Assessing traceability of user jobs in absence of end user certificates in glide in WMS framework

A systematic traceability study was conducted on two frontend/VOs to allow certificate free access to a significant resource provider (Fermilab (FNAL)), which previously required certificates. The specific frontends evaluated are OSG-XSEDE frontend (OSG VO) (June 2013) and CHTC frontends (GLOW VO) (March 2014). Based on the careful study we reached the following conclusions. The Glide in WMS has shown to possess significant tracing capabilities. We are satisfied that the system is capable of finding a finite set of users who run jobs at a given worker node at a given timeframe. Furthermore, the system can identify a unique owner for a Grid job at a worker node for a given timeframe. There are a few corner cases discussed in Section 4 that make tracing an individual user for a given job challenging. However, the likelihood of these cases being materialized is quite low; therefore, we are confident in Glide in WMS system's ability in providing traceability information without using end user certificates. Furthermore, when we compare running jobs in Glide in WMS without certificates against running jobs with certificates, we find that both operational modes have equivalent ability in providing traceability information. Having said that some improvements to the Glide in WMS system as discussed in Section 4 can enhance the system in a positive direction. However, the absence of these improvements should not hold back sites and VOs from adopting GlideinWMS system without the end user certificates. The conclusions and recommendations were presented to FNAL security team, for evaluation, since they were the resource provider that was making a transition to accepting pilot jobs without end user certificates. The recommendations were accepted and implemented, which successfully opened up the use of opportunistic resources from FNAL to a large number of users. A simple metric we can use to evaluate the effectiveness is increased opportunistic usage of FNAL resources by the VOs that took part in the study. Figure 3 shows a sharp increase in computing usage of FNAL resources by OSG-XSEDE frontend after October 2013 when the recommendations were accepted. Figure 4 shows the spikes in the number of jobs running in the same timeframe clearly showing opportunistic usage. In summary, through this study we conclude that GlideinWMS system provides equivalent ability in providing traceability with or without certificates. Furthermore, this study shows an approach to lower the barrier to access computing resources on the Grid without much impact on traceability. In our case studies this has resulted in a spike in the number of computing hours used by this VO and a high level of user satisfaction with the Grid usage.