GUMS

GUMS (Grid User Management System) is a Grid Identity Mapping Service. Identity mapping is necessary when a site's resources do not use GRID credentials natively, but instead use a different mechanism to identify users, such as UNIX accounts or Kerberos principals. In these cases, the GRID credential for each incoming job must be associated with an appropriate site credential. The GUMS server performs this mapping and communicates it to the gatekeepers. The gatekeepers are charged with enforcing the site mapping established by GUMS. The GUMS client (gatekeeper) portion consists of an admin tool for querying and/or changing the state of the server. Typically, the term "GUMS" refers to the server portion.

GUMS is particularly well suited to a heterogeneous environment with multiple gatekeepers; it allows the implemenation of a single site-wide usage policy, thereby providing better control and security for access to the site's grid resources. Using GUMS, individual resource administrators are able to assign different mapping policies to different groups of users and define groups of hosts on which the mappings will be used. GUMS was designed to integrate with the site's local information services (such as HR databases or LDAP).

GUMS has been a production system at BNL since May 2004, managing gatekeepers for USATLAS, STAR and PHENIX. Current development, led by Gabriele Carcassi, is centered on providing better packaging and a GT3 service implementation. Part of the development is dedicated to the VO Privilege Project, a collaboration between USATLAS and USCMS which is working to provide access to GUMS through the gatekeeper callout and role-based authentication through a VOMS extended proxy.