Speaker
Dr
Vincenzo Ciaschini
(INFN CNAF)
Description
While starting to use the grid in production, applications have begun to demand the
implementation of complex policies regarding the use of resources. Some want to
divide their users in different priority brackets and classify the resources in
different classes, others again content themselves with considering all users and
resources equal. Resource managers have to work into enabling these requirements on
theri site, in addition to he work necessary to implement policies regarding the use
of their resources, to ensure compliance with AUPs.
These requirements prescribe the existence of a security framework not only capable
of satisfying them, but also flexible enough not to require continuous and
unnecessary low-level tweaking of configurations every time the requirement change,
and that should also do so in a scalable mode. Anything else would only be
detrimental when things are seen from the site administrator point of view.
Here we will describe the layout used in several italian sites of the EGEE
infrastructure to deal with these requirements, along with a complete rationale of
our choices, with the intent of clarifying what issues an administrators may run into
when dealing with priority requirements, and what common pitfalls should be avoided
at any cost.
Beyond the feedback on interfaces for policy management, from VO and site
administrators, we will especially report on the aspects coming from the mapping of
grid level policies to local computing resource authorization mechanisms at sites
like CNAF T1, and how they interfere from management and security point of view.
| Submitted on behalf of Collaboration (ex, BaBar, ATLAS) | EGEE |
|---|
Authors
Dr
Alessandro Italiano
(INFN CNAF)
Dr
Andrea Ferraro
(INFN CNAF)
Dr
Antonia Ghiselli
(INFN CNAF)
Dr
Daniele Cesini
(INFN CNAF)
Dr
Davide Salomoni
(INFN CNAF)
Dr
Sergio Andreozzi
(INFN CNAF)
Dr
Vincenzo Ciaschini
(INFN CNAF)
