21-27 March 2009
Prague
Europe/Prague timezone

Authentication and authorisation in CMS' monitoring and computing web services

23 Mar 2009, 08:00
1h
Prague

Prague

Prague Congress Centre 5. května 65, 140 00 Prague 4, Czech Republic
Board: Monday 071
poster Distributed Processing and Analysis Poster session

Speaker

Lassi Tuura (Northeastern University)

Description

The CMS experiment at the Large Hadron Collider has deployed numerous web-based services in order to serve the collaboration effectively. We present the two-phase authentication and authorisation system in use in the data quality and computing monitoring services, and in the data- and workload management services. We describe our techniques intended to provide a high level of security with minimum harassment, and how we have applied a role-based authorisation model to a variety of services depending on the task and the strength of the authentication. We discuss the experience of implementing authentication at front-end servers separate from application servers, and challenges authenticating both humans and programs effectively. We describe our maintenance procedures and report capacity and performance results.

Primary authors

Derek Feichtinger (PSI) Giulio Eulisse (Northeastern University) Lassi Tuura (Northeastern University) Ricky Egeland (University of Minnesota) Simon Metson (Bristol University) Valentin Kuznetsov (Cornell University)

Presentation Materials

There are no materials yet.