M. Branco (CERN)
In a resource-sharing environment on the grid both grid users and grid production managers call for security and data protection from unauthorized access. To secure data management several novel grid technologies were introduced in ATLAS data management. Our presentation will review new grid technologies introduced in HEP production environment for database access through the Grid Security Infrastructure (GSI): secure GSI channel mechanisms for database services delivery for reconstruction on grid clusters behind closed firewalls; grid certificate authorization technologies for production database access control and scalable locking technologies for the chaotic 'on-demand' production mode. We address the separation of file transfer process from the file catalog interaction process (file location registration, file medadata querying, etc.), database transactions capturing data integrity and the high availability fault-tolerant database solutions for the core data management tasks. We discuss the complementarities of the security model for the online and the offline computing environments; best practices (and realities) of the database users' roles: administrators, developers, data writers, data replicators and data readers, need for elimination of the clear-text passwords; stateless and stateful protocols for the binary data transfers over secure grid data transport channels in heterogeneous grids. We present the security policies and technologies integrated in the ATLAS Production Data Management System - Don Quijote (GSI-enabled services oriented architecture, GSI proxy certificate delegation) and approaches for seamless integration of Don Quijote with POOL event collections and tag databases - while making the system non-intrusive to end-users.