[Risge-rg] Use case

[Ioannis Liabotis]

Hi,

some comments from me regarding the last question:
(without me being a security expert as well)

>> o Can a host certificate be a member of a VO?


For the implementation of such use case there is the possibility to  
use the so called Robot certificates.

These certificates at least in Europe are currently issued by UK E- 
science CA, DutchGrid CA and INFN CA.

And I guess that other CAs might be willing to implement something  
like this if there is need.

Hope this helps.

Best Regards,
Ioannis-


On Jun 23, 2008, at 6:31 PM, Constantinos (Costas) Kotsokalis wrote:

> Hi Marcus,
>
> Some (I hope not too late) answers/comments inline :-)
>
> On Jun 19, 2008, at 10:47 , Marcus Hardt wrote:
>
>> Dear Colleagues,
>>
>> I'm one of the "silent" consumers of this list. And I wonder, if the
>> following
>> use case is already covered by the RISGE group.
>>
>> We have a sensor that could be operated by an operator for making a
>> measurement.
>>
>> The measurement needs to be stored in a grid-accessible way.
>> Preferrably it
>> would be copied to a gLite Storage Element (SE) and registered in
>> the gLite
>> Logical File Catalogue (LFC).
>>
>> Ideally the sensor would be capable of submitting jobs that analyse
>> the data.
>>
>
> Overall, we are looking into those situations where there is some  
> post-
> processing of experimental data involved, without explicitly examining
> the exact kind of post-processing, where they are stored (we consider
> a data sink which might be anything), how the data was transfered,  
> etc.
>
>> Now I've some questions:
>>
>> o Is there a common understanding of how the Proxy is created? This
>> directly
>> influences the ownership of the data?
>
> In average, it looks like most (if not all) experiments we have
> examined are performed via a web-based interface (i.e., a portal). As
> such, one can assume that proxies are created at login time, and that
> indeed data is owned by the remote scientist (the person conducting
> the experiment). However, I should add that proxy creation is again an
> implementation issue, seen (at least by myself) as an added layer to
> the functionality that we are trying to describe (this is the approach
> taken by most OGF groups, AFAIK). That is not to say that security and
> data ownership is not a relevant topic.
>
>> o If there is no user to create a proxy, is it foreseen to use the
>> host
>> certificate of the sensor? Is this actually technically possible? Is
>> this
>> permittet by the CAs CP/CPS?
>
> Again, this is an implementation issue, and I personally don't have
> specific understanding/opinion. About this, I would recommend
> contacting your local CA, or even the CAOPS group of the OGF.
>
>>
>> o Can a host certificate be a member of a VO?
>
> Again, your local CA, VOMS manager, or the CAOPS group might be more
> appropriate to answer this. I don't see why it cannot, but security is
> not my field.
>
> Best regards,
>
>  Costas
>
>>
>> Are there answers to these questions?
>>
>> Greetings from Karlsruhe,
>> -- 
>> M.
>> _______________________________________________
>> Risge-rg mailing list
>> Risge-rg at ogf.org
>> http://www.ogf.org/mailman/listinfo/risge-rg
>
> --
> Constantinos (Costas) Kotsokalis
> IT & Media Center
> Dortmund University of Technology
>
> _______________________________________________
> Risge-rg mailing list
> Risge-rg at ogf.org
> http://www.ogf.org/mailman/listinfo/risge-rg

-- 
Ioannis Liabotis
Grid Infrastructure Engineer
Greek Research and Technology Network (GRNET)
Mesogion Avenue 56, 4th Floor
GR-11527, Ampelokipi, Athens, Greece
Tel.:+30 210 7474248 Mob.: +30 6947241044
Fax.: +30 210 7474490
Email:iliaboti at grnet.gr WWW: http://www.grnet.gr




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3322 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/risge-rg/attachments/20080630/2a1ba6a2/attachment.bin