[saga-rg] Re: comment on SAGA strawman doc.

Gregor von Laszewski gregor at mcs.anl.gov
Sat Jul 30 07:53:05 CDT 2005 

Also mind the "S" in saga ;-)

On Jul 29, 2005, at 3:27 PM, Andre Merzky wrote:

> I agree with John: if the problem is basically unsolved,
> we (SAGA-RG) should noty try to solve it.  We would do a bad
> job at it anyway I guess.
>
> So Gregors proposal to stick to the (well understood) scheme
> of Unix like owner/group/other permissions sounds pretty
> good to me...
>
> My $0.02,
>
>   Andre.
>
>
> Quoting [Gregor von Laszewski] (Jul 29 2005):
>
>>
>> we have some rudimentary abstraction based on unix permissions in the
>> Java CoG Kit. If the server supports it we can change permissions
>> from the client. This is available as part of Java CoG kit 4. this is
>> probably not the perfect solution but it could provide some input on
>> how we have developed something that was useful to us.
>>
>> gregor
>>
>> On Jul 29, 2005, at 12:47 PM, John Shalf wrote:
>>
>>
>>>
>>> On Jul 27, 2005, at 2:37 AM, Thilo Kielmann wrote:
>>>
>>>
>>>
>>>> All,
>>>>
>>>>
>>>>
>>>>> since we have not approached ACLs yet, and since I am not
>>>>> really knowladgable about security, I have no answer.
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>>> if you issue a copy command and the source is not owned by you  
>>>>>> but
>>>>>> you have read permission (say through ACLs). and it is a
>>>>>> recursive copy;
>>>>>> how do you propagate permission information to the target? do
>>>>>> you make
>>>>>> everything owned by the person whe issues the copy (which may be
>>>>>> a service!)
>>>>>> or do you copy the ACLs and the permissions along with the file
>>>>>> (ie metadata
>>>>>> copy)? how do you make sure that the same users exist then on
>>>>>> the target
>>>>>> site?
>>>>>>
>>>>>>
>>>>
>>>> IMHO, there is only one sensible solution: the new owner of the  
>>>> copy
>>>> determines access control to the newly created file. That should  
>>>> be a
>>>> policy decision local to the target site.
>>>>
>>>> However, controling this from the SAGA API may be 'interesting'.
>>>> So, should there be some kind of property determining access  
>>>> control
>>>> for files and directories to be created?
>>>> (I am afraid, we are stressing the "S" for simplicity if we are
>>>> working towards a comprehensive solution...)
>>>>
>>>> Any thoughts?
>>>>
>>>>
>>>
>>> My current thought on this is that file permissions management is a
>>> serious problem and it is quite unfortunate that it has been mostly
>>> overlooked in much of the current grid middleware.  I can move
>>> files, but I can't use the same interface that I used to move the
>>> files around to manage the permissions on said files.  Its
>>> something that I've complained about for years to no avail.  This
>>> deficiency has led to a number of significant problems in many
>>> collaboratory projects, but I haven't seen it adequately addressed
>>> by any "completed" or "deployed" standard as of yet.  Am I missing
>>> something or is there a group that is working on solving this
>>> problem as I speak? (I don't know because DOE doesn't let me go to
>>> grid meetings anymore)
>>>
>>> So getting back to SAGA, while I think that permissions management
>>> is an important and oft-neglected aspect of distributed file access
>>> middleware, I don't actually see any "standard" solutions to the
>>> problem.  Since SAGA is supposed to be an API standardization
>>> rather than trying to write a "new grid" or fix any deficiencies in
>>> current middleware, the proper approach is to not attempt to
>>> address this issue until we see more middleware implementations
>>> that actually implement this feature.  For the time being, its
>>> probably best to use the convention that Thilo mentions above
>>> because its pretty much what we are doing currently with grid file
>>> movers.  This is kind of sad as far as solutions are concerned, but
>>> its probably good to set aside standardization of features in SAGA
>>> that are not already apparent in mainstream grid software
>>> implementations.
>>>
>>> -john
>>>
>>>
>>>
>
>
>
> -- 
> +-----------------------------------------------------------------+
> | Andre Merzky                      | phon: +31 - 20 - 598 - 7759 |
> | Vrije Universiteit Amsterdam (VU) | fax : +31 - 20 - 598 - 7653 |
> | Dept. of Computer Science         | mail: merzky at cs.vu.nl       |
> | De Boelelaan 1083a                | www:  http://www.merzky.net |
> | 1081 HV Amsterdam, Netherlands    |                             |
> +-----------------------------------------------------------------+
>
>

More information about the saga-rg mailing list