[jsdl-wg] my view on execution user and group
William Lee
wwhl at doc.ic.ac.uk
Thu Mar 31 04:07:35 CST 2005
I agree with Chris. I would even suggest put the POSIX user ID and
group ID elements in the <application-executable/> (If that's what we
have decided to call) section than the wrapping <application/> section,
because it's quite 'binary job' specific.
William
On 31 Mar 2005, at 10:59, Ali Anjomshoaa wrote:
>
> Hi Chris,
>
>> I think that retaining the user name and group is useful, as I have
>> customer
>> use cases where the template of a job is permanently attached to a
>> particular user identity for execution, so I think I'd like to see
>> these
>> stay.
>
> Will a POSIX user ID in the Application section satisfy your use-case?
> If
> not, can you please suggest a more concrete definition for a user
> element
> that would satisfy your use-case?
>
> There is currently no definition for the UserCredential element in the
> Spec, but, there is one for UserGroup - anyone able to explain this?
> The
> UserGroup element's definition says that it contains the credentials
> necessary to run the job in a Grid!
>
>
>>
>> The management and establishment of credentials, on the other hand, is
>> generally very dependent on the protocol being used and the specific
>> context
>> of the job submission itself, that it doesn't make sense to put this
>> in a
>> job description. Having just finished a project Kerberizing one of our
>
> I agree with Chris here. It doesn't make sense to have credentials in
> the
> JSDL. We decided in Berlin that security and credentials were out of
> JSDL's scope. We shouldn't let them creep back in!
>
>
> Cheers,
>
> Ali
>
>
>> products, I'm feeling this first hand.
>>
>> -- Chris
>>
>>
>> On 30/3/05 05:38, "Darren Pulsipher" <darren at pulsipher.org> wrote:
>>
>>> Ok my turn to say something about the User section.
>>>
>>> The User Section is attached to the Job definition and the Data
>>> Staging
>>> areas for stage in and stage out.
>>>
>>> I believe that we need to have Name, Group and some passthru for
>>> credentials
>>> (or an extension for such) not only for POSIX applications but for
>>> all
>>> different types of jobs. Web services typically have these concepts,
>>> sql
>>> would have it, AFS with security uses it etc...
>>>
>>> If it is not put into the JobDefinition or the DataStaging areas
>>> then people
>>> will add it in through extensions all over the place. As most jobs
>>> require
>>> some kind of identification of the user that will be running jobs
>>> and moving
>>> data.
>>>
>>> Putting this in the POSIX Application area is too limiting and does
>>> not
>>> allow for referencing the User in other sections easily. For example
>>> in a
>>> complex workflow where the user identity will change depending on
>>> the job
>>> that is run it would be beneficial to reference the Users that are
>>> defined
>>> potentially outside of the JobDefinition several times.
>>>
>>> Any questions?
>>>
>>> Darren
>>>
>>> -----Original Message-----
>>> From: owner-jsdl-wg at ggf.org [mailto:owner-jsdl-wg at ggf.org] On Behalf
>>> Of
>>> Donal K. Fellows
>>> Sent: Wednesday, March 30, 2005 5:14 AM
>>> To: Ali Anjomshoaa
>>> Cc: jsdl-wg at gridforum.org
>>> Subject: Re: [jsdl-wg] my view on execution user and group
>>>
>>> Ali Anjomshoaa wrote:
>>>> ...again, any other thoughts on this?
>>>
>>> I think Karl's got the interpretation of the ExecutionUser and
>>> ExecutionGroup elements right. I'd just add that I would expect most
>>> JSDL instances to not specify these elements, with the identity to
>>> execute the job as being either implicit within the submission
>>> security
>>> context or present explicitly through SAML/XACML elements. Our
>>> experience with UNICORE is that this functionality is only rarely
>>> useful
>>> (but invaluable in those situations, of course, so the elements are
>>> worth retaining).
>>>
>>> Donal.
>>>
>>
>>
>
> --
>
> ---------------------------------------------------- |epcc| -
> Ali Anjomshoaa
> EPCC, University of Edinburgh
> James Clerk Maxwell Building
> Mayfield Road E-mail: ali at epcc.ed.ac.uk
> Edinburgh EH9 3JZ Phone: + 44 (0) 131 651 3388
> United Kingdom Fax: + 44 (0) 131 650 6555
> -------------------------------------------------------------
>
>
>
--- William Lee @ London e-Science Centre, Imperial College London --
--- Software Coordinator ---
A: Room 380, Department of Computing, Imperial College London, Huxley
Building, South Kensington campus, London SW7 2AZ, UK
E: wwhl at doc.ic.ac.uk | william at imageunion.com
W: www.lesc.ic.ac.uk | www.imageunion.com
P: +44(0)20 7594 8251
F: +44(0)20 7581 8024
--- Projects ----------------------------
GridSAM: http://www.lesc.ic.ac.uk/gridsam
Markets: http://www.lesc.ic.ac.uk/markets
ICENI: http://www.lesc.ic.ac.uk/iceni
-----------------------------------------
More information about the jsdl-wg
mailing list