[Pgi-wg] Scientific Computing - Integrating Service and Desktop Grids - Standardization

Etienne URBAH urbah at lal.in2p3.fr
Wed Mar 18 14:06:39 CDT 2009 

Jesus,

Thank you for your study on my proposal to use Restricted Proxies 
permitting that untrusted computing resources from Desktop Grids have 
restricted access to storage resources of Service Grids.

Compared to the current situation of unrestricted proxies which could be 
completely revoked, I do NOT understand how embedded read/write 
attributes could trigger any NEW revocation issue.

EDGeS is also actively working on data storage by Desktop Grids.  In 
particular, XtremWeb already provides it.  The whole security model 
still has to be defined, and must be thoroughly reviewed.

AFAIK, our EDGeS project considers that each Cloud provider has created 
its own closed proprietary environment and refuses any interoperability, 
so we are NOT planning to work about interoperability with Clouds.

For video conferences, our MCU server is ccmcu40.in2p3.fr
But I have NOT planned a video conference yet.

Please note that the OGF26 date has changed :
-  OGF26  (Chapel Hill, NC, USA)    26-29 May 2009

Best regards.

----------------------------------
Etienne URBAH          IN2P3 - LAL
Bat 200     91898 ORSAY     France
Tel: +33 1 64 46 84 87
Mob: +33 6 22 30 53 27
Skype: etienne.urbah
mailto:urbah at lal.in2p3.fr
----------------------------------


On Wed, 18 Mar 2009, Jesús Luna wrote:
> Dear Etienne,
> 
> First of all I'd like to excuse myself for this late reply to your email, however I'd like to let you know that there has been a change in my affiliation and since February I'm working with Barcelona Digital (an R+D center located in Barcelona, Spain). Nevertheless I still keep my interest in participating with EDGeS, in particular when referring security/privacy aspects.
> 
> I've reviewed your proposal about potential use of Restricted Proxies and IMHO it's a nice approach for solving part of the trust issues that arise when bridging Service+Desktop Grids, however I'd like to comment the following:
> 
> -A mechanism able to provide up-to-date Restricted Proxy's validation at the Trusted Node might be required to avoid potential security gaps related with the propagation of revocation information (i.e. updating read/write attributes or even revoking the whole Proxy). This issue was studied at OGF's CAOPS WG a couple of years ago (in fact I was part of that WG).
> 
> -As a CoreGRID fellow, last year I was researching potential use of Desktop Grids for storing data (something I called a Desktop Data Grid). A paper was presented at the PCGrid'08 workshop (I met Peter there). Are you considering also this potential use as part of EDGeS project? If so, then we should review the proposed approach as Storage Nodes would be untrusted in this new scenario.
> 
> -Finally, are -EDGeS- you planning to do some work about Cloud+Desktop Grid's interoperability? Maybe a position paper?
> 
> Thanks again for taking into account my opinion and please keep me informed about forthcoming videoconferences.
> 
> Regards,
> 
> JESUS LUNA GARCIA
> Security Researcher
> M. 618 213 212
> jluna at bdigital.org
> BARCELONA DIGITAL CENTRE TECNOLOGIC
> Sancho de Avila 110-130, 08018 Barcelona 
> Tel. 93 553 45 40 - Fax. 93 553 45 41 
> www.bdigital.org
> 
> 
> 
> 
> 
> 
>> -----Mensaje original-----
>> De: Etienne URBAH [mailto:urbah at lal.in2p3.fr]
>> Enviado el: miércoles, 28 de enero de 2009 17:32
>> Para: J. LUNA
>> CC: Peter KACSUK; Oleg LODYGENSKY; edges-na3 at mail.edges-grid.eu
>> Asunto: Scientific Computing - Integrating Service and Desktop Grids -
>> Standardization
>>
>> Hi Mr. LUNA,
>>
>>
>> In the domain of scientific computing, I am working with Peter KACSUK
>> of MTA SZTAKI (Budapest, Hungary) inside the EDGeS project 
>> http://www.edges-grid.eu/ which is bridging
>>    Service Grids (Production Grid Infrastructures, like EGEE) with
>>    Desktop Grids (loose opportunistic grids using idle resources, like 
>> BOINC, XtremWeb, OurGrid).
>>
>> For the rationale, you can look at the text at the bottom of this mail.
>>
>>
>> By now, our project, and other projects listed below, provide bridges 
>> in real operation between Service Grids and Desktop Grids.
>>
>> In order to provide world wide support of the growing computing needs 
>> of scientific communities, it is now time to :
>> -  bring together the existing projects bridging existing Services 
>> Grids and Desktop Grids,
>> -  begin the standardization of the integration of existing Services 
>> Grids and Desktop Grids.
>>
>>
>> Therefore, we would like to work inside OGF PGI (Open Grid Forum - 
>> Production Grid Infrastructure)
>> http://www.ogf.org/gf/group_info/view.php?group=pgi-wg so that the OGF 
>> recommendations take into account the bridging of Desktop Grids, in 
>> particular the issues about Information representation, Security, Job 
>> submission and Monitoring.
>>
>> For information about relevant OGF standards, you can look at David 
>> WALLOM's excellent presentation 'Standardisation: Recent progress 
>> review and best-practices sharing: Middleware Track', in particular 
>> pages 27, 28 and 30, at 
>> http://www.beliefproject.org/events/econcertations/6th-
>> econcertation/ppts/eConcert-Standards-Middleware-track.pdf
>>
>>
>> We have to make the best use of, and perhaps improve GLUE2, AUTHZ, 
>> BES, JSDL, SRM, ...
>>
>> In particular, the current work of OGF PGI about 'Restricted 
>> Impersonation' could permit that untrusted computing resources from 
>> Desktop Grids would have access to storage resources of Service Grids :
>>   see my presentation at 
>> http://forge.gridforum.org/sf/go/doc15450?nav=1
>>
>>
>> Among others, we are inviting following projects for the 
>> standardization of 'Integrating Service and Desktop Grids' :
>> -  BOINC               (University of Berkeley)
>> -  LATTICE             (University of Maryland)
>> -  EELA-2 OurGrid      (INFN, Italy - Universities, Brazil)
>> -  CONDOR backfill     (University of Wisconsin)
>> -  Superlink           (Technion, Haifa)
>> -  Clemson Campus Grid (Clemson University)
>>
>> We have H323 equipment permitting direct video communication, and we 
>> could use the EVO facility at http://evo.vrvs.org/evoGate/ for video 
>> conferences.
>>
>> We are willing to work actively and present our progress at :
>> -  OGF25  (Catania, Italy)          02-06 March   2009
>> -  OGF26  (Chapel Hill, NC, USA)    08-12 June    2009
>> -  OGF27  (Bannf, Alberta, Canada)  12-16 October 2009
>>
>>
>> For more information about EDGeS, you can look at my presentation 
>> 'EDGeS : Bridging EGEE to BOINC and XtremWeb' at 
>> http://forge.gridforum.org/sf/go/doc15437?nav=1
>>
>>
>> Thank you in advance for your comments on 'Restricted Impersonation' 
>> and for your participation.
>>
>>
>> Best regards.
>>
>> ----------------------------------
>> Etienne URBAH          IN2P3 - LAL
>> Bat 200     91898 ORSAY     France
>> Tel: +33 1 64 46 84 87
>> Mob: +33 6 22 30 53 27
>> Skype: etienne.urbah
>> mailto:urbah at lal.in2p3.fr
>> ----------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4919 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.ogf.org/pipermail/pgi-wg/attachments/20090318/0823460f/attachment.bin

More information about the Pgi-wg mailing list