Last modified 11 years ago Last modified on 03/25/10 16:17:17

Copenhagen 2010

Purpose of the meeting.

Gerd's introduction

Intention is to get started on all the proposed work whilst at Copenhagen.

All related to how we deal with users in dCache.

The concept of users is touched in many components.

One goal is to get a uniform representation of authorisation. Use the same type of objects

Capturing partial authorisation? No, we don't need this.

Timur: but we shouldn't expose UID GID numerical values. Correct: we would need a service to map backwards from UID/GID to a meaningful.

How to handle migrating? Two ways:

  1. maintain current mapping
  1. if we want to use the new UID and GID features then we would need to map existing ownership to unique UIDs.

we'll probably need to support both.

We have ACLs and Permission Handlers in PnfsManager

Would be useful to developed a common authorisation policy object/interface to capture all these checks in the single.

gPlazma is more about identity mapping than authorisation.

Various components do authorisation.

The single component for doing authorisation already exists: JAAS provides support for this. This would be one way to handle authorisation of staging in PoolManager.

Java 7 w/ comes with a new IO framework and authorisation comes for JAAS.

Subject, Object, Action

Such components: helper classes should be identified before we are in Copenhagen.

Timur also mentioned the idea of unifying various database. Files have bits of information in different locations. Could we also address this at the same time?

Have initial discussion and plan to have another big meeting in the near future.

Dmitry: the proposal of using uid/gid seems reasonable.

Paul: put Gerd's proposal into the wiki.

Hope for the outcome is NOT that we came a complete working system; but we have enough impetus to spend the remainding time until next major release to get everything finished.

Timur: we can have preparatory patches prior to Copenhagen.

Timur: proposal looks good.

Separation of components like pin-manager, pool-manager, space-manager is causing problems. We should look at altering the structure.

JAAS? Translation/Utility? class for asking dCache-specific questions: can-I-pin

Vejay: how to improve system monitoring.