Attending: David, Gareth, Raja, Jens, Wahid, Duncan, Govind, Chris, Sam, John H, Ewan, Brian, Elena, John B, Robert, Steve, Dave, Rob, Adam, Pete 1. HTTP and DAVIX and stuff WebDAV available for user download, ie reading files. RUCIO is the ATLAS catalogue, supports metalinks. DAVIX is basically a library to support the full range of the HTTP protocol, or at least the part of the full range which is useful to HEP and HPC. Also, it somehow supports 3rd party copying with FTS3, but we don't know how... But it will still be possible to use standard clients like curl and browsers, with the caveat that if you need to carry your authorisation attributes you will generally need a grid proxy, so you will need a proxy-aware client. Which browsers in particular aren't. In other projects, OAuth has been used 2. DiRAC 3. Big data revisited [10:10:46] Jens Jensen Sounds like OAuth... [10:13:12] Brian Davies in [10:14:54] Ewan Mac Mahon Just so we're clear - no-one's actually talking, right? [10:15:06] Christopher Walker Jens and I are talking [10:15:10] Ewan Mac Mahon Damn. [10:15:19] Ewan Mac Mahon I'll go out and back in again. [10:15:21] Sam Skipsey Try using the JANET1_UK panda [10:15:27] Ewan Mac Mahon Sadly, I am. [10:15:33] Sam Skipsey Hmph [10:15:35] Ewan Mac Mahon It's a sad panda. [10:17:22] Ewan Mac Mahon Ooh. I hear voices. [10:26:13] Jens Jensen DiRAC: https://www.stfc.ac.uk/1263.aspx [10:28:10] Jens Jensen https://cts.ngs.ac.uk [10:28:32] Sam Skipsey If they already have ssh keys, can't we simply make x509 certs from those? [10:29:12] Ewan Mac Mahon Or can't we simply have the Dirac folks trust our X509 stuff? Someone's got to move, but we might as well move in the right direction. [10:29:29] Ewan Mac Mahon This is making our stuff worse, not theirs better. [10:31:23] Sam Skipsey (openssl is perfectly capable of shucking the actual publickey out of an x509 cert, so yes, we could go in that direction, Ewan - but the problem would be that ssh authentication generally uses explicitly trusted keys on the login architecture, not cert chains) [10:31:48] Ewan Mac Mahon Right, but as Jens is now describing; they need something that does what our thing does. [10:31:57] Sam Skipsey Quite so. [10:32:02] Ewan Mac Mahon The obvious jump seems to be to use our thing. [10:32:19] Sam Skipsey I was thinking about how you start doing this - so you need a legacy support thing for all their services that need to work *now* [10:32:33] Ewan Mac Mahon Especially if the janet thing isn't going to solve the same problem. [10:33:00] Duncan Rand moonshot? [10:33:07] Jens Jensen Yes, moonshot [10:33:19] Ewan Mac Mahon Right - you add a gsi-ssh service to all their ssh servers, and some people log in with shiny new VOMSed X509, and some people carry on logging in with good old SSH [10:33:30] Ewan Mac Mahon Instant transition plan. [10:33:31] Sam Skipsey Fair enough. [10:33:50] Sam Skipsey Although that does mean that people need to get new credentials. [10:34:10] Sam Skipsey I was thinking about how you try to avoid that, since these Dirac people *already have* credentials, just not x509 ones. [10:34:23] Ewan Mac Mahon People that don't shift get exactly what they've got now, people that do have (more or less) transparent access to anything that uses X509 [10:34:56] Sam Skipsey Hm, maybe I'm worrying too much about transparent switch over. [10:34:59] Ewan Mac Mahon That's true, but I think that's worth doing; we can't get the advantages of VOMS et al with short-term certs like sarongs ones. [10:35:12] Ewan Mac Mahon (I have to say, I'm not a big fan of moonshot either) [10:36:01] Sam Skipsey Oh, indeed, any persistent authorisation-based mapping system needs to be able to tell who people are, and Sarongs is not that helpful for that. [10:36:29] Sam Skipsey (Not that I am convinced that VOMS is really a perfect solution for authorisation either.) [10:36:39] Ewan Mac Mahon Fundamentally, we have a reall, really good thing. And that's a critical point. [10:38:02] Ewan Mac Mahon Moonshot, btw, seems to do similar things as shiboleth but in a really awkward manner, and not actually get you terribly much new. [10:38:31] Ewan Mac Mahon There's a whole load of interesting stuff that seems to be out of scope, and other things that are required that it doesn't impose. [10:39:46] Ewan Mac Mahon So it looks like you could build (say) a moonshot compliant X509 based system, and a moonshot compliant username/password based system, but they wouldn't be able to talk to each other. [10:40:26] Ewan Mac Mahon There's a lot of clever stuff in moonshot, but it's not clear what the beneficial use cases actually are. [10:40:45] Ewan Mac Mahon Or at least, I'm not clear on that, and I have tried paying a bit of attention at intervals. [10:40:51] Jens Jensen Edinburgh would be great... [10:44:07] Christopher Walker Big data: Link to fasterdata.es.net for data [10:44:51] Duncan Rand analytics [10:45:48] Sam Skipsey (Glasgow also has some big data people, which we could talk to (in fact, we have talked to them before)) [10:46:07] Christopher Walker At the cloud and big data show last week, aspera were showing off some technology to move data around. [10:46:22] Christopher Walker It used UDP rather than TCP [10:46:26] Duncan Rand who actually wants to move data around? [10:46:39] Sam Skipsey Well, WLCG VOs, Duncan [10:46:50] Duncan Rand apart from them! [10:47:30] Ewan Mac Mahon We should invite GCHQ to the big data meeting just for a laugh. [10:47:42] Sam Skipsey I certainly know of some biomedical people who have wanted to move data around, and some meterologists. [10:48:06] Brian Davies .http://indico.cern.ch/category/4866/ [10:48:07] Ewan Mac Mahon Lots of people seem to want to move data around for similar reasons to those that we do. [10:48:54] Ewan Mac Mahon And small/medium user communities often seem to have the situation of needing to take advantages of resources that exist, rather than building their own. [10:49:53] Adam Huffman Chris - was that show any good? I couldn't make it in [10:52:47] Christopher Walker I ended up chatting to people rather than going to the talks - which I think was a mistake. 10:53:27] Ewan Mac Mahon Are these shows something we should consider presenting at, or are they just for organisations with big bucks? [10:53:45] Christopher Walker Ian Bird gave a talk on the Wednesday. [10:56:32] Brian Davies wahid, what ios your webdav endopoint? [10:56:32] Christopher Walker Jeremy Coles went to some of the talks.