Fermilab Computing Division

CS Document 3917-v1

Towards a Scalable Virtual Organization Privileges Management Environment

Document #:
Document type:
Submitted by:
Gabriele Garzoglio
Updated by:
Gabriele Garzoglio
Document Created:
17 May 2010, 13:55
Contents Revised:
31 Jan 2011, 15:46
Metadata Revised:
31 Jan 2011, 15:46
Viewable by:
  • Public document
Modifiable by:

Quick Links:
Latest Version


Grids enable uniform access to resources by implementing standard interfaces to resource gateways. In the Open Science Grid (OSG), privileges are granted on the basis of the user's membership to a Virtual Organization (VO). However, user privilege definitions and enforcements are administered by VOs and Grid sites respectively. Such partitioning can potentially introduce inconsistent user privileges throughout the Grid and break the Grid paradigm of uniform access to resources. There is a need for an automated privilege management mechanism for a VO to codify privileges granted to its users as policies, to make the desired privilege policies available to grid sites, to examine degree of support of VO privileges at individual sites, and to provide guidance in modifying site configurations by leveraging experiences of accomplished administrators.

To address these challenges, we develop the Scalable Virtual Organization Privileges Management Environment (SVOPME) under the context of the Open Science Grid (OSG). The SVOPME provides tools for VOs to define and publish desired privileges and assists sites to provide the appropriate access policies. At a site, SVOPME tools help analyze how access policies are defined for its resources for VO users. Other SVOPME tools help verify policy consistency between VOs and sites and advise changes to site configurations. This paper presents the designs and features of SVOPME tools. We will also report our experiences and lesson learned in applying SVOPME tools for OSG VOs and sites. Furthermore, we will outline future improvements to SVOPME tools to adapt to a range of different site configurations and new privilege policies.

Associated with Events:
CHEP 2010 held from 18 Oct 2010 to 22 Oct 2010 in Taipei, Taiwan
DocDB Home ]  [ Search ] [ Authors ] [ Events ] [ Topics ]

DocDB Version 8.8.9, contact Document Database Administrators