Just answer Jens' point. You can already "View by VO" (as well as by RB
etc) using the control panel.
Jeremy, what do you mean about the data being pulled from the RBs being
unencrypted. Do you mean that you are worried that this data could be
"sniffed" by somebody or something else?
All the best,
david
On Thu, 25 May 2006, Coles, J (Jeremy) wrote:
> Hi David
>
> Just to add to Jens's response.
>
> One of the issues faced by APEL is that some ROCs/countries regard the
> DN as personal information and therefore it should remain private. The
> APEL response is to allow 3 levels of viewing:
>
> 1) Anonymous
> 2) User level based on the DN
> 3) VO level using the VOMS proxy (userFQAN) - gridsite can use VOMS info
>
> The background to all this would suggest that your own option 3 is not
> the way to go just yet. However, the data being pulled from the RBs at
> the moment is unencrypted anyway!
>
> Jeremy
>
>> -----Original Message-----
>> From: Testbed Support for GridPP member institutes [mailto:TB-
>> [log in to unmask]] On Behalf Of Jensen, J (Jens)
>> Sent: 25 May 2006 15:16
>> To: [log in to unmask]
>> Subject: Re: Should our Real Time Monitor publish the user DN?
>>
>> You probably know this but Dave Kant implemented encryption stuff
>> for APEL. It takes the DN, adds random stuff which includes
>> timestamp IIRC, and encrypts it with an RSA public key and sends
>> it off to the central db where it's decrypted. The random
>> stuff prevents the same user from being sent as the same
>> encrypted message every time...
>>
>> Maybe it's ok to say that so-and-so is running a job without
>> saying what the job is? The only personal information in the
>> DN is the CN, and that's just the name (the OU and L are
>> specifically *not* saying anything about affiliation).
>>
>> But perhaps it's better to keep it anonymous, or how about
>> colouring by VO. BTW, I love your serendipitous typo: anonymouse. :-)
>>
>> Just 0.02. And just personal opinion - the CA has no opinion
>> on this matter :-)
>>
>> Cheers,
>> --jens
>>
>> -----Original Message-----
>> From: Testbed Support for GridPP member institutes
>> [mailto:[log in to unmask]]On Behalf Of Dr D J Colling
>> Sent: 25 May 2006 11:56
>> To: [log in to unmask]
>> Subject: Should our Real Time Monitor publish the user DN?
>>
>>
>> Dear *,
>>
>> As many of you know we have a real time monitor that tracks jobs
> around
>> the grid and displays it on a map. For those of you who don't haven't
> seen
>> it you can find it at http://gridportal.hep.ph.ic.ac.uk/rtm/. We also
> make
>> the real time data (as flat files or XML files) available to others
> and
>> finally we publish daily summaries of activities (as flat files or
> root
>> trees).
>>
>> Now, we have always said that we while we gather the information as to
>> what user is doing what we would not publish it (except perhaps as an
>> anonymised hash ... currently we don't even do this). This is because
> of
>> various worries about privacy laws in various European countries. We
> have
>> never looked at these laws but understand that some people get very
>> worried about these things.
>>
>> However, we have had a number of requests from people on the
> experiments
>> and individual users to publish this information. We have always
> politely
>> declined to do so. However, so many other people are doing this, the
>> RGMA RB monitoring, the MonaLisa job monitoring etc that I feel that
> we
>> should review our policy. Essentially we have 3 options:
>>
>> 1. Stay as we are where everything is anonymouse.
>>
>> 2. Publish the information for a specific user only to that user. The
> user
>> being identified through loading their certificates into the browser
> they
>> are using for the query.
>>
>> 3. Openly publish the information about each user. This is what others
> are
>> doing.
>>
>> We would appreciate feedback from the community as to which route to
> take.
>> We want to be both useful and legal (if possible)...
>>
>> All the best,
>> david
>
>
|