[Federated-fs] FedFS Minutes, 8/28/2008

James Lentini jlentini at netapp.com
Fri Aug 29 07:25:43 PDT 2008


FedFS Minutes, 8/28/2008
------------------------

Attendees
---------

Dan Ellard (BBN)
Renu Tewari (IBM/ARC)
Robert Thurlow (Sun)
Paul Lemahieu (EMC)
James Lentini (NetApp)
Manoj Naik (IBM/ARC)
Theresa Lingutla-Raj (NetApp)
Amy Weaver (NetApp)

Minutes
-------

+ Feedback on Dan's changes to the NSDB Protocol document

 - Definition of a Junction

   The term junction is used to mean different things in different places.
   In some instances, a junction is an object internal to a server while in 
   other places it is an external object. The suggestion was to clarify this 
   terminology.

   Dan explained that the junction key is used to name the relation between 
   two filesets that are linked by a junction. For each junction in the name 
   space, there will be a junction key. A junction key is an attribute of a 
   junction object.

   There was an earlier meaning of the term junction key in the specification.
   Dan believed he has removed these uses. 

   It appears that the text in section 6.2.2 on page 15 is using the older 
   definition of a "junction key". This text should be updated.

   To clarify the terminology, the junction key in the LDAP schema could be 
   changed to a junction UUID.

 - Clarification of the root fileset?

   The goal is to provide a federation wide namespace, not a global namespace.


   The conclusion was that section 3.7 needs to be expanded/revised.

 - How are NSDBs replicated?

   The idea is that NDSBs would be replicated, but entries in an NSDB
   would not be replicated to other NSDBs. 

   This is the proposed approach because it matches the features of 
   different LDAP implementations. Support for replication between two
   arbitrary LDAP implementations (e.g. OpenLDAP and Active Directory) is 
   not available.

   Dan believes that there may be a paragraph describing this in the document.
   He will either add or augment the existing text.

 - Consistency checks of the objects definitions

   Some of the descriptions in section 3.3 and the LDAP definitions are not
   consistent. 

   For example, the text describing the FSL definition is different from 
   LDAP definition (there are different fields).

 - Description of LDAP protocol versus APIs

   There had been a C API descriptions.

   The agreement was to describe the LDAP protocol.

   This is the most useful. There are many programming language APIs.

 - LDAP versus other things?

   We can do the things we want in LDAP now. For the next set of things (features)
   we don't know if LDAP will do what we want. 

+ IETF feedback from Dublin

  The NFSv4 working group presentation went very well. There were three areas
  the audience requested we address:

 - security: the was concern that the referral mechanism could be miss-used to
   direct a client to a rogue server. 

   The consensus was the security of the overall system is not decreased by 
   using FedFs. We need to state that when using the existing NFS security 
   measures (GSS API, etc) and LDAP security measures, the use of FedFs does 
   not decrease security.

   Dan noted that there are now two systems (NFS + LDAP) to configure correctly.

   Does FedFs expose existing security issues to a wider audience (the entire
   world?).

 - root fileset/namespace: the issue raised was that clients can mount the
   namespace at different locations and different places in the federation
   namespace. 

   Is there anyway to close this with NFS? We agreed that there was not. 
   NFS clients are allowed to mount at any point in their namespace.

  The proposal is to provide a best practices guide for how NSDB's are
  setup and where clients should mount the federation namespace.
  This could be part of the admin document.

  What about loops in the namespace? It is difficult (impossible?) to 
  protect against this. Keeping this from happening this is not a goal.

 - LDAP help from IETF

  There was a general offer of help on LDAP issues from the IETF

+ LDAP transactions

  We ran out of time (again) to discuss this topic.


More information about the Federated-fs mailing list