AAI on the worker nodes
MUPJ before the WN:
Suggestion: Job Credential Propagation and Job Credential Delegation need to be thought of as one
issue to solve as a whole?!
MUPJ on the WN:
Pilot Credential Protection
Job Isolation
Job AAI - Logging Only
Job AAI - Run Or Reject
Proposal for the technical walkthrough:
Getting Requirements
What do we need to prove to whom?
Users <-> VO <-> Sites ?! Any more players?
Prove a job's execution? Prove data origin?
When/why do we actually need AAI on the WN?
For VO-internal purpose?
For reasons of liability?
For forensics?
Analysis of what's there
proxy certificates
single user pilots running multi user jobs?!
Analysis of what could be there (actually used)
gLExec
gLExec+X
something completely different
Where do we go from here ...?
AAIWNSummaryDraft
See attachments for summary documents.