[ogsa-rss-wg] comments on the EPS wsdl

Donal K. Fellows donal.k.fellows at manchester.ac.uk
Mon Aug 7 10:10:34 CDT 2006 

Arvid Norberg wrote:
> I'm currently attempting to implement an EPS and have based its interface
> on the WSDL files posted to this list by Donal.
> 
> My first attempt was to make the wsdl/xsd files to build with the globus wsrf tools.
> By downloading the (not very easy to find) files:
> 
>   wsrf/resourceproperties/rp-1.xsd
>   wsrf/resource/rw-1.wsdl
>   etc.
> 
> Are these really the versions that are supposed to be used?

Umm, they're the versions I'm using with my tooling, but I'm using the
Unicore/GS tooling which is a bit different to the Globus tooling. I'm
not going to argue about tooling versioning though; at this stage the
WSDL's really just illustrative as it has many things in it I need to fix.

I should note that Unicore/GS uses a different (more recent) version of
WS-RF than Globus. That could cause problems, but can't really be helped.

[after fiddling around]
> Then it built and worked ok.

OK, I'll take that as validation of the interesting bits. :-) It seems
something of a shame to point out that I've got to do a lot more work on
it to fix inconsistencies in it.

> One addition I have found the need of is to supply an EPR to credentials (delegated
> via the delegation service) in the call to GetExecutionPlans. This is necessary when
> using Globus' MDS index server, since you typically need to authenticate against it.
> 
> It may also be of interest for the CSG to know which user is the caller, since it may
> be able to only respond with resources which that particular user has the right to
> use.

While that's true, I'd expect such information to be passed in the
service context (i.e. as a field in the SOAP header where the WSDL
doesn't see it) and I have absolutely no intention of restricting the
security model to just the Globus (or the Unicore/GS) model. Aside from
that, I'd say you're on the money there with the ideas. Candidates most
certainly should only be generated in suck a way that the user can make
use of them, and that should (where possible and practical) include
checking to see if the user is permitted to execute the job there.
Indeed, one of the things that came up last GGF was that the EPS spec
will need to have a non-trivial Security Aspects section, unlike most
GGF specs that I've seen to date...

In any case, thanks very much for your feedback.

(Should we start holding telecons? Or is everyone happy with continuing
to use email as our collaboration tool? I prefer email myself, but I'm
perfectly willing to adapt to other people's preferences.)

Donal.

More information about the ogsa-rss-wg mailing list