On Mon, Dec 05, 2005 at 12:29:29PM +0000, David McBride wrote:
> On Mon, 2005-12-05 at 11:58 +0100, Markus Schulz wrote:
> > Dear ROC, CIC, and Site Managers,
> >
> > since quite a while an authenticated version of R-GMA has been
> > around. Up to now we have run R-GMA in a mode where the service could
> > be used with or without authorization.
>
> To be precise, R-GMA can be used with our without *authentication*.
> Authorization has not been implemented.
>
> > As most of you are aware, in depth discussions between the grid
> > security experts have taken place and it became clear that switching
> > to the more secure authenticated access will be a significant
> > improvement.
>
> Authentication is better, yes.
>
> But is it _really_ a good idea to deploy a distributed database that has
> no support for selective access control? This looks like a disaster
> waiting to happen!
R-GMA is **not** a distributed data base as this would imply wide area
transaction management.
> (What uses R-GMA, anyway? My understanding is that only the current
> accounting system uses it..)
SFTs, gridftp monitoring, job status, APEL etc. In the gLite code
there is also an R-GMA information buyer instead of getting
imformation from BDII.
Steve
|