Hi David
Just to add to Jens's response.
One of the issues faced by APEL is that some ROCs/countries regard the
DN as personal information and therefore it should remain private. The
APEL response is to allow 3 levels of viewing:
1) Anonymous
2) User level based on the DN
3) VO level using the VOMS proxy (userFQAN) - gridsite can use VOMS info
The background to all this would suggest that your own option 3 is not
the way to go just yet. However, the data being pulled from the RBs at
the moment is unencrypted anyway!
Jeremy
> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Jensen, J (Jens)
> Sent: 25 May 2006 15:16
> To: [log in to unmask]
> Subject: Re: Should our Real Time Monitor publish the user DN?
>
> You probably know this but Dave Kant implemented encryption stuff
> for APEL. It takes the DN, adds random stuff which includes
> timestamp IIRC, and encrypts it with an RSA public key and sends
> it off to the central db where it's decrypted. The random
> stuff prevents the same user from being sent as the same
> encrypted message every time...
>
> Maybe it's ok to say that so-and-so is running a job without
> saying what the job is? The only personal information in the
> DN is the CN, and that's just the name (the OU and L are
> specifically *not* saying anything about affiliation).
>
> But perhaps it's better to keep it anonymous, or how about
> colouring by VO. BTW, I love your serendipitous typo: anonymouse. :-)
>
> Just 0.02. And just personal opinion - the CA has no opinion
> on this matter :-)
>
> Cheers,
> --jens
>
> -----Original Message-----
> From: Testbed Support for GridPP member institutes
> [mailto:[log in to unmask]]On Behalf Of Dr D J Colling
> Sent: 25 May 2006 11:56
> To: [log in to unmask]
> Subject: Should our Real Time Monitor publish the user DN?
>
>
> Dear *,
>
> As many of you know we have a real time monitor that tracks jobs
around
> the grid and displays it on a map. For those of you who don't haven't
seen
> it you can find it at http://gridportal.hep.ph.ic.ac.uk/rtm/. We also
make
> the real time data (as flat files or XML files) available to others
and
> finally we publish daily summaries of activities (as flat files or
root
> trees).
>
> Now, we have always said that we while we gather the information as to
> what user is doing what we would not publish it (except perhaps as an
> anonymised hash ... currently we don't even do this). This is because
of
> various worries about privacy laws in various European countries. We
have
> never looked at these laws but understand that some people get very
> worried about these things.
>
> However, we have had a number of requests from people on the
experiments
> and individual users to publish this information. We have always
politely
> declined to do so. However, so many other people are doing this, the
> RGMA RB monitoring, the MonaLisa job monitoring etc that I feel that
we
> should review our policy. Essentially we have 3 options:
>
> 1. Stay as we are where everything is anonymouse.
>
> 2. Publish the information for a specific user only to that user. The
user
> being identified through loading their certificates into the browser
they
> are using for the query.
>
> 3. Openly publish the information about each user. This is what others
are
> doing.
>
> We would appreciate feedback from the community as to which route to
take.
> We want to be both useful and legal (if possible)...
>
> All the best,
> david
|