11-14 April 2011
Radisson Blu Hotel Lietuva, Vilnius
Europe/Vilnius timezone

Supporting SRM over SSL in EMI

11 Apr 2011, 14:30
30m
Lambda (Radisson Blu Hotel Lietuva, Vilnius)

Lambda

Radisson Blu Hotel Lietuva, Vilnius

Oral Presentation Data Management - Technology EMI: Software for Distributed Computing Infrastructures

Speaker

Paul Millar (DESY)

Description of the work

Within the EMI project, work has started to first understand how SRM may be used over a standard SSL transport and then to extend the existing SRM clients and servers to achieve this. Since SSL does not provide a delegation mechanism, this work also involves establishing an alternative delegation mechanism for SRM. This work is in conducted in collaboration with the SRM software providers outside the EMI.

Overview

SRM v2.2 is a standard protocol that allows end-users to manage their stored data and negotiate with which protocol data is to be transported independently of which software is deployed. Storage software that supports SRM v2.2 is widely deployed within WLCG: there are currently over 400 SRM v2.2 endpoints registered.

The SRM protocol uses Globus' Grid Security Infrastructure (GSI) protocol as both a secure transport for sending messages and mechanism to allow delegation. Delegation is the process where an SRM server obtains a short-lived credential from a user, allowing the server to act on behalf of that end-user. Such delegation is required for some SRM operations.

GSI has several drawbacks: it isn't a standard, there is only one provider of GSI software libraries, and it is incompatible with SSL, the current standard secure transport. This leads to duplication of code, as software that some grid software uses SSL while others use GSI.

Conclusions

Using the SRM protocol over standard SSL brings several advantages. In this paper, we discuss these advantages, present the progress in supporting SRM over SSL and detail the future plans.

Impact

Allowing clients and servers to use the standard SSL protocol brings several benefits. It allows storage software providers to choose which security implementation to use, potentially bringing performance gains. It also allows better tools for diagnosing problems and consolidation of software towards standards: one of the aims of the EMI project.

Primary authors

Alex Sim (Lawrence Berkeley National Laboratory) Giuseppe Lo Presti (CERN) Jean-Philippe Baud (CERN) Patrick Fuhrmann (DESY) Paul Millar (DESY) Ricardo Rocha (CERN)

Presentation Materials