[security-area] Fwd: CFP: GGF-15 Workshop on Site Infrastructure for Multi-Site Grids

[Von Welch]

[Wrong address on first sending - Von]


Hello, this is to announce a workshop  GGF15 on leveraging site  
infrastructure for multi-site grids. This results from a number of us  
wanted to follow up on previous workshops and discussions and an I2  
workshop on how Grids could be taking better advantage of existing  
site infrastructure with a workshop to discussion issues more. Note  
that we currently have time on the agenda for more speakers if anyone  
has something to present (see end of announcement for details).

Please forward to others who would be interested. Thanks - Von


Announcement and Call for Participation
GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids
Tuesday, October 3rd @ GGF 15 in Boston (11am - 7:30pm)

Virtual organizations (VOs) need a variety of information services to  
provide their structure. For example, it is typical for a Grid to  
have a certificate authority to provide identity information, an  
attribute authority to provide information regarding the roles of  
their users and a resource directory that provides an enumeration of  
the resources available to the VO. When a VO spans a number of  
underlying organizations (as opposed to a Grid deployed at a single  
campus), the best practice today is for the VO to establish their own  
services to enable its day-to-day functioning. Deploying and  
operating these services in a security, reliable manner is non- 
trivial, especially for small to medium virtual organizations,  
particularly when one considers that these services have a number of  
security implications in terms of being consulted as part of  
authorization decisions by end resources.

However, there have been some steps in the Grid community to allow  
for these services to be provided by leveraging and federation the  
services already provided by the sites on which the VO is based. For  
example, Fermilab provides a Kerberos CA allowing other sites in a VO  
to base their Grid authentication on the Kerberos authentication  
infrastructure already deployed at Fermilab. And campus  
infrastructures are increasingly deploying outward-facing  
infrastructure such as Shibboleth, which has several initial efforts  
focusing on interoperability with existing Grid technologies (Condor  
and the Globus Toolkit).

In this workshop we will explore the how VOs spanning multiple sites  
can benefit from increased leveraging of the infrastructure of those  
sites. We will consider both traditional high-performance computing  
sites as well as other types of institutions such as academic  
campuses. We will also explore some of the challenges involved in  
this model, for example:

There are no ubiquitous standards for site authentication, attribute,  
directory, etc. infrastructure. This implies that we need translation  
mechanisms to achieve interoperability. What translation mechanisms  
exist today and how well to they work?

While some information that sites can provide, such as identifiers  
for authentication, is generic and can be easily consumed by a VO,  
the VO may need to define other structure, such as roles for its  
users, which is not something sites possess today. How can a VO  
define this information, while still using the site infrastructures  
to propagate it?

Many sites have privacy concerns regarding information about their  
users. How can sites share information with VOs while addressing  
these concerns?

The workshop plans to produce an informational document capturing the  
following:
List of current success stories for leveraging site infrastructure to  
form multi-site VOs;
Enumeration of existing tools, APIs, standards and technologies for  
leveraging site infrastructure;
Current barriers to leveraging of multiple site infrastructures by VOs.

Call for Participation:

There is still time on the agenda for several speakers. If you would  
like to make a presentation related to the above, please send a brief  
(1-2 paragraph) abstract to Von Welch vwelch at ncsa.uiuc.edu by  
September 9th. If accepted, full slides would be due by September 23rd.

Confirmed Speakers:
Ken Klingensten (Internet2) – Campus IT
Von Welch (NCSA) – Shibboleth and Globus
Jim Basney (NCSA) – MyProxy Integration with local Authentication
Tom Barton  (U. Chicago)– Signet and Grouper for Distributed  
Attribute Management
Arnie Miles (Georgetown U.) – Shibboleth and Condor

Workshop organizers:
Tom Barton, Jim Basney, Steven Carmody, Ken Klingensten, Arnie Miles,  
Frank Siebenlist, Von Welch.

For the latest agenda, please see:
http://www.ggf.org/GGF15/ggf_events_schedule_MultiSite.htm