Upon the death of Argus, Hera honored her faithful watchman by gathering his many eyes and placing them on the tail of a peacock. Image courtesy Gari.Baldi, under Creative Commons license.

In classical Greek mythology, a multi-eyed, insomniac giant named “Argus” was employed by Hera to keep an eye on the doings of her husband Zeus — mightiest of gods.

Argus was extremely vigilant; an ancient poet wrote that “. . . sleep never fell upon his eyes; but he kept sure watch always.”

So it was appropriate that “ARGUS” became the name of a newly created authorization service to observe and protect Europe’s grid infrastructure. Overseen by the European Grid Infrastructure (which is in turn coordinated by the European Grid Initiative), ARGUS is designed to be a secure and efficient means of offering a single authorization and authentication point for multiple services.

ARGUS works in a series of steps. First, users must present a claim or credential stating they have a right to use the infrastructure. Next, this evidence must be authenticated (verifying that the person is really who they say they are) and then authorized (given the green light that they really have the right to access certain resources). Only then can their job run on the grid.

A new watchdog in town
ARGUS was developed from scratch, under a partnership between four institutions: SWITCH of Switzerland; INFN of Bologna, Italy; HIP of Finland; and NIKHEF of The Netherlands. It is a stand-alone service that internally uses a “standards-based policy language” — a single point of decision for different services which have to authorize users to perform actions on the resource. Other services will be integrated as time progresses, the next being the CREAM computing element.

The god Zeus, disguised as a cloud, embracing a mortal. By the artist Antonio da Correggio. Image courtesy Wikipedia under  Creative Commons license.

How is this different from the old way? Previously, different services had different codes for performing authorizations.

Because they were run on different parameters, the same decision was not always taken. In addition, with many pieces of code trying to accomplish the same task, things easily became very complicated. This hodge-podge also made maintenance a nightmare.

Now, however, there is only a single point of maintenance. In addition to streamlining and efficiency, there is another benefit as well — ARGUS  acts as a single point for opening and closing access to the grid. So, if a computer security team identifies people who are known abusers of the system, they only have to deal with a single point for cutting access to the entire infrastructure, thus making a global banning list easier.

Individual sites can then easily refer to this blacklist when trying to separate malicious users from good users who have had their credentials compromised.

ARGUS is now available for installation at grid sites, and more information can be learned through the ARGUS wiki. The service will continue to be developed through EMI.

“Now, crucially, we would like user feedback,” says Christoph Witzig of SWITCH, one of the developers. “Once we know what users like about it — and importantly what they don’t like — we can incorporate that feedback in to the next version we issue.”

In the absence of wrathful gods, ARGUS will keep all eyes on the task at hand.