Summary of GDB meeting, June 14, 2014 (CERN)

Agenda

https://indico.cern.ch/event/272777/

Introduction - M. Jouvin

As usual, looking for volunteers to take notes

Next GDBs

• Next ones at CERN on the second Wednesday of the month
• Next one outside CERN in March 2015. Please, let Michel know if you are interested in organising it

Summary of WLCG Workshop

• Around 85 people attended, similar to Copenhagen Workshop
• Notes available in https://twiki.cern.ch/twiki/bin/view/LCG/GDBMeetingNotes20140707

Actions in Progress:

• Migration to GFAL2/FTS3 clients in October 1st
• Volunteering sites to provide dual stack IPv6 endpoints
• Batch accounting in progress
• SL/CentOS: no news

O. Smirnova asks about the status of Batch accounting and J. Gordon explains that there are still on going discussions on what the accounting information should be. O. Smirnova asks whether virtual WNs should offer IPv6 endpoints. M. Jouvin suggests to contact the IPv6 WG.

T. Bell gives an update on SL/CentOS: currently studying how to use CentOS 7 in the virtual infrastructure.

EGI Role in the Evolving DCI Landscape - Y. Legre

• Currently there is fragmentation at several levels: RIs and e-Infrastructures
• EGI would like to develop on the concept of e-infrastructure common:
  • Common backbone of federated services
  • Joint capacity planning
  • Integrated resource provissioning/access, including commercial providers
• Not only NGIs can be members of EGI, but also other type of partners

M. Jouvin expresses his concerns on the fact that EGI, like also EU-T0, rely on the control of resources they do not actually own. Y. Legre explains that there has to be a common strategy and work together to be able to consolidate e-infrastructures in Europ, or otherwise there is a risk that funding agencies won't invest on different projects. There has to be a national program for e-infrastructures common to all the countries, a similar model like GEANT.

On a comment by O. Smirnova, Y. Legre explains that other communities apart from HEP are growing and have different needs and it has to make sure these needs are also covered.

Question about more details on the e-infrastructure commons proposal. Y. Legre explains some proposals have been already made and for some others there will be consultation with people like WLCG, etc.

T. Wildish asks why Y. Legre believes there is a lack of trust, as mentioned in his presentation. Y. Legre thinks people are not talking enough together. Moreover EGI was originally set up for HEP and then started to look to other communities, which may have lead to some frustration because it didn't have the resources to take care of all of them.

M. Jouvin explains that in WLCG there are some fears that EGI won't be able to continue providing the services it used to provide if there is lack of funding. Otherwise he believes WLCG and EGI has a very good collaboration in the areas they have in common.

Y. Legre explains that WLCG could decide to be member of the council in EGI.eu and he would be very pleased if this happens.

T. Bell adds that we are trying to avoid the development of in-house solutions (or project funded solutions that once the project comes to an end needs to be maintained by us).

Identity Federation - R. Wartel

• Enable people to use their home credentials to do things (submit jobs without the need of end user certificates, access web portals, etc)
• Not build own federation: build on existing ones (eduGAIN where many NREN participate)
• A lot of technical aspects to be members of eduGAIN (many completed, still a few to be done)
• Web access now working (CERN SSO)
• A pilot project for WLCG on going (no progress since last GDB meeting)
• Trust and Policy issues
  • Experiments verify people's identity and this is CRITICAL for them and with eduGAIN there is no trust/guaranty about the identities used
  • eduGAIN has still a lot of work to do for operational security (it opens the gate to the world)
• Two main Trust and Policy issues
  • Operational Security
    • Incident handling
  • Privacy and protection of personal data
    • WLCG AUP and data protection policy must be reviewed
    • user consent no longer sufficient to use personal data
• Coordinated effort among different projects who are linked (SCI, Sir-T-Fi, FIM4R...)
• GEANT has a Data Protection Code of Conduct that has been endorsed by several projects. WLCG could endorse this too!
• World is changing and we need to adapt our policies and services

T. Bell explains that twitter loging is currently used at CERN and this is also another example of not very secure identity trust. The fact that you have succesfully login with twitter doesn't mean you are authorised to use certain service.

M. Dimou makes a comment on authentication of experiments users as it is done today with VOMRS that would require substantial changes to move to something like eduGAIN. She also comments US and EU legislation are very different. M. Litmaath adds that this may lead to some incompatibilities that could have a very big impact in WLCG.

M. Alandes asks about CERN Data Protection Policy and WLCG. S. Lueders explains it affects all data stored at CERN and how we handle management of data coming from outside CERN. An assessment will be done. In principle it should be aligned with all the other EU policies and codes of conduct mentioned during the presentation.

O. Keeble asks about IOTA CA, do we have one and how we can convince sites to trust it? R. Wartel explains we currently have one in CERN IT for testing. Not recognised by EGI and WLCG, but should happen in the next year. It is produced by IGTF. The plan is to have this accredited by IGTF and endorsed by EGI and WLCG.

O. Smirnova asks how eduGAIN will be integrated with computing services. She believes this will be more complicated for sys admins. R. Wartel explains this will be much easier for the users and the technical aspects will have to be of course understood. S. Lueders adds that this makes service management easier too since there will be a generic way to define who is authorised to use the service. M. Litmaath adds that the migration is not going to be easy but we should start moving towards this approach.

Actions in Progess - M. Alandes

Ops Coordination Report

Information System Status

Cloud pre-GDB Summary

Site Availablility: Proposed Change - P. Saiz

Data Management Discussion - O. Keeble, F. Furano and W. Bhimji

Multicore: Dynamic Partitioning with Condor at UVic - F. Berghaus

-- MariaALANDESPRADILLO - 10 Sep 20