Speaker
G. Carcassi
(BROOKHAVEN NATIONAL LABORATORY)
Description
We present a work-in-progress system, called GUMS, which automates
the processes of Grid user registration and management and supports
policy-aware authorization at well. GUMS builds on existing VO
management tools (LDAP VO, VOMS and VOMRS) with a local grid user
management system and a site database which stores user credentials,
accounting history and policies in XML format. We use VOMRS, being
developed by Fermilab, to collect user information and register
legitimate users into the VOMS server.
Our local grid user management system jointly retrieves user
information and VO policies from multiple VO databases based on site
security policies. Authorization can be done by mapping the user's
credential to local accounts. Four different mapping schemes have
been implemented: user's existing account, recyclable pool account,
non-recyclable pool account and group shared account. The mapping
selection is determined by the type of target resource and its usage
policies. We already deployed our automatic grid mapfile generators
on the BNL Grid Gatekeeper, GridFtp server and HPSS mass storage
system. Work is in progress to enable ``single-sign-on''
based upon X509 certificate credential for job execution and access
to both disk and tape storage resources.
Primary authors
D. Yu
(BROOKHAVEN NATIONAL LABORATORY)
G. Carcassi
(BROOKHAVEN NATIONAL LABORATORY)
G. Smith
(BROOKHAVEN NATIONAL LABORATORY)
J. Smith
(BROOKHAVEN NATIONAL LABORATORY)
J. Spiletic
(BROOKHAVEN NATIONAL LABORATORY)
T. Carter
(BROOKHAVEN NATIONAL LABORATORY)
T. Wlodek
(BROOKHAVEN NATIONAL LABORATORY)
X. Zhao
(BROOKHAVEN NATIONAL LABORATORY)
Z. Liu
(BROOKHAVEN NATIONAL LABORATORY)
