/[pdpsoft]/trunk/grid-mw-security/ees/thesis/continued_development.tex
ViewVC logotype

Contents of /trunk/grid-mw-security/ees/thesis/continued_development.tex

Parent Directory Parent Directory | Revision Log Revision Log


Revision 953 - (show annotations) (download) (as text)
Wed Oct 21 08:40:48 2009 UTC (12 years, 3 months ago) by aramv
File MIME type: text/x-latex
File size: 2690 byte(s)
One to beam up
1 \chapter{Continued development}
2
3 \section{Exposing the EEF as a service}
4 Due to time constraints it was not possible to complete the implementation of the EES as a whole.
5 While the EEF was mostly completed
6
7 \section{Missing EEF functionality}
8 Most of the EEF functionality was implemented, except a feature to parse the SAML2XACML2 requests into the AOS.
9 The proposed implementation plan is still valid, the logic to parse SAML2XACML2 present in the SCAS should be adapted to store the XACML properties in the AOS.
10
11 \section{Proposed plug-ins}
12 The development of plug-ins is outside the scope of this project, however a few example plug-ins that conform to the proposed plug-in API in section \ref{plugin_api} have been created.
13 % Hetzelfde model als wat in LCAS/LCMAPS voor backwards compatibilty.
14
15 Legacy LCMAPS plug-ins will probably have to be slightly adjusted to make use of the AOS instead of relying on the information that was provided through LCMAPS.
16
17 \subsection{Acquisition}
18 These plug-ins can acquire user credentials from sources like:
19
20 \begin{itemize}
21 \item personal X.509 certificate
22 \item VOMS attribute certificate
23 \item XACML request
24 \item SAML statements
25 \end{itemize}
26
27 \subsection{Translation}
28 It would be nice to have plug-ins that can translate credentials
29
30 \subsection{Enforcement}
31
32 Enforcement plug-ins that can be ported from LCMAPS:
33 \begin{itemize}
34 \item Unix local accounts
35 \item Unix pool accounts
36 \item POSIX enforcement
37 \item LDAP enforcement
38 \end{itemize}
39
40 Enforcement plug-ins that facilitate new use cases:
41 \begin{itemize}
42 \item Interface to Local Resource Management System (LRMS)
43 \item Interface to virtualization frameworks like OCCI or OpenNebula.
44 \item Enforcing the reconfiguration of a scheduler
45 \item Special group account use cases
46 %TODO? whut
47 \end{itemize}
48 % LRMS, Batch-ssystem specifieke tokens, speciale groep-account (golden account), VM's
49
50 \subsection{Design improvements}
51 Currently the EEF is a single-threaded library, but the AOS has been designed to be used in a multi-threaded environment.
52 To enable the service to perform in a multi-threaded manner, the AOS initialization should be decoupled from the EEF lifecycle functions.
53
54 For each incoming request (through an EIC), a new AOS should be initialized.
55 After a request has completed, the AOS can be terminated.
56 Because the implementation of the EICs
57
58 Also, a function to update the policy configuration by parsing a supplied config file is necessary.
59 The proposed name for this function is EEF\_Update().
60 %EEF_Update() om de EEF met een nieuwe config file te laden
61 % AOS init kan worden losgehaald
62
63 %dit zijn bestaande gegevens. dignen die we nog niet weten -> zie sander's mail.

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28