Speaker
M. Branco
(CERN)
Description
In a resource-sharing environment on the grid both grid users and grid
production managers call for security and data protection from
unauthorized access. To secure data management several novel grid
technologies were introduced in ATLAS data management. Our presentation
will review new grid technologies introduced in HEP production environment
for database access through the Grid Security Infrastructure (GSI): secure
GSI channel mechanisms for database services delivery for reconstruction
on grid clusters behind closed firewalls; grid certificate authorization
technologies for production database access control and scalable locking
technologies for the chaotic 'on-demand' production mode. We address the
separation of file transfer process from the file catalog interaction
process (file location registration, file medadata querying, etc.),
database transactions capturing data integrity and the high availability
fault-tolerant database solutions for the core data management tasks. We
discuss the complementarities of the security model for the online and the
offline computing environments; best practices (and realities) of the
database users' roles: administrators, developers, data writers, data
replicators and data readers, need for elimination of the clear-text
passwords; stateless and stateful protocols for the binary data transfers
over secure grid data transport channels in heterogeneous grids. We
present the security policies and technologies integrated in the ATLAS
Production Data Management System - Don Quijote (GSI-enabled services
oriented architecture, GSI proxy certificate delegation) and approaches
for seamless integration of Don Quijote with POOL event collections and
tag databases - while making the system non-intrusive to end-users.
