EGI/PRACE Accounting meeting, 20/07/2012 ======================================== PARTICIPANTS EGI . Tiziana Ferrari/EGI Chief Operations Officer . John Gordon/EGI Accounting coordinator . Emir Imamagic/EGI Integrations coordinator . Peter Solagna/EGI Operations Manager PRACE . Jules Wolfrat/PRACE Operations . Vincent Ribaillier/PRACE AAI and security Introduction/T.Ferrari ====================== Overview of MAPPER accounting requirements EGI Accounting/J. Gordon ======================== EGI ACcounting portal provides information about summaries, access to user information is restricted. EGI accounting provides also information from resource providers that have an own accounting DB infrastructure: e.g. OSG, NGI_NDGF, NGI_IT. From these infrastructures, a subset of VOs are published. The apel client uses activeMQ as communication channel and Secure StoMP Messanger is an APEL protocol implemented on top of messaging. DB insertions into the central accounting DB of EI are possible for historical reasons, but SSM is being tested to publish summaries to replace direct DB insertions. EGI has contacts with GridSafe for publishing of accounting for GLOBUS resources. SSM will be supported by GridSafe but this is in its implementation phase (this feature will be released for the first time at the end of Septembr 2012). A test infrastructure is available for SSM testing. The Usage Record format of EGI is based on the OGF usage record old standard but this is being revised in collaboration with EMI (CAR for compute and STAR for storage). Security: the EGI security policy on accounting sets varius conditions. User DN is encrypted when distribued within URs, access to accounting information is restricted depending on who is viewing information, eg. only VO managers can see user DN information. Others only see anonymized accounting information. The retention of personal information is also defined: currently the duration is set to 12 months but it is being rediscussed. We keep VO based summaries but user information is removed. PRACE Accounting/J. Wolfrat =========================== Each sites has a DB where accounting data is stored. A connection to a site DB to export accountng data in xml format is possible (OGF UR format is supported). DART is a client (java application that can run on laptop), which allows a connection to the DB. The application retrieves information which is locally displayed. Access to the DB of interest is automated and handled by the application. ACCESS policy - user can only know infor about own usage - project user can see complete aggregate accouting information for users from the same project - site admin can see accounting information for the own site The PRACE central repository is based on gridsafe sofware, which retrieves summaries from local db and stores in gridsafe repository The gridsafe repo access policy is the same as for the DART client. Gridsafe was adapted to PRACE requirements. We should sicuss what the interface to gridsafe repository should be. PRACE sites do not want to export their data outside, but a project community is also owner of the accounting data, so if they request this, the export of their accounting data is allowed by the current security policies. ACTION: Jules to organize a technical meeting during August with S. Booth to understand the feasibility of a technical integration. ACTION: Jules to contact S. Booth to see who can attend the TF12 EGI/PRACE workshop: https://indico.egi.eu/indico/conferenceTimeTable.py?confId=1019#20120918 All relevant PRACE people are invited to join.