[gin-auth] GIN VO Usage Rules.
Stephen M Pickles
Stephen.Pickles at manchester.ac.uk
Tue May 2 20:06:24 CDT 2006
I think an AUP could be in scope of GIN. To be achievable in the near
term, it'd have to be quite vague, focusing on the spirit of use
(else you get bogged down in trying to agree a self-consistent
superset of pre-existing AUPs).
Many grids have had to define an AUP or equivalent. You'll know from
your own experience within a single country that this is non-trivial.
Doing this across countries is harder, because you lose the sub-strata
of common law, language and culture.
Trying to do something like this for the "GIN Grid" doesn't really make
sense, because GIN is not a grid. At best it's a loose federation of grids,
without common infrastructure.
The GIN VO (or at least its membership) is better defined, and it could
have an AUP. What's interesting about an AUP for the GIN VO is that
it should cover acceptable use on _all_ grids which its members use.
The only cases I've encountered where VOs have their own AUP is EGEE,
and the AUPs I've seen for these VOs are worded in such a way that
they apply to its members use of "the Grid" (meaning EGEE).
Now suppose that your grid is asked to support such a VO. It's
AUP doesn't help you very much. You don't want to have to consider
whether that VO's AUP covers the minimum requirements of your
grid's AUP (because that would set a bad precedent - you wouldn't
want to have to do this for every VO you might one day support;
it doesn't scale). More likely, you'll just provisionally support
the VO (i.e. give its members access, and recognise (and trust) it as
being authorative in vouching for its members' status), and be prepared
to revoke that support if YOUR AUP, not the VO's AUP, is breached.
That's the approach we've decided to take in the UK's NGS.
A GIN VO AUP might just say "thou shalt behave well" (Mike's "fair play"
clause). (Mike's "low usage" clause is probably a good idea too.)
As a provider, I'd prefer that it went a little further and included
a "when in Rome" clause, e.g. "behaving well means that when you
use the resources of a grid, you abide by the acceptable use
policies of the grid that provides them to you".
> -----Original Message-----
> From: owner-gin-auth at ggf.org [mailto:owner-gin-auth at ggf.org]
> On Behalf Of David Bannon
> Sent: 03 May 2006 01:14
> To: gin-auth at ggf.org
> Subject: Re: [gin-auth] GIN VO Usage Rules.
> Now, I know its a bit late to respond to this as its "sort
> of" resolved.
> But I'd like to look at it from a longer term point of view. In many
> ways, a Usage Rules template might just be within scope of
> this group's
> role. Its something everyone will need eventually and easier done
> earlier and centrally than after the things are in production.
> We here in Australia have been looking at producing an AUP (acceptable
> use policy) based on our eight members policies and its an interesting
> experience. We have some pretty silly things in there
> (especially at my
> site!). See http://www.vpac.org/twiki/bin/view/APACgrid/AcceptableUse
> The secret seems to be to isolate the non grid things, so the result
> might just be something the grid community generally is interested in.
> We're no different....
> So, what do people think ? Is a AUP a part of this groups interests ?
> David Bannon D.Bannon at vpac.org
> APACGrid CI Project Leader www.vpac.org/apacgrid
> VPAC Systems Manager www.vpac.org
> P: +61 3 9925 4733 M: 0418 525687
> Humpty Dumpty was pushed !
> On Sun, 2006-04-30 at 18:05 +0100, Mike 'Mike' Jones wrote:
> > Hi folks,
> > This is perhaps a tad pedantic (apologies for that) but,
> > I'm at the point where I want to register with the
> gin.ggf.org VO VOMS.
> > However, I have to click the "I have read and agree to the
> VO's Usage
> > Rules". I can't find a definition of what these are.
> > I'm guessing that the rules are just something along the lines of:
> > This is a test VO for grid inter-operation and therefore
> this VO's rules
> > are only vague fair play rules and low usage rules.
> > Before I continue with the registration, is there actually a proper
> > definition somewhere or can we assume the above?
> > Thanks,
> > Mike
More information about the gin-auth