[Swift-devel] Re: latest Falkon code is in SVN!

Ioan Raicu iraicu at cs.uchicago.edu
Wed Sep 5 17:27:20 CDT 2007



Ben Clifford wrote:
> On Wed, 5 Sep 2007, Ioan Raicu wrote:
>
>   
>> service on login node of some grid site
>> workers on compute nodes of the same grid site
>>     
>
> with each grid site likely beyond reasonable doubt to allow no external 
> access to their worker nodes from anything other than the head node? 
The workers only communicate with the service, so if they are running in 
a LAN, the traffic is relatively OK.  Remember that PBS, Condor, and the 
likes, none of them use any form of security (with the exception of 
maybe some rudimentary form of authentication), within a single cluster 
environment.  I was making the same assumption they are making. 
> and 
> with each person accessing the head node trusted? 
Each person accessing the head node typically has an account on that 
node, and is trusted to some degree. 
> when your home directory 
> is replaced with a file called sucker.txt and you have no problem with 
> that, I'll agree with you.
>   
You can enforce at the container what form of security is needed by 
various functions of the service, including the job submission 
function.  You can use all sorts of authentication, encryption, 
signature, etc... forms of security to ensure that whoever talks to the 
Falkon service is trusted, but I still don't see why the workers would 
need any more security that PBS/Condor in a LAN environment.  Off 
course, this changes 180 degrees once you go to a WAN and the traffic is 
now crossing other networks.

 From my point of view, its OK either way, but from my experience, 
security is one of the biggest hurdles for new users of web services.  
At any rate, we are only arguing what the defaults are, the important 
thing is that we support a wide range of things, from no security to 
full security!

Ioan

-- 
============================================
Ioan Raicu
Ph.D. Student
============================================
Distributed Systems Laboratory
Computer Science Department
University of Chicago
1100 E. 58th Street, Ryerson Hall
Chicago, IL 60637
============================================
Email: iraicu at cs.uchicago.edu
Web:   http://www.cs.uchicago.edu/~iraicu
       http://dsl.cs.uchicago.edu/
============================================
============================================




More information about the Swift-devel mailing list