Visualisation Tool AA Scenario

From GEANT2-JRA1 Wiki

When a visualisation client (e.g., CNM or Nemo) is used, there are two kinds of AA interfaces. The user has to authenticate towards the visualisation client and the client has to authenticate towards the measurement framework. The latter authentication is performed using the interactions and policies defined by the framework, but some issues concerning the first interface have not been discussed in detail.

A simple methodology would be to somehow forward the user's credentials to the framework and to retrieve and provide data on-demand with respect to these credentials. This possibility would result in a quite simple AA interface for the visualisation tool, but the performance might not be satisfactory.

Therefore, it might be desirable that the visualisation tool caches frequently requested data (e.g., topology, current status, some metrics of general interest) using a special AA account to retrieve data from the framework. The data that is retrieved in this way might not be provided for every user. An example could be a Grid project for which detailed measurements are performed. These data might be requested frequently by project members, but should not be revealed to others. The visualisation tool therefore needs to have some kind of AA database to store the user identities and their rights.

Resulting issues:

  • Is it necessary to cache data with access restrictions according to users/user groups? If e.g. data with restrictions are quite seldom, then it might be acceptable just to forward users' credentials to the framework and just to cache unrestricted data.
  • If it is necessary to cache data with restricted access, how to manage these access rights? Should they be retrieved from the framework and updated at the visualisation tool in regular time intervals or on-demand by requesting the AA service?
  • How do the access rights look like? The proposal in the visualisation database schema is that they are dependent on the user group, metric, and domain (definition?, fine grained enough?).
  • How is the visualisation tool classified from the perspective of the framework? Is it seen as some kind of superuser?
  • How to choose which data should be cached (somehow dependent on the access frequency)? On which basis?
Retrieved from "http://wiki.perfsonar.net/jra1-wiki/index.php/Visualisation_Tool_AA_Scenario"
Personal tools