iSGTW - International Science Grid This Week
iSGTW - International Science Grid This Week
Null

Home > iSGTW - 26 May 2010 > Feature - ARGUS keeps a sure watch always

Feature - ARGUS keeps a sure watch always


Upon the death of Argus, Hera honored her faithful watchman by gathering his many eyes and placing them on the tail of a peacock. Image courtesy Gari.Baldi, under Creative Commons license.

In classical Greek mythology, a multi-eyed, insomniac giant named “Argus” was employed by Hera to keep an eye on the doings of her husband Zeus — mightiest of gods.

Argus was extremely vigilant; an ancient poet wrote that “. . . sleep never fell upon his eyes; but he kept sure watch always.”

So it was appropriate that “ARGUS” became the name of a newly created authorization service to observe and protect Europe’s grid infrastructure. Overseen by the European Grid Infrastructure (which is in turn coordinated by the European Grid Initiative), ARGUS is designed to be a secure and efficient means of offering a single authorization and authentication point for multiple services.

ARGUS works in a series of steps. First, users must present a claim or credential stating they have a right to use the infrastructure. Next, this evidence must be authenticated (verifying that the person is really who they say they are) and then authorized (given the green light that they really have the right to access certain resources). Only then can their job run on the grid.

A new watchdog in town
ARGUS was developed from scratch, under a partnership between four institutions: SWITCH of Switzerland; INFN of Bologna, Italy; HIP of Finland; and NIKHEF of The Netherlands. It is a stand-alone service that internally uses a “standards-based policy language” — a single point of decision for different services which have to authorize users to perform actions on the resource. Other services will be integrated as time progresses, the next being the CREAM computing element.

The god Zeus, disguised as a cloud, embracing a mortal. By the artist Antonio da Correggio. Image courtesy Wikipedia under  Creative Commons license.

How is this different from the old way? Previously, different services had different codes for performing authorizations.

Because they were run on different parameters, the same decision was not always taken. In addition, with many pieces of code trying to accomplish the same task, things easily became very complicated. This hodge-podge also made maintenance a nightmare.

Now, however, there is only a single point of maintenance. In addition to streamlining and efficiency, there is another benefit as well — ARGUS  acts as a single point for opening and closing access to the grid. So, if a computer security team identifies people who are known abusers of the system, they only have to deal with a single point for cutting access to the entire infrastructure, thus making a global banning list easier.

Individual sites can then easily refer to this blacklist when trying to separate malicious users from good users who have had their credentials compromised.

ARGUS is now available for installation at grid sites, and more information can be learned through the ARGUS wiki. The service will continue to be developed through EMI.

“Now, crucially, we would like user feedback,” says Christoph Witzig of SWITCH, one of the developers. “Once we know what users like about it — and importantly what they don’t like — we can incorporate that feedback in to the next version we issue.”

In the absence of wrathful gods, ARGUS will keep all eyes on the task at hand.

—Danielle Venton, EGEE
Tags:



Null
 iSGTW 22 December 2010

Feature – Army of Women allies with CaBIG for online longitudinal studies

Special Announcement - iSGTW on Holiday

Video of the Week - Learn about LiDAR

 Announcements

NeHC launches social media

PRACE announces third Tier-0 machine

iRODS 2011 User Group Meeting

Jobs in distributed computing

 Subscribe

Enter your email address to subscribe to iSGTW.

Unsubscribe

 iSGTW Blog Watch

Keep up with the grid’s blogosphere

 Mark your calendar

December 2010

13-18, AGU Fall Meeting

14-16, UCC 2010

17, ICETI 2011 and ICSIT 2011

24, Abstract Submission deadline, EGI User Forum

 

January 2011

11, HPCS 2011 Submission Deadline

11, SPCloud 2011

22, ALENEX11

30 Jan – 3 Feb, ESCC/Internet2

 

February 2011

1 - 4, GlobusWorld '11

2, Lift 11

15 - 16, Cloudscape III


More calendar items . . .

 

FooterINFSOMEuropean CommissionDepartment of EnergyNational¬†Science¬†Foundation RSSHeadlines | Site Map