# ARGUS Collaboration - 6/11/2015


## General news

INDIGO confirmed that AAI will be based on openid-connect for identification
* Requires ARGUS to be able to express policy based on these identities/attributes: main development foreseen in INDIGO for ARGUS
* Planned for the second year of the project
* Potentially interesting for WLCG as it will allow to get rid of client certificates in policies
  * Should present it at WLCG workshop in Lisbon?

## EL7 and Java8

* A new stress test suite has been developed by Andrea and Marco: first results very promising
  * Currently bundled with VOMS test suite but could be split from it
* A fix has been developed for the pool account creation problem reported by CERN (race condition)
  * Pb reproduced
  * Requires all the pepd to be updated for the fix to really solve the problem
  * No intent to backport it in UMD3 presently but doable if needed
* Ready for testing: CERN always interested, need to coordinate with Ben for planning
  * Fix could make it more appealing
  * An ARGUS yum repo should be available soon for EL7 and also for EL6
  * Move new release to UMD4 testing asap: will help to get it tested

Releasing in EPEL ? Difficult until now because Java dependencies were missing, improved in EPEL7
* To be revisited

Client matrix tests: still to be done for EL7
* Working for EL6
* Some problems found in the tests: mostly matching the ones found by Marco

## Open issues and new features

* Race condition identified with pool account creation caused by a misconfiguration (insufficient number of pool accounts causing permanent recycling)
* CREAM pb still open: CREAM failing to contact the ARGUS server even if the ARGUS service is back in good shape and if the pepc can contact it
  * See previous meeting minutes
* Recent incident due to a bad policy entry in the central banning server: may be the ARGUS server could check for such invalid policy entries and prevent the problem. Recovery painful due to the huge backlog: exhibited the NFS limitation of the gridmapdir backend...
  * Andrea: not necessarily easy as the policy engine can accept non X509 entries
  * Vincent: pap client transformed an empty subject into a "Null" entry, this can probably be fixed
  * Maarten: the server should not crash in the event of such misconfigurations
* Still some other random issues not tracked down to another event: waiting for next version to see what are the remaining problems

Mischa: an issue seen in the past with caching degrading performances when the number of requests was increasing
* Andrea: not seen in the last version with the test suite

Moving away from gridmapdir
* Preliminary work started to use Redis DB as a replacement
* A standalone prototype should be ready soon to investigate the potential performance improvement
  * Should allow to take a decision around the end of the year

## AOB

Email list: keep the current one

Next meeting: Thursday, December 3 2 pm


