DOMA / ACCESS Meeting

Tuesday 7 Apr 2020, 17:30 → 18:50 Europe/Zurich

513/1-024 (CERN)

Frank Wuerthwein (Univ. of California San Diego (US)), Ilija Vukotic (University of Chicago (US)), Markus Schulz (CERN), Stephane Jezequel (LAPP-Annecy CNRS/USMB (FR)), Xavier Espinal (CERN)

People on Vidyo: Andrea Ceccanti, Andrea Sciaba, Bo Jayatilaka, Daniele Spiga, David Smith, Dewhurst, Diego Ciangottini, Dmitry Litvintsev, Elizabeth Sexton-Kennedy, Frank Wuerthwein, Gonzalo Merino, James William Walder, Laurent Duflot, Markus Schulz, Nikola Hardi, Nikolai Marcel Hartmann, Oxana Smirnova, Horst Severini, Paul Musset, Riccardo Di Maria, Stephane Jezequel, Xavier Espinal, Teng LI, tigran

 

• Daniele Spiga (Universita e INFN, Perugia (IT)), Diego Ciangottini (INFN, Perugia (IT)) - INFN Caching Activity Update: Reading NanoAODs through the Cache:
  - the objective are to evolve from xcache usage towards data lake scenario; integrating the capability-based AuthN/Z; functional test using nanoAOD-based analysis
  - user/client needs only submission file and token when interfacing with computing facility
  - computing facility talking with xcache using xrootd or http
  - analysis facility: using DODAS to generate htcondor pool managed by k8s
  - remote access to the analysis facility is still granted through GSI
  - origin server (storage) with xrootd
  - restricting access to CMS people and providing access through xrootd and https
  - xrootd flow: authN/Z managed with VOMS groups (supported by ESCAPE IAM); need GSI approach since xrootd does not manage token yet
  - https flow: authN/Z managed directly by IAM groups and JWT
  - the trick stays on IAM mapping between identity and either a VOMS group (Xrootd) or token scopes (HTTP)
  - currently testing the HTCondor JWT management for data access tokens (credmon)
  - xcache and origin setup: more in slides
  - tests with no cache, cold and warm cache using nanoAOD: results in the slides
  - working with INFN-CNAF for the performance test setup
  - currently in waiting room for: XRootDs token and scope based authz support; Rucio full token support; Rucio multi-VO/group; IAM HR sync
  - In the pipeline: integration on two lakes CERN and INFN-CNAF; Rucio inter-lake data management; benchmark for NanoAOD analysis patterns; keep progressing with WLCG Token profile integration 

 

• DOMA ACCESS White Paper and HL-LHC review document preparations
  - DOMA ACCESS "White Paper"
  https://docs.google.com/document/d/1VfzXNIAM8AlrA_9EPntCP99UyVSws6S6-ZDdieqItVg
  - HL-LHC review:
  https://docs.google.com/document/d/1KglUSvYm2l7GT2qkKSTrNTSrpxXsWezQsl9dRYc-1rU
  - DOMA ACCESS WG evolution proposal:  WLCG DOMA LakeS
  https://docs.google.com/document/d/1-0OliZcIcC3Z4hRxm9NgR7kVaOBhdg_XImiAFUxBpgw

 

• Next meeting in 2 weeks

17:30 → 17:35 Introduction

Speakers: Frank Wuerthwein (Univ. of California San Diego (US)), Frank Wuerthwein (UCSD), Ilija Vukotic (University of Chicago (US)), Stephane Jezequel (LAPP-Annecy CNRS/USMB (FR))

- DOMA ACCESS "White Paper"
https://docs.google.com/document/d/1VfzXNIAM8AlrA_9EPntCP99UyVSws6S6-ZDdieqItVg

- HL-LHC review:
https://docs.google.com/document/d/1KglUSvYm2l7GT2qkKSTrNTSrpxXsWezQsl9dRYc-1rU

- DOMA ACCESS WG evolution proposal:  WLCG DOMA LakeS

https://docs.google.com/document/d/1-0OliZcIcC3Z4hRxm9NgR7kVaOBhdg_XImiAFUxBpgw

 

 

 

 

17:35 → 17:55 INFN caching activity update: reading NanoAODs through the cache

Speakers: Daniele Spiga (Universita e INFN, Perugia (IT)), Diego Ciangottini (INFN, Perugia (IT))

DOMA-workflow-update.pdf

18:25 → 18:35 AOB