[saga-rg] Re: comment on SAGA strawman doc.

Gregor von Laszewski gregor at mcs.anl.gov
Sat Jul 30 07:51:15 CDT 2005 

The one thing that you may want to include is an exception model that  
lets people know if the platform you run the command on supports the  
feature or not. This way you can decide if you like to use a resource  
or you can gather the minimal requirement for the resource.

For Java we have chosen the following approach:

Instead of doing this for each resource you can do it on an os basis  
for this case. So if you go to a windows filesystem. In the CoG kit  
we introduced the provider concept as part of the API. This means  
that you have a factory that returns pointers to the implementation.  
So when you instantiate the class you get the interface, but you also  
need a provider that puts "meat" in the class. this is real nice as  
you now can program against an interface, but the actual  
instantiation happens at runtime. I know this is Java and OO. Maybe  
something like this can be also done through dynamic classes in C.

On Jul 29, 2005, at 4:24 PM, John Shalf wrote:

> Yep,
> Gregor's proposal sounds good to me as well.  Lets stick with  
> "solved" problems (however they happen to be solved). :-)
>
> On Jul 29, 2005, at 1:27 PM, Andre Merzky wrote:
>
>> I agree with John: if the problem is basically unsolved,
>> we (SAGA-RG) should noty try to solve it.  We would do a bad
>> job at it anyway I guess.
>>
>> So Gregors proposal to stick to the (well understood) scheme
>> of Unix like owner/group/other permissions sounds pretty
>> good to me...
>>
>> My $0.02,
>>
>>   Andre.
>>
>>
>> Quoting [Gregor von Laszewski] (Jul 29 2005):
>>
>>>
>>> we have some rudimentary abstraction based on unix permissions in  
>>> the
>>> Java CoG Kit. If the server supports it we can change permissions
>>> from the client. This is available as part of Java CoG kit 4.  
>>> this is
>>> probably not the perfect solution but it could provide some input on
>>> how we have developed something that was useful to us.
>>>
>>> gregor
>>>
>>> On Jul 29, 2005, at 12:47 PM, John Shalf wrote:
>>>
>>>
>>>>
>>>> On Jul 27, 2005, at 2:37 AM, Thilo Kielmann wrote:
>>>>
>>>>
>>>>
>>>>> All,
>>>>>
>>>>>
>>>>>
>>>>>> since we have not approached ACLs yet, and since I am not
>>>>>> really knowladgable about security, I have no answer.
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>> if you issue a copy command and the source is not owned by  
>>>>>>> you but
>>>>>>> you have read permission (say through ACLs). and it is a
>>>>>>> recursive copy;
>>>>>>> how do you propagate permission information to the target? do
>>>>>>> you make
>>>>>>> everything owned by the person whe issues the copy (which may be
>>>>>>> a service!)
>>>>>>> or do you copy the ACLs and the permissions along with the file
>>>>>>> (ie metadata
>>>>>>> copy)? how do you make sure that the same users exist then on
>>>>>>> the target
>>>>>>> site?
>>>>>>>
>>>>>>>
>>>>>
>>>>> IMHO, there is only one sensible solution: the new owner of the  
>>>>> copy
>>>>> determines access control to the newly created file. That  
>>>>> should be a
>>>>> policy decision local to the target site.
>>>>>
>>>>> However, controling this from the SAGA API may be 'interesting'.
>>>>> So, should there be some kind of property determining access  
>>>>> control
>>>>> for files and directories to be created?
>>>>> (I am afraid, we are stressing the "S" for simplicity if we are
>>>>> working towards a comprehensive solution...)
>>>>>
>>>>> Any thoughts?
>>>>>
>>>>>
>>>>
>>>> My current thought on this is that file permissions management is a
>>>> serious problem and it is quite unfortunate that it has been mostly
>>>> overlooked in much of the current grid middleware.  I can move
>>>> files, but I can't use the same interface that I used to move the
>>>> files around to manage the permissions on said files.  Its
>>>> something that I've complained about for years to no avail.  This
>>>> deficiency has led to a number of significant problems in many
>>>> collaboratory projects, but I haven't seen it adequately addressed
>>>> by any "completed" or "deployed" standard as of yet.  Am I missing
>>>> something or is there a group that is working on solving this
>>>> problem as I speak? (I don't know because DOE doesn't let me go to
>>>> grid meetings anymore)
>>>>
>>>> So getting back to SAGA, while I think that permissions management
>>>> is an important and oft-neglected aspect of distributed file access
>>>> middleware, I don't actually see any "standard" solutions to the
>>>> problem.  Since SAGA is supposed to be an API standardization
>>>> rather than trying to write a "new grid" or fix any deficiencies in
>>>> current middleware, the proper approach is to not attempt to
>>>> address this issue until we see more middleware implementations
>>>> that actually implement this feature.  For the time being, its
>>>> probably best to use the convention that Thilo mentions above
>>>> because its pretty much what we are doing currently with grid file
>>>> movers.  This is kind of sad as far as solutions are concerned, but
>>>> its probably good to set aside standardization of features in SAGA
>>>> that are not already apparent in mainstream grid software
>>>> implementations.
>>>>
>>>> -john
>>>>
>>>>
>>>>
>>
>>
>>
>> -- 
>> +-----------------------------------------------------------------+
>> | Andre Merzky                      | phon: +31 - 20 - 598 - 7759 |
>> | Vrije Universiteit Amsterdam (VU) | fax : +31 - 20 - 598 - 7653 |
>> | Dept. of Computer Science         | mail: merzky at cs.vu.nl       |
>> | De Boelelaan 1083a                | www:  http://www.merzky.net |
>> | 1081 HV Amsterdam, Netherlands    |                             |
>> +-----------------------------------------------------------------+
>>
>>
>
>

More information about the saga-rg mailing list