date.  Any links?
> > >> >
> > >> > Thanks,
> > >> > Alan
> > >> >
> > >> > P.S.: Please ignore the auto-reply message - I'm reading messages on
> > >> this topic this holiday...
> > >> >
> > >> > _______________________________________________
> > >> > occi-wg mailing list
> > >> > occi-wg at ogf.org
> > >> > http://www.ogf.org/mailman/listinfo/occi-wg
> > >>
> > >> _______________________________________________
> > >> occi-wg mailing list
> > >> occi-wg at ogf.org
> > >> http://www.ogf.org/mailman/listinfo/occi-wg
> > >_______________________________________________
> > >occi-wg mailing list
> > >occi-wg at ogf.org
> > >http://www.ogf.org/mailman/listinfo/occi-wg
> >
> >
> >
> >
> > <screeny.png>
> 
> 
>

More information about the occi-wg mailing list