Speaker
Describe the scientific/technical community and the scientific/technical activity using (planning to use) the EGEE infrastructure. A high-level description is needed (neither a detailed specialist report nor a list of references).
The concept of Virtual organizations defined as dynamic
collections of individuals,
institutions, and resources emerged as central in the 'Grid
Problem': flexible,
secure, coordinated resource sharing across dynamic, multi
institutional
collaborations. VOMS was born with the aim of supporting the
dynamic, fine grained,
and multi-stakeholder access control needed to enable sharing
over virtual organizations.
With a forward look to future evolution, discuss the issues you have encountered (or that you expect) in using the EGEE infrastructure. Wherever possible, point out the experience limitations (both in terms of existing services or missing functionality)
Being available over different security infrastructures, VOMS aim
to provide users of
virtual organizations' users and administrators a management
system that is unique
and consistent accross different middleware stacks. In order to
provide a complete
authorization framework to users and resource owners, the
possibility of using
structured policies must be assured. Components in the gLite
middleware stack such as
gJAF and gPBox aim to complement the authorization capability
offered by VOMS.
Report on the experience (or the proposed activity). It would be very important to mention key services which are essential for the success of your activity on the EGEE infrastructure.
Within the OMII-Europe project, we are enhancing VOMS to support
authorization
standards emerging from the Open Grid Forum as well as from other
standardization
bodies. Besides the current widely deployed and used RFC 3281
Attribute Certificate
based interface, OMII-Europe is developing an interface for VOMS
based on the OASIS
Security Assertion Markup Language (SAML) set of specifications.
As a result VOMS
will be available accross different security infrastructures. For
instance, we are
also enhancing UNICORE to integrate VOMS for authorization,
having execution of jobs
on UNICORE sites denied/allowed based on the user's VO
attributes. OMII-Europe is
also working on supporting standardization of the interface for
job execution
components of two majors Grid distributions, gLite CREAM-BES, and
UNICORE OGSA-BES.
Describe the added value of the Grid for the scientific/technical activity you (plan to) do on the Grid. This should include the scale of the activity and of the potential user community and the relevance for other scientific or business applications
We are going to make VOMS available to a larger community using
diverse middleware
stacks with different security infrastructures. This will be
achieved by supporting
the two major standards for expressing attributes (RFC3281 and
OASIS SAML). The
ongoing concurrent standardization of Grid services interfaces
such as for job
submission services (e.g. OGF OGSA-BES) will assure to virtual
organization members a
transparent Grid experience over sites using different middleware
distributions (e.g.
gLite, UNICORE, Globus Toolkit).
