"Andrew's blog about Grids, Webs, Security and other interestingTM Stuff"

Grids
WLCG
GridPP
EGEE
OSG

Web/Net
W3C
RFC Editor
Apache

Grid Security
EGEE/LCG JSPG
EU GridPMA
EGEE JRA3
MWSG

Other Security
OpenSSL
IETF PKIX
mod_ssl

News
SlashDot
BBC News
SecurityFocus
The Register
Freshmeat

Switch to list of all blogs

CHEP 2007, Victoria, Canada
Tue 11 September 2007 11:09am

This year's Computing in High Energy Physics conference marks ten years since my first one in Berlin. Looking back, the first rumblings of the desire for the grid were there, and I remember seeking out talks about CLEO's Nile distributed data processing system, and Funnel and Centipede from the HERA experiments. At the time, the idea of objects was mixed-in, with some vague concept that objects might interact with each other over the network: that idea has come and gone, although Web Services are a loosely coupled echo of it. This year the grid is part of the fabric, and implicitly the background to most of the talks and posters.

Back in 1997, C++ and object orientated programming had already won over the experiments, and people were turning up and pitching their solutions. But the new and controversial issue was Linux vs Windows NT: whether to go from a mix of VMS and Unix on proprietary hardware, onto Linux or Windows in PC's, as it was increasingly clear that PC-based hardware would be considerably cheaper. (I was there with my Linux binaries and RPMs of the CERN Program Library, which were redistributed by CERN itself until around 2000.)

This year, the Gartner Group's Hype Cycle graph appeared more than once, with the claim that the grid is now on the "Plateau of Productivity" (we'd better be, since almost all the distributed LHC computing production work is being done via the grid!)

In the security area, I gave an oveview of recent updates to GridSite's security toolkit (which was very similar to my talk in June but with "will do" replaced by "have done"...) I did have time to outline my feelings about identity federation: something we've managed to avoid in grids so far, but which is becoming more pressing as username/password based systems interact more with elements of the grid world, and with users used to the convenience of X.509 user certificates in their browser. In short, we seem to be expecting sites to do local identity federation, which isn't so bad for a few large sites like CERN (who are unifying username/password, kerberos and X.509 access with a single sign-on page), but it's not going to scale if every site or interactive service needs to do it.

On the photography front, CHEP always has interesting excursions - this time, whale watching - but instead I went and took some photographs around Victoria on the free afternoon, especially the harbour and the seaplanes:

A short video of a seaplane landing (done with a still camera in video mode, at 12x optical zoom):

Pictures of the conference hotel and seaplanes landing and taxiing:

Empress hotel Landing Taxiing

GridPP18 in Glasgow
Thu 22 March 2007 11:03am

Most of my talks at collaboration meetings are status reports, but this time I did an overview of the "credential soup" of abbreviations and acronyms in the security area, including X.509, GSI, CAS, LDAP-VO, GACL, VOMS, XACML, SAML, Shibboleth, VOM, WS-Sec, ...

This talk also kicked off with a new concept: "Grid projects typically generate one new acronym for every 10,000 lines of code" (McNab's Law of Grid Acronyms!)

There are some new ideas on the (web) horizon, like OpenID and Shibboleth, but the credentials side of things is pretty much sorted in EGEE/LCG now. However access policies, and how to maintain them in production at sites, is still up in the air - with a mixture of solutions on offer and some big gaps.

GridSite and Subversion
Fri 15 December 2006 12:12pm

In the last couple of weeks I've been looking at adding support to GridSite for the Subversion version control system (ie like CVS). It's interesting from a GridSite point of view because the server side comes in the form of modules which extend Apache, and the network protocol is just WebDAV. It's been brought up before that there might be some useful overlaps here, and Alessandra Forti who runs the Tier-2 here in Manchester suggested it again last month (as part of managing configuration files for grid installations using Subversion.)
Read more ...

MWSG at CERN and Escalade
Fri 17 November 2006 11:11am

Chocolate marmite pot I've not been back to annual Escalade in Geneva since 2001 and I didn't again this year. But the chocolate cooking pots ("les marmites") filled with sweets were there in Migros at the airport, so brought one back to show some sceptics back in Manchester. However, I'd forgotten (didn't know?) that the yellow and red "fruit pastille" sweets contain explosive bangers like Christmas-crackers, so I and a very helpful member of the airport security staff removed the bangers and rewrapped the sweets one by one...

All Hands Meeting, 2006
Fri 22 September 2006 1:09pm

GridSite delegation The UK e-Science All Hands have been at the University of Nottingham for the last few years, and this year was Manchester HEP's best showing yet: as well as my poster on GridSite delegation and PPARC stand talk on LCG/EGEE/GridPP security, Joseph Dada presented our work on Shibboleth extensions to GridSite and his certificate-based Identity Provider; Yibiao Li talked about the bulk data transfer client and server he's done based on HTTPS and GridSite's GridHTTP; and Mike Jones talked about the NGS and GridPP VOMS services run here by him, Alessandra Forti and Sergey Dolgobrodov.

Switch to list of all blogs

Contact info
Dr Andrew McNab,
Department of Physics
 and Astronomy,
University of Manchester,
Manchester,
United Kingdom,
M13 9PL

Andrew.McNab@cern.ch
Phone: +44-161-306-6474
Fax: +44-161-273-5867

Talks I've given

Recent blogs
- CHEP 2007, Victoria, Canada
- GridPP18 in Glasgow
- GridSite and Subversion
- MWSG at CERN and Escalade
- All Hands Meeting, 2006
- GridSite Storage
- Fort L'Ecluse
- CERN and WLCG
- SlashGrid Reloaded
- AMPPS building site (or "No More Trees, II")

© 2004-6 Andrew McNab <Andrew.McNab@manchester.ac.uk>