Dr Vincenzo Ciaschini (INFN CNAF)
While starting to use the grid in production, applications have begun to demand the implementation of complex policies regarding the use of resources. Some want to divide their users in different priority brackets and classify the resources in different classes, others again content themselves with considering all users and resources equal. Resource managers have to work into enabling these requirements on theri site, in addition to he work necessary to implement policies regarding the use of their resources, to ensure compliance with AUPs. These requirements prescribe the existence of a security framework not only capable of satisfying them, but also flexible enough not to require continuous and unnecessary low-level tweaking of configurations every time the requirement change, and that should also do so in a scalable mode. Anything else would only be detrimental when things are seen from the site administrator point of view. Here we will describe the layout used in several italian sites of the EGEE infrastructure to deal with these requirements, along with a complete rationale of our choices, with the intent of clarifying what issues an administrators may run into when dealing with priority requirements, and what common pitfalls should be avoided at any cost. Beyond the feedback on interfaces for policy management, from VO and site administrators, we will especially report on the aspects coming from the mapping of grid level policies to local computing resource authorization mechanisms at sites like CNAF T1, and how they interfere from management and security point of view.
|Submitted on behalf of Collaboration (ex, BaBar, ATLAS)