20.01.2012 T8.2 Conference Call
From IMarine Wiki
Time: Wednesday January 20, 2012, 16:00 - 17:00 Europe/Rome
Conference call agenda:
- Definition of T8.2 activities
- Lino Pagano (CNR)
- Paolo Fabriani (ENG)
- Ciro Formisano (ENG)
Discussion on the activities planning
- Lino: To bring in production the secure infrastructure should be the first activity of T8.2. Anyway some tests have not been completed yet, so this activity should be postponed.
- Ciro agrees with Lino about the incompleteness of the integration tests. Even part of the services currently are not completely integrated with the secure infrastructure. For this activities ENG is ready to provide the support, as soon as it will be required.
- Ciro asks to discuss about the activities, the priorities and the implicit requirements of the task starting from the description of provided by the DoW.
- Lino: The revision of the architecture of the current AA solution of gCube to enhance its re-usability is the starting point of the task activity. In fact the starting phase of the project offers the possibility to plan the introduction of new technological solutions: most of the activities performed in all the tasks of the WP in this period have this goal.
- Ciro: From this point of view, the security module should be isolated from the rest of the infrastructure and should became a real pluggable module. This activity should be performed in coordination of the other tasks.
- Lino: The center of T8.2 is the definition and the implementation of the Policy Infrastructure, which will manage and enforce the policies of the infrastructure. The starting point is the Argus-based security module produced in D4Science. The main problem of the current solution is that it is based on a static triple (role, action, resource), that could limit the types of policies available to manage the infrastructure. More information about the actual requirements of this topic could be find in WP5: anyway the improvement towards more dynamic policies or a more fine grained model could be an answer: for example, the current implementation of the authorization framework does not support the definition of quota (maximum number of calls per day and per user, maximum volume of data downloadable per day, etc.) and this could represent an important limitation for the policy framework defined by the communities.
- Lino: The secure infrastructure should be interoperable with the policy management solutions offered by EMI, EGI-Inspire or EIF. The list of the infrastructures is not completed, but not all the infrastructure have real and complete security mechanisms. Therefore the activities and the priorities should be evaluated on the basis of the requirements of the specific infrastructure.
- Lino: The Accounting and the Billing are important requirements because, in a production environment, the services that a user calls could be not free. The solution applied in the project Venus-C seems to a promising candidate that could fulfill every requirement. This solution should be studied and the possibility of integration with the what was developed for D4Science (as the accounting solution developed by CERN) and what is possibly provided by other infrastructures, should be evaluated.
- Paolo: at first glance agrees with Lino about the applicability of the Venus-C solution for IMarine. There are good possibilities that further and deeper studies will confirm the adequacy of the solution.
- Lino: Auditing currently has no priority, anyway more information about the topic will be provided later.
- Lino: Some activities involve the handling of sensitive data: this fact will probably require the support of data Encryption and data anonymisation. This activities are better defined in WP9 that will be the requirements source for this activity.
- Ciro: asks if the Identity Federation could be considered an added value for the infrastructure
- Lino: Identity federation is not required at present since no requirements have been expressed so far. If and only if in the future those requirements will be opened, the WP8 will evaluate their feasibility.
Activities agreed (in order of priority)
- The integration of the Scoping module with the Authorization module is currently in progress
- Starting to define the feature of the policies in coordination with WP5, in order to produce a plan of evolution of the current system
- The task of bringing the secure infrastructure into production environment cannot have maximum priority because the integration of services is not completed
- Accounting: the possibility to re-use, totally or in part, the Venus-C solution should be evaluated
- Encryption: the requirements will be the product of part of the activities of WP9