Advanced notice :
We will be upgrading wiki.geant.org from the current version of Confluence Server to the current LTS version 8.5. During the maintenance window we expect that there will be an outage of 20 minutes.
Maintenance start time: 22/10/2024 16:00 UTC. Maintenance end time: 22/10/2024 18:00 UTC.
Thursday
(unofficial pre-workshop part)
- 09:00–12:00 coffee & informal get-together, show each other stuff we do on our laptops
- 12:00–13:00 sandwiches
(official start)
- 13:00–13:30 intro, round of presentations, expectations
- 13:30–15:00 user stories (Things we'd be able to do in a perfect world, how we're trying to do them now)
- See the Etherpad for notes
- 15:00–15:30 coffee break
- 15:30–17:30 solutions I
- OpenStack's Federation (SAML in particular) capabilities
Recommended reading/watching:- "Identity federation in OpenStack - an introduction to hybrid clouds", M. Denis, J. Castro Leon, E. Ormancey and P. Tedesco, CHEP 2015 Proceedings
- OpenStack Summit November 2014 (Paris) talks: "Cloud Federation: Are We There Yet?" on "classic" federation, and "Keystone to Keystone Federation"
- Identity service at CERN Private Cloud (Jose Castro Leon)
- OpenStack and SAML integration (Andrea Biancini)— http://arxiv.org/abs/1510.04017 also an Outlook on OpenNebula multi-AA implementation by M. Héder
- Device Centric and Attribute Based Access Control in the ReCRED project (Claudio Pisa)
- Moonshot (Stefan Paetow)
- OpenStack's Federation (SAML in particular) capabilities
Optional evening program:
- 19:30 Social event: dinner at Reithalle http://restaurant-reithalle.ch (five-minute walk from SWITCH)
Friday
- 09:00–10:30 solutions II
- Moonshot + OpenStack demonstration (Alejandro Pérez Méndez)
- Patches that operators have in active use:
Can we help getting this integrated upstream?
Can we help them with testing in real infrastructure with users (in case of demo) - (OpenID Connect ... if someone is willing to talk about that)
- 10:30–11:00 coffee break
- 11:00–12:30 solutions III
- UKent (Chadwick et al.'s) work:
- Horizon GUI for managing mapping roles
- Using OpenStack to manage VOs (Virtual Organisations)
- Current research on managing AuthZ policies for heterogeneous distributed clouds
- UKent (Chadwick et al.'s) work:
- 12:30–13:30 sandwiches
- 13:30–14:30 gap analysis
- One output would be a table of SAML features in different OpenStack versions—Juno/Kilo/Liberty/Mitaka/...
- But also desired functions that aren't covered by existing/deployable software yet
- 14:30–15:30 next steps–how can gaps be addressed? Low-hanging fruit/priorities/assign actions
- 15:30 adjourn