[saga-rg] Re: comment on SAGA strawman doc.
Andre Merzky
andre at merzky.net
Fri Jul 29 15:27:03 CDT 2005
I agree with John: if the problem is basically unsolved,
we (SAGA-RG) should noty try to solve it. We would do a bad
job at it anyway I guess.
So Gregors proposal to stick to the (well understood) scheme
of Unix like owner/group/other permissions sounds pretty
good to me...
My $0.02,
Andre.
Quoting [Gregor von Laszewski] (Jul 29 2005):
>
> we have some rudimentary abstraction based on unix permissions in the
> Java CoG Kit. If the server supports it we can change permissions
> from the client. This is available as part of Java CoG kit 4. this is
> probably not the perfect solution but it could provide some input on
> how we have developed something that was useful to us.
>
> gregor
>
> On Jul 29, 2005, at 12:47 PM, John Shalf wrote:
>
> >
> >On Jul 27, 2005, at 2:37 AM, Thilo Kielmann wrote:
> >
> >
> >>All,
> >>
> >>
> >>>since we have not approached ACLs yet, and since I am not
> >>>really knowladgable about security, I have no answer.
> >>>
> >>
> >>
> >>>>if you issue a copy command and the source is not owned by you but
> >>>>you have read permission (say through ACLs). and it is a
> >>>>recursive copy;
> >>>>how do you propagate permission information to the target? do
> >>>>you make
> >>>>everything owned by the person whe issues the copy (which may be
> >>>>a service!)
> >>>>or do you copy the ACLs and the permissions along with the file
> >>>>(ie metadata
> >>>>copy)? how do you make sure that the same users exist then on
> >>>>the target
> >>>>site?
> >>>>
> >>
> >>IMHO, there is only one sensible solution: the new owner of the copy
> >>determines access control to the newly created file. That should be a
> >>policy decision local to the target site.
> >>
> >>However, controling this from the SAGA API may be 'interesting'.
> >>So, should there be some kind of property determining access control
> >>for files and directories to be created?
> >>(I am afraid, we are stressing the "S" for simplicity if we are
> >>working towards a comprehensive solution...)
> >>
> >>Any thoughts?
> >>
> >
> >My current thought on this is that file permissions management is a
> >serious problem and it is quite unfortunate that it has been mostly
> >overlooked in much of the current grid middleware. I can move
> >files, but I can't use the same interface that I used to move the
> >files around to manage the permissions on said files. Its
> >something that I've complained about for years to no avail. This
> >deficiency has led to a number of significant problems in many
> >collaboratory projects, but I haven't seen it adequately addressed
> >by any "completed" or "deployed" standard as of yet. Am I missing
> >something or is there a group that is working on solving this
> >problem as I speak? (I don't know because DOE doesn't let me go to
> >grid meetings anymore)
> >
> >So getting back to SAGA, while I think that permissions management
> >is an important and oft-neglected aspect of distributed file access
> >middleware, I don't actually see any "standard" solutions to the
> >problem. Since SAGA is supposed to be an API standardization
> >rather than trying to write a "new grid" or fix any deficiencies in
> >current middleware, the proper approach is to not attempt to
> >address this issue until we see more middleware implementations
> >that actually implement this feature. For the time being, its
> >probably best to use the convention that Thilo mentions above
> >because its pretty much what we are doing currently with grid file
> >movers. This is kind of sad as far as solutions are concerned, but
> >its probably good to set aside standardization of features in SAGA
> >that are not already apparent in mainstream grid software
> >implementations.
> >
> >-john
> >
> >
--
+-----------------------------------------------------------------+
| Andre Merzky | phon: +31 - 20 - 598 - 7759 |
| Vrije Universiteit Amsterdam (VU) | fax : +31 - 20 - 598 - 7653 |
| Dept. of Computer Science | mail: merzky at cs.vu.nl |
| De Boelelaan 1083a | www: http://www.merzky.net |
| 1081 HV Amsterdam, Netherlands | |
+-----------------------------------------------------------------+
More information about the saga-rg
mailing list