Speaker
Mr
Gian Luca Rubini
(INFN-CNAF)
Description
One of the most interesting challenges of the 'computing Grid' is how to
administer grid resources allocation and data access, in order to obtain
an effective and optimized computing usage and a secure data access. To
reach this goal, a new entity has appeared, the Virtual Organization (VO),
which represents a distributed community of users, accessing a
distributed computing environment. This new concept has affected all the
proposed models for administering authentication, authorization policies
and accounting, and the VO name has already become an attribute of the
user certificate traveling in the grid.
This paper describes the architecture of an integrated framework, based
on the Virtual Organization Membership Service (VOMS), the Grid-Policy
Box (G-PBox) and the Distributed Grid Accounting System (DGAS), providing
respectively authentication, policy-based authorization and credit-based
accounting and how they are managed by the VOs. It shows how the VO can
build groups, assign roles and associate policies and credits to each
group and role, in a dynamic way, and implement the agreements with the
resource owners, then a view on how these systems can be integrated into
a real grid (gLite/LCG) and how they are used by the Workload Management
System(WMS) operating in EGEE is described.
This integrated framework shows a VO-based approach to authorization,
policy and accounting as an effective and efficient use of the Grid. VO
specific use-cases will be described.
Primary author
Mr
Gian Luca Rubini
(INFN-CNAF)
Co-authors
Mr
Andrea Caltroni
(INFN-PD)
Mr
Andrea Ferraro
(INFN-CNAF)
Mr
Andrea Guarise
(INFN-TO)
Ms
Antonia Ghiselli
(INFN-CNAF)
Mr
Giuseppe Patania
(INFN-TO)
Mr
Rosario M. Piro
(INFN-TO)
Mr
Vincenzo Ciaschini
(INFN-CNAF)
