Globus support after Dec 31 2017 will be focused on security fixes for GCSv4 and GSI (and critical bug fixes).
XSEDE is sponsoring these events because we want to understand community needs. This is an opportunity to re-assess our community needs and to better understand our use cases.
Suggestion that we focus on use cases rather than existing implementations.
Need an impact assessment among the communities. And what are the proposed solutions? Opportunity to migrate to new things together?
Where should we get our credentials (compatible with Globus and other technologies)?
Answer: from an InCommon IdP, Google, Orcid, or XSEDE (others can be added to Globus)
Globus Auth is the core of Globus future plans. Based on OAuth2 / OpenID Connect standards.
Does Globus expect most users to get identities from InCommon? Google and ORCID are also supported. Others identity providers can be added. XSEDE is also an identity provider.
If we're using Globus Auth now, do we need to use X.509 at all? Once the new Globus software is available, you won't need X.509, except you still need X.509 server certs for HTTPS. Globus is getting rid of X.509 user certificates (and proxy certificates).
Users need time to transition. Suggested: 6 months.
SSH for Globus Auth will be delivered later this year.
Will OpenSSH patches be required? OpenSSH server may need to be patched for username mapping. Use case at NICS using Duo for authentication with username mapping.
GCSv5 will be a completely separate source code base. GCSv5 runs on a different port than GCSv4 and GT6 GridFTP. GCSv5 is a completely new data service.
XSEDE
Some XSEDE gateways still use GRAM. LSU and TACC still run GRAM services.What is impact for X.509?
How will this integrate with XSEDE account management (e.g., AMIE)? Probably some AMIE changes will be needed.
What happens with XSEDE gateway community credentials? Can XSEDE replace gateway-submit-attributes?
XSEDE Service Provider (SP) Forum is gathering XSEDE's use cases.
XSEDE deployment timeline?
End of 2017: Have a plan, start evaluating options, start preparing solutions
January thru June 2018: finish preparing solutions and start migrations
End of June 2018: 6 months to finish migrate by end of 2018
Good to have a set of questions for people to prepare answers to in preparation for the meeting. Enumerate use cases / impacts. Present proposed solutions.
Here is the statement from OSG software team I mentioned in the meeting:
http://osggoc.blogspot.com/2017/07/?m=1
BoF notes
Thanks to the following in-person participants:
Slides:
Globus announcement:
Globus support after Dec 31 2017 will be focused on security fixes for GCSv4 and GSI (and critical bug fixes).
XSEDE is sponsoring these events because we want to understand community needs. This is an opportunity to re-assess our community needs and to better understand our use cases.
Suggestion that we focus on use cases rather than existing implementations.
Need an impact assessment among the communities. And what are the proposed solutions? Opportunity to migrate to new things together?
Where should we get our credentials (compatible with Globus and other technologies)?
If we're using Globus Auth now, do we need to use X.509 at all? Once the new Globus software is available, you won't need X.509, except you still need X.509 server certs for HTTPS. Globus is getting rid of X.509 user certificates (and proxy certificates).
Users need time to transition. Suggested: 6 months.
SSH for Globus Auth will be delivered later this year.
Will OpenSSH patches be required? OpenSSH server may need to be patched for username mapping. Use case at NICS using Duo for authentication with username mapping.
GCSv5 will be a completely separate source code base. GCSv5 runs on a different port than GCSv4 and GT6 GridFTP. GCSv5 is a completely new data service.
XSEDE
XSEDE deployment timeline?
End of 2017: Have a plan, start evaluating options, start preparing solutions
January thru June 2018: finish preparing solutions and start migrations
OSG
ELIXIR AAI
EGI
OSG-EGI may share the burden of maintaining GSI?
Opportunities for future discussions:
Any feedback about Globus communication? Announcement was clear.
Impacts on NSF Large Facilities? Large Facilities workshop coming up in September. Steve Tuecke from Globus will be attending.
What about levels of assurance? XSEDE has vetted and unvetted users. IGTF has multiple levels of assurance.Do we have connections to PRACE and EUDAT?
Invitation to participate in XSEDE discussion forum: