myproxy server
Robert Olson
olson at mcs.anl.gov
Mon Sep 8 11:37:23 CDT 2003
At 11:26 AM 9/8/2003 -0500, Ivan R. Judson wrote:
>I think this should be given a priority that is low; that is Ti should work
>on other things (including OpenCA/Globus) first. While the proxy certificate
>stuff is on our research path, it's not popping up to the top -- we have
>other more important things that need to be done first, that don't require
>Ti to spend cycles on this particular request.
That's interesting, it seemed in discussions last week that the difficulty
with people getting certificates was getting significant, and having a
myproxy server available to prototype against would be a step in the path
toward a solution to that. It is also the next major piece of certificate
management that needs to be tackled (the host/service cert problem isn't a
big deal, I just need some input in how the services expect to have these,
and the model which is expected to be used in making such requests, as in a
multiple-machine node the request will have to be made from the machine the
service runs on in order for the private key to land in the proper location).
>I'd definitely like to get a snapshot of what your queue looks like so that
>I can understand where you think you are, and compare it with where I think
>you are. It's difficult to integrate your effort into the tasks we have
>layed out with little or no coordination; can you bring your list of things
>you have you are working on to the meeting tomorrow so we (the group) can
>get synchronized?
I am addressing issues related to the pieces of ag2 that last I knew were
the only ones I'm significantly involved with: security and data access.
The use of a myproxy server is directly associated with the security side,
as are difficulties like the one just posted to ag-tech (which has brought
to view a requirement for the cert request stuff I hadn't considered).
I have also been researching the issues involved in more coherent access to
data stores, including support for hierarchical organizational to same
(which is not a trivial extension), issues in access control in that
environment, etc.
More information about the ag-dev
mailing list