Privilege Project Vikram Andem

Download as PPT, PDF

•0 likes•1,119 views

The document summarizes a presentation given at the MWSG Meeting at Stanford Linear Accelerator Laboratory on June 5-6, 2006. The presentation discusses the Privilege Project, including its goals of delivering finer-grained authorization of processing resources, key achievements in deploying the authorization infrastructure, and current and future plans such as simplifying the architecture and extending privilege enforcement to network management.

Technology Education

MWSG Meeting, Stanford Linear Accelerator Laboratory

Privilege Project
Recent Updates

MWSG Meeting
June 5-6, 2006
Stanford Linear Accelerator Laboratory

Vikram Reddy Andem

1
Vikram Reddy Andem, Fermilab

Privilege Management

June 06, 2006

MWSG Meeting, Stanford Linear Accelerator Laboratory

Where does Privilege fit in Grid Services

Privilege
Infrastructure
Naturally fits
Here.

2
Vikram Reddy Andem, Fermilab

Privilege Management

June 06, 2006

MWSG Meeting, Stanford Linear Accelerator Laboratory

Project Goals

The primary goal of the project was to deliver the execution call-out for
finer-grained authorization of processing resources

3
Vikram Reddy Andem, Fermilab

Privilege Management

June 06, 2006

MWSG Meeting, Stanford Linear Accelerator Laboratory

Privilege Architecture – Compute Element

Proposed architecture (Dane Skow, Markus Lorch, Ian Fisk) 04//2004

Vikram Reddy Andem, Fermilab

Privilege Management

4
June 06, 2006

MWSG Meeting, Stanford Linear Accelerator Laboratory

Privilege Architecture (continued)

VOMS

Execution site
Compute Element

Gatekeeper
GRAM
gridFTP

PRIMA

SAZ
site
GUMS
Server

Storage Element

SRM/
dCache

gPLAZMA

Storage
Authorization
Service

5
Vikram Reddy Andem, Fermilab

Privilege Management

June 06, 2006

MWSG Meeting, Stanford Linear Accelerator Laboratory

Project Achievements
• Privilege has delivered an infrastructure that has been deployed on OSG
- The authorization system has been deployed on all CMS-T2 centers, the T1
at FNAL, FermiGrid, BNL, etc.
- CMS and ATLAS have defined roles that can be implemented within VOMS
- VOMS extended proxy is parsed by the callout and given to GUMS for
authentication

• The release for the pre-web service globus-gatekeeper callout is stable
- Relatively light operations support
- A couple of tickets a month, so far rapidly solved

6
Vikram Reddy Andem, Fermilab

Privilege Management

June 06, 2006

MWSG Meeting, Stanford Linear Accelerator Laboratory

Recent Advances and News
• Prima Web services callout for GT4 has been developed and is currently
distributed with VDT 1.3.9
• Prima 64-bit callout version has been developed and is currently distributed
with VDT 1.3.9
• As a part of the Policy, Publication and Trust Project we delivered
- VO Policy Template for Open Science Grid
- Site Policy Template for Open Science Grid

• Transition of Privilege Project leadership (Gabriele Garzoglio)
- gPLAZMA (Abhishek Rana, UCSD / Ted Hesselroth, FNAL)
- GUMS (John Hover, BNL)
- PRIMA (Vikram Andem)
- SAZ (Valery Sergeev, FNAL)
- SRM/d-Cache (DESY/FNAL teams)
- VOMS (INFN team, Italy)
• Working with Igor Sfiligoi (INFN) on Glexec SAML callout to GUMS
7
Vikram Reddy Andem, Fermilab

Privilege Management

June 06, 2006

MWSG Meeting, Stanford Linear Accelerator Laboratory

Current Activities
• Support PRIMA and GUMS code for 32/64 bits for GT2 and GT4 for
CMS T1&2 + OSG VO (best effort) (50% Vikram)
• Deploy and support gPlazma infrastructure for CMS Tier 1&2
(important for SRM v2 deployment) (50% Ted for 3 mo)

• Fix GUMS memory management problems
(John Hover et al.: up to .5 FTE for 3 weeks)

• Stress test of the GT4 PRIMA call-out

(John W.: 5 FTE days)

• Integration of gLexec with Privilege (8.5 FTE weeks)
• Integrate GUMS with a monitoring/alarm infrastructure

(.2 FTE/2 mo)
8

Vikram Reddy Andem, Fermilab

Privilege Management

June 06, 2006

MWSG Meeting, Stanford Linear Accelerator Laboratory

Future Plans – Ideas ?

• Simplify / Aggregate architecture
- Update communication protocols (from extended SAML v1.1 to SAML v2.0)
- Improve PRIMA build process

• Publication of role-based privilege policy (with EGEE)
• Extend privilege enforcing to network management
• Long term directions
- Investigate direct DN rights enforcement (no UID mapping)
- Integrate Privilege Project with Policy Discovery Services

9
Vikram Reddy Andem, Fermilab

Privilege Management

June 06, 2006

MWSG Meeting, Stanford Linear Accelerator Laboratory

Questions ?

10
Vikram Reddy Andem, Fermilab

Privilege Management

June 06, 2006

More Related Content

Similar to Privilege Project Vikram Andem (20)

PPTX

The Pacific Research PlatformLarry Smarr

PDF

Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...Safe Software

PDF

Geospatial Synergy: Amplifying Efficiency with FME & EsriSafe Software

PDF

Join the Java Evolution Portland OregonHeather VanCura

PPTX

Esri ArcGIS FederalHarsh Prakash (AWS, Azure, Security+, Agile, PMP, GISP)

PDF

Fast radio follow-up of GRBsTim Staley

PPT

OGCE Review for Indiana University Research Technologiesmarpierc

PPT

OGCE RT Rroject Reviewmarpierc

PPTX

Indiana University's Advanced Science Gateway Supportmarpierc

PPT

Systems Engineering Update - Dr. Ron SegaINCOSE Colorado Front Range Chapter

PDF

awards competences talksStefano Colafranceschi

PPT

六合彩,香港六合彩bwsibh

PPT

香港六合彩 » SlideShareirglygks

PPT

香港六合彩vbmlrn

PPT

香港六合彩dsageg

PPT

六合彩-香港六合彩dscvsj

PPT

香港六合彩|六合彩twieat

PDF

Join the Java Evolution Columbus OhioHeather VanCura

PDF

F1041028_George_Chen_Resume_9_with_Publications_TrainingWei-Su Chen

PDF

BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...Big Data Week

The Pacific Research PlatformLarry Smarr

Geospatial Synergy: Amplifying Efficiency with FME & Esri ft. Peak Guest Spea...Safe Software

Geospatial Synergy: Amplifying Efficiency with FME & EsriSafe Software

Join the Java Evolution Portland OregonHeather VanCura

Esri ArcGIS FederalHarsh Prakash (AWS, Azure, Security+, Agile, PMP, GISP)

Fast radio follow-up of GRBsTim Staley

OGCE Review for Indiana University Research Technologiesmarpierc

OGCE RT Rroject Reviewmarpierc

Indiana University's Advanced Science Gateway Supportmarpierc

Systems Engineering Update - Dr. Ron SegaINCOSE Colorado Front Range Chapter

awards competences talksStefano Colafranceschi

六合彩,香港六合彩bwsibh

香港六合彩 » SlideShareirglygks

香港六合彩vbmlrn

香港六合彩dsageg

六合彩-香港六合彩dscvsj

香港六合彩|六合彩twieat

Join the Java Evolution Columbus OhioHeather VanCura

F1041028_George_Chen_Resume_9_with_Publications_TrainingWei-Su Chen

BDW16 London - Ingrid Funie, Imperial College London - Machine Learning and F...Big Data Week

More from Information Security Awareness Group (20)

PDF

Big data analysis concepts and referencesInformation Security Awareness Group

PPT

PKI by Tim PolkInformation Security Awareness Group

PPT

Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...Information Security Awareness Group

PPT

Pki by Steve LambInformation Security Awareness Group

PPT

PKI by Gene ItkisInformation Security Awareness Group

PPT

Introduction to distributed security concepts and public key infrastructure m...Information Security Awareness Group

PDF

OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...Information Security Awareness Group

PDF

Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...Information Security Awareness Group

PDF

THE OPEN SCIENCE GRID Ruth PordesInformation Security Awareness Group

PPT

Open Science Grid security-atlas-t2 Bob CowlesInformation Security Awareness Group

PPT

Security Open Science Grid Doug OlsonInformation Security Awareness Group

PPTX

Open Science Group Security Kevin HillInformation Security Awareness Group

PDF

Xrootd proxies Andrew HanushevskyInformation Security Awareness Group

PPT

DES Block Cipher Hao QiInformation Security Awareness Group

PPT

Cache based side_channel_attacks Anestis BechtsoudisInformation Security Awareness Group

PDF

Rakesh kumar srirangamInformation Security Awareness Group

PPT

Digital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun LiInformation Security Awareness Group

PPT

Proxy cryptography Anca-Andreea Ivan , Yevgeniy DodisInformation Security Awareness Group

PPT

Quan nguyen symmetric versus asymmetric cryptographyInformation Security Awareness Group

PPT

Elliptic curvecryptography Shane Almeida Saqib Awan Dan PalacioInformation Security Awareness Group

Big data analysis concepts and referencesInformation Security Awareness Group

PKI by Tim PolkInformation Security Awareness Group

Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...Information Security Awareness Group

Pki by Steve LambInformation Security Awareness Group

PKI by Gene ItkisInformation Security Awareness Group

Introduction to distributed security concepts and public key infrastructure m...Information Security Awareness Group

OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...Information Security Awareness Group

Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...Information Security Awareness Group

THE OPEN SCIENCE GRID Ruth PordesInformation Security Awareness Group

Open Science Grid security-atlas-t2 Bob CowlesInformation Security Awareness Group

Security Open Science Grid Doug OlsonInformation Security Awareness Group

Open Science Group Security Kevin HillInformation Security Awareness Group

Xrootd proxies Andrew HanushevskyInformation Security Awareness Group

DES Block Cipher Hao QiInformation Security Awareness Group

Cache based side_channel_attacks Anestis BechtsoudisInformation Security Awareness Group

Rakesh kumar srirangamInformation Security Awareness Group

Digital Signature Algorithm Der-Chyuan Lou, Jiang Lung Liu, Chang-Tsun LiInformation Security Awareness Group

Proxy cryptography Anca-Andreea Ivan , Yevgeniy DodisInformation Security Awareness Group

Quan nguyen symmetric versus asymmetric cryptographyInformation Security Awareness Group

Elliptic curvecryptography Shane Almeida Saqib Awan Dan PalacioInformation Security Awareness Group

Recently uploaded (20)

PDF

Economic Impact of Data Centres to the Malaysian Economyflintglobalapac

PPTX

Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...AgileNetwork

PDF

Make GenAI investments go further with the Dell AI FactoryPrincipled Technologies

PPTX

Applied-Statistics-Mastering-Data-Driven-Decisions.pptxparmaryashparmaryash

PDF

State-Dependent Conformal Perception Bounds for Neuro-Symbolic VerificationIvan Ruchkin

PPTX

Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...AndreeaTom

PPTX

cloud computing vai.pptx for the projectvaibhavdobariyal79

PDF

MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdfNeo4j

PPTX

IT Runs Better with ThousandEyes AI-driven AssuranceThousandEyes

PPTX

What-is-the-World-Wide-Web -- Introductiontonifi9488

PPTX

Agentic AI in Healthcare Driving the Next Wave of Digital Transformationdanielle hunter

PDF

Researching The Best Chat SDK Providers in 2025Ray Fields

PPTX

AI in Daily Life: How Artificial Intelligence Helps Us Every Dayvanshrpatil7

PDF

How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdfStryv Solutions Pvt. Ltd.

PPTX

AVL ( audio, visuals or led ), technology.Rajeshwri Panchal

PPTX

The Future of AI & Machine Learning.pptxpritsen4700

PDF

How Open Source Changed My Career by abdelrahman ismaila0m0rajab1

PDF

GDG Cloud Munich - Intro - Luiz Carneiro - #BuildWithAI - July - Abdel.pdfLuiz Carneiro

PDF

TrustArc Webinar - Navigating Data Privacy in LATAM: Laws, Trends, and Compli...TrustArc

PPTX

Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...AgileNetwork

Economic Impact of Data Centres to the Malaysian Economyflintglobalapac

Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...AgileNetwork

Make GenAI investments go further with the Dell AI FactoryPrincipled Technologies

Applied-Statistics-Mastering-Data-Driven-Decisions.pptxparmaryashparmaryash

State-Dependent Conformal Perception Bounds for Neuro-Symbolic VerificationIvan Ruchkin

Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...AndreeaTom

cloud computing vai.pptx for the projectvaibhavdobariyal79

MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdfNeo4j

IT Runs Better with ThousandEyes AI-driven AssuranceThousandEyes

What-is-the-World-Wide-Web -- Introductiontonifi9488

Agentic AI in Healthcare Driving the Next Wave of Digital Transformationdanielle hunter

Researching The Best Chat SDK Providers in 2025Ray Fields

AI in Daily Life: How Artificial Intelligence Helps Us Every Dayvanshrpatil7

How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdfStryv Solutions Pvt. Ltd.

AVL ( audio, visuals or led ), technology.Rajeshwri Panchal

The Future of AI & Machine Learning.pptxpritsen4700

How Open Source Changed My Career by abdelrahman ismaila0m0rajab1

GDG Cloud Munich - Intro - Luiz Carneiro - #BuildWithAI - July - Abdel.pdfLuiz Carneiro

TrustArc Webinar - Navigating Data Privacy in LATAM: Laws, Trends, and Compli...TrustArc

Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...AgileNetwork

Privilege Project Vikram Andem

1. MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Project Recent Updates MWSG Meeting June 5-6, 2006 Stanford Linear Accelerator Laboratory Vikram Reddy Andem 1 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

2. MWSG Meeting, Stanford Linear Accelerator Laboratory Where does Privilege fit in Grid Services Privilege Infrastructure Naturally fits Here. 2 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

3. MWSG Meeting, Stanford Linear Accelerator Laboratory Project Goals The primary goal of the project was to deliver the execution call-out for finer-grained authorization of processing resources 3 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

4. MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Architecture – Compute Element Proposed architecture (Dane Skow, Markus Lorch, Ian Fisk) 04//2004 Vikram Reddy Andem, Fermilab Privilege Management 4 June 06, 2006

5. MWSG Meeting, Stanford Linear Accelerator Laboratory Privilege Architecture (continued) VOMS Execution site Compute Element Gatekeeper GRAM gridFTP PRIMA SAZ site GUMS Server Storage Element SRM/ dCache gPLAZMA Storage Authorization Service 5 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

6. MWSG Meeting, Stanford Linear Accelerator Laboratory Project Achievements • Privilege has delivered an infrastructure that has been deployed on OSG - The authorization system has been deployed on all CMS-T2 centers, the T1 at FNAL, FermiGrid, BNL, etc. - CMS and ATLAS have defined roles that can be implemented within VOMS - VOMS extended proxy is parsed by the callout and given to GUMS for authentication • The release for the pre-web service globus-gatekeeper callout is stable - Relatively light operations support - A couple of tickets a month, so far rapidly solved 6 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

7. MWSG Meeting, Stanford Linear Accelerator Laboratory Recent Advances and News • Prima Web services callout for GT4 has been developed and is currently distributed with VDT 1.3.9 • Prima 64-bit callout version has been developed and is currently distributed with VDT 1.3.9 • As a part of the Policy, Publication and Trust Project we delivered - VO Policy Template for Open Science Grid - Site Policy Template for Open Science Grid • Transition of Privilege Project leadership (Gabriele Garzoglio) - gPLAZMA (Abhishek Rana, UCSD / Ted Hesselroth, FNAL) - GUMS (John Hover, BNL) - PRIMA (Vikram Andem) - SAZ (Valery Sergeev, FNAL) - SRM/d-Cache (DESY/FNAL teams) - VOMS (INFN team, Italy) • Working with Igor Sfiligoi (INFN) on Glexec SAML callout to GUMS 7 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

8. MWSG Meeting, Stanford Linear Accelerator Laboratory Current Activities • Support PRIMA and GUMS code for 32/64 bits for GT2 and GT4 for CMS T1&2 + OSG VO (best effort) (50% Vikram) • Deploy and support gPlazma infrastructure for CMS Tier 1&2 (important for SRM v2 deployment) (50% Ted for 3 mo) • Fix GUMS memory management problems (John Hover et al.: up to .5 FTE for 3 weeks) • Stress test of the GT4 PRIMA call-out (John W.: 5 FTE days) • Integration of gLexec with Privilege (8.5 FTE weeks) • Integrate GUMS with a monitoring/alarm infrastructure (.2 FTE/2 mo) 8 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

9. MWSG Meeting, Stanford Linear Accelerator Laboratory Future Plans – Ideas ? • Simplify / Aggregate architecture - Update communication protocols (from extended SAML v1.1 to SAML v2.0) - Improve PRIMA build process • Publication of role-based privilege policy (with EGEE) • Extend privilege enforcing to network management • Long term directions - Investigate direct DN rights enforcement (no UID mapping) - Integrate Privilege Project with Policy Discovery Services 9 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006

10. MWSG Meeting, Stanford Linear Accelerator Laboratory Questions ? 10 Vikram Reddy Andem, Fermilab Privilege Management June 06, 2006