e.g.: Authorization, Authentication, Accounting

Who Manages the all the Users and Accounts? And how?

• Remember the “uid/gid” issues between DESY unix clusters?

Grid authentication/authorization is base on GSI (which is a PKI)

For a “Virtual Organization” (VO) like CMS it is mandatory to have a means of distributed authorization management while maintaining:

• Individual sites' control over authorization
• The ability to grant authorization to users based upon a Grid identity established by the user's home institute

One approach is to define groups of users based on certificates issued by a Certificate Authority (CA)

At a Grid site, these groups are mapped to users on the local system via a “gridmap file” (similar to an ACL)

The person can “log on” to the Grid once,

• (running > grid-proxy-init, equivalent to > klog in Kerberos/afs)

and be granted access to systems where the VO group has access

Previous slide

Next slide

Back to first slide

View graphic version