[kepler-dev] GlobusProxy actor

Norbert Podhorszki pnorbert at cs.ucdavis.edu
Fri Feb 24 11:42:19 PST 2006 

On Fri, 24 Feb 2006, Zhijie Guan wrote:
> I am not quite sure what GlobusProxy does. But if you have the DOEGrids 
> certificate, you can generate your proxy by using "grid-proxy-init" or

The same what grid-proxy-init does, but you do not need a globus-gis 
install on your machine for that.

> MyProxy. You can run your workflow based on that proxy till your proxy 
> expires.
I have no access to any MyProxy server where I could store my cert.

Both solutions are command-line workarounds, which are to be managed 
outside Kepler. Which is not nice for a GUI based fancy workflow system. I 
mean, a "Now, please, open a terminal, issue the command xxx and then I 
can continue. Thanks, Kepler" dialog would look funny during the workflow 
execution, wouldn't it?

Is there an actor in Kepler, that gets a proxy from a MyProxy server?

> The Kepler authentication framework can help you get the proxy directly. You 
> don't even need a certificate installed on you machine. Basically you just 
> need an account and password. The authentication framework will generate the 
> proxy based on your certificate stored on the GAMA server.
>
> I doubt DOEGrids uses GAMA server as its front. So Kepler authentication 
> framework may not help in your case.

I doubt too. I have not seen any sign of that on the web. PPDG is working 
on MyProxy and One-time-passwords regarding DOEGrids support.

Eventually, humankind will end up again with as many solutions for one 
problem as many people point their attention on solving it. So Kepler, and 
other such front-end tools, will have to provide as many blackbox tools 
(i.e. actors), as many projects they support.
C'est la vie.

> Another benefit for using Kepler authentication framework is that it is

The real benefit for me would be if it were not me who has to implement an 
actor to satisfy my needs.

> designed (though current GAMA server does not support) to automatically renew 
> your proxy so you don't need to re-login after each 12 hours (default expire 
> time for a proxy) when you execute a long-running workflow.
>
> Please let me know if DOEGrids does use GAMA server. I will be happy to 
> integrate DOEGrids into our authentication framework.

Is flexible GAMA enough to put an
  1. existing,
  2. DOEGrids certificate 
into the MyProxy component of the
  1. existing GAMA server with
  2. a different CACL
and create a user/pwd for me? So that I can get the proxy easily.
Then comes the question whether the admins of that GAMA allow us to do 
that (planting an alien certificate in their system).

So this is the way round: you do not need to integrate DOEGrids into the 
authentication framework but you need to let an existing GAMA accept my 
certificate.

Please, advise
Norbert

More information about the Kepler-dev mailing list