AAI on the worker nodes

MUPJ before the WN:

Suggestion: Job Credential Propagation and Job Credential Delegation need to be thought of as one issue to solve as a whole?!

MUPJ on the WN:

Pilot Credential Protection

Job Isolation

Job AAI - Logging Only

Job AAI - Run Or Reject

Proposal for the technical walkthrough:

Getting Requirements

What do we need to prove to whom?

Users <-> VO <-> Sites ?! Any more players?

Prove a job's execution? Prove data origin?

When/why do we actually need AAI on the WN?

For VO-internal purpose?

For reasons of liability?

For forensics?

Analysis of what's there

proxy certificates

single user pilots running multi user jobs?!

Analysis of what could be there (actually used)



something completely different

Where do we go from here ...?


See attachments for summary documents.

Topic attachments
I Attachment History Action Size Date Who Comment
Microsoft Word filedoc WLCG_WN_Security-04mod.doc r1 manage 239.0 K 2012-03-31 - 22:40 MaartenLitmaath v0.4 of March 30 modified with change tracker on
Microsoft Word filedoc WLCG_WN_Security-05.doc r1 manage 237.0 K 2012-03-31 - 22:41 MaartenLitmaath v0.5 of March 31
PDFpdf WLCG_WN_Security-05.pdf r1 manage 250.9 K 2012-03-31 - 22:41 MaartenLitmaath v0.5 of March 31
Microsoft Word filedoc WLCG_WN_Security-06.doc r3 r2 r1 manage 251.5 K 2012-04-03 - 18:27 MaartenLitmaath v0.6 of April 03
PDFpdf WLCG_WN_Security-06.pdf r3 r2 r1 manage 135.7 K 2012-04-03 - 18:27 MaartenLitmaath v0.6 of April 03
Microsoft Word filedoc WLCG_WN_Security.doc r1 manage 234.5 K 2012-04-03 - 18:30 MaartenLitmaath v0.4 of March 30
PDFpdf WLCG_WN_Security.pdf r1 manage 246.5 K 2012-04-03 - 18:31 MaartenLitmaath v0.4 of March 30
Edit | Attach | Watch | Print version | History: r11 < r10 < r9 < r8 < r7 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r11 - 2012-04-03 - MaartenLitmaath
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback