/[pdpsoft]/trunk/grid-mw-security/ees/thesis/continued_development.tex
ViewVC logotype

Diff of /trunk/grid-mw-security/ees/thesis/continued_development.tex

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 952 by aramv, Tue Oct 20 12:51:48 2009 UTC revision 953 by aramv, Wed Oct 21 08:40:48 2009 UTC
# Line 1  Line 1 
1  \chapter{Continued development}  \chapter{Continued development}
2    
3    \section{Exposing the EEF as a service}
4    Due to time constraints it was not possible to complete the implementation of the EES as a whole.
5    While the EEF was mostly completed
6    
7    \section{Missing EEF functionality}
8    Most of the EEF functionality was  implemented, except a feature to parse the SAML2XACML2 requests into the AOS.
9    The proposed implementation plan is still valid, the logic to parse SAML2XACML2 present in the SCAS should be adapted to store the XACML properties in the AOS.
10    
11  \section{Proposed plug-ins}  \section{Proposed plug-ins}
12  The development of plug-ins is outside the scope of this project, however a few example plug-ins that adhere to the proposed plug-in API have been created.  The development of plug-ins is outside the scope of this project, however a few example plug-ins that conform to the proposed plug-in API in section \ref{plugin_api} have been created.
13  % Hetzelfde model als wat in LCAS/LCMAPS voor backwards compatibilty.  % Hetzelfde model als wat in LCAS/LCMAPS voor backwards compatibilty.
14    
15    Legacy LCMAPS plug-ins will probably have to be slightly adjusted to make use of the AOS instead of relying on the information that was provided through LCMAPS.
16    
17  \subsection{Acquisition}  \subsection{Acquisition}
18  Acquire user credentials.  These plug-ins can acquire user credentials from sources like:
 % Translate credentials  
 Possible formats:  
19    
20  \begin{itemize}  \begin{itemize}
21  \item personal X.509 certificate  \item personal X.509 certificate
# Line 15  Possible formats: Line 24  Possible formats:
24  \item SAML statements  \item SAML statements
25  \end{itemize}  \end{itemize}
26    
27    \subsection{Translation}
28    It would be nice to have plug-ins that can translate credentials
29    
30  \subsection{Enforcement}  \subsection{Enforcement}
31  Enforces user credentials onto target system.  
32    Enforcement plug-ins that can be ported from LCMAPS:
33  \begin{itemize}  \begin{itemize}
34  \item LDAP enforcement \cite{lcmaps_apidoc}  \item Unix local accounts
35  \item POSIX enforcement \cite{lcmaps_apidoc}  \item Unix pool accounts
36  \item Unix pool accounts \cite{lcmaps_apidoc}  \item POSIX enforcement
37  \item Unix local accounts \cite{lcmaps_apidoc}  \item LDAP enforcement
 % LRMS, Batch-ssystem specifieke tokens, speciale groep-account (golden account), VM's  
38  \end{itemize}  \end{itemize}
39    
40  \subsection{Multi-threading}  Enforcement plug-ins that facilitate new use cases:
41    \begin{itemize}
42    \item Interface to Local Resource Management System (LRMS)
43    \item Interface to virtualization frameworks like OCCI or OpenNebula.
44    \item Enforcing the reconfiguration of a scheduler
45    \item Special group account use cases
46    %TODO? whut
47    \end{itemize}
48    % LRMS, Batch-ssystem specifieke tokens, speciale groep-account (golden account), VM's
49    
50    \subsection{Design improvements}
51  Currently the EEF is a single-threaded library, but the AOS has been designed to be used in a multi-threaded environment.  Currently the EEF is a single-threaded library, but the AOS has been designed to be used in a multi-threaded environment.
52  To enable the service to perform in a multi-threaded manner, the AOS initialization should be decoupled from the EEF lifecycle functions.  To enable the service to perform in a multi-threaded manner, the AOS initialization should be decoupled from the EEF lifecycle functions.
53    
54  For each incoming request (through an EIC), a new AOS should be initialized.  For each incoming request (through an EIC), a new AOS should be initialized.
55  After a request has completed, the AOS can be terminated.  After a request has completed, the AOS can be terminated.
56    Because the implementation of the EICs
57    
58  Also, a function to update the policy configuration by parsing a supplied config file is necessary. We propose to name this function EEF\_Update().  Also, a function to update the policy configuration by parsing a supplied config file is necessary.
59    The proposed name for this function is EEF\_Update().
60  %EEF_Update() om de EEF met een nieuwe config file te laden  %EEF_Update() om de EEF met een nieuwe config file te laden
61  % AOS init kan worden losgehaald  % AOS init kan worden losgehaald
62    
63  %TODO dit zijn bestaande gegevens. dignen die we nog niet weten -> zie sander's mail.  %dit zijn bestaande gegevens. dignen die we nog niet weten -> zie sander's mail.

Legend:
Removed from v.952  
changed lines
  Added in v.953

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28