[security-area] Fwd: CFP: GGF-15 Workshop on Site Infrastructure for Multi-Site Grids
Von Welch
vwelch at ncsa.uiuc.edu
Thu Sep 1 14:31:01 CDT 2005
[Wrong address on first sending - Von]
Hello, this is to announce a workshop GGF15 on leveraging site
infrastructure for multi-site grids. This results from a number of us
wanted to follow up on previous workshops and discussions and an I2
workshop on how Grids could be taking better advantage of existing
site infrastructure with a workshop to discussion issues more. Note
that we currently have time on the agenda for more speakers if anyone
has something to present (see end of announcement for details).
Please forward to others who would be interested. Thanks - Von
Announcement and Call for Participation
GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids
Tuesday, October 3rd @ GGF 15 in Boston (11am - 7:30pm)
Virtual organizations (VOs) need a variety of information services to
provide their structure. For example, it is typical for a Grid to
have a certificate authority to provide identity information, an
attribute authority to provide information regarding the roles of
their users and a resource directory that provides an enumeration of
the resources available to the VO. When a VO spans a number of
underlying organizations (as opposed to a Grid deployed at a single
campus), the best practice today is for the VO to establish their own
services to enable its day-to-day functioning. Deploying and
operating these services in a security, reliable manner is non-
trivial, especially for small to medium virtual organizations,
particularly when one considers that these services have a number of
security implications in terms of being consulted as part of
authorization decisions by end resources.
However, there have been some steps in the Grid community to allow
for these services to be provided by leveraging and federation the
services already provided by the sites on which the VO is based. For
example, Fermilab provides a Kerberos CA allowing other sites in a VO
to base their Grid authentication on the Kerberos authentication
infrastructure already deployed at Fermilab. And campus
infrastructures are increasingly deploying outward-facing
infrastructure such as Shibboleth, which has several initial efforts
focusing on interoperability with existing Grid technologies (Condor
and the Globus Toolkit).
In this workshop we will explore the how VOs spanning multiple sites
can benefit from increased leveraging of the infrastructure of those
sites. We will consider both traditional high-performance computing
sites as well as other types of institutions such as academic
campuses. We will also explore some of the challenges involved in
this model, for example:
There are no ubiquitous standards for site authentication, attribute,
directory, etc. infrastructure. This implies that we need translation
mechanisms to achieve interoperability. What translation mechanisms
exist today and how well to they work?
While some information that sites can provide, such as identifiers
for authentication, is generic and can be easily consumed by a VO,
the VO may need to define other structure, such as roles for its
users, which is not something sites possess today. How can a VO
define this information, while still using the site infrastructures
to propagate it?
Many sites have privacy concerns regarding information about their
users. How can sites share information with VOs while addressing
these concerns?
The workshop plans to produce an informational document capturing the
following:
List of current success stories for leveraging site infrastructure to
form multi-site VOs;
Enumeration of existing tools, APIs, standards and technologies for
leveraging site infrastructure;
Current barriers to leveraging of multiple site infrastructures by VOs.
Call for Participation:
There is still time on the agenda for several speakers. If you would
like to make a presentation related to the above, please send a brief
(1-2 paragraph) abstract to Von Welch vwelch at ncsa.uiuc.edu by
September 9th. If accepted, full slides would be due by September 23rd.
Confirmed Speakers:
Ken Klingensten (Internet2) – Campus IT
Von Welch (NCSA) – Shibboleth and Globus
Jim Basney (NCSA) – MyProxy Integration with local Authentication
Tom Barton (U. Chicago)– Signet and Grouper for Distributed
Attribute Management
Arnie Miles (Georgetown U.) – Shibboleth and Condor
Workshop organizers:
Tom Barton, Jim Basney, Steven Carmody, Ken Klingensten, Arnie Miles,
Frank Siebenlist, Von Welch.
For the latest agenda, please see:
http://www.ggf.org/GGF15/ggf_events_schedule_MultiSite.htm
More information about the security-area
mailing list