wiki:SecurityUsers
Last modified 11 years ago Last modified on 04/29/2008 01:29:59 PM

User Access in LSST

This page is part of Security.

Open Access vs. Service Levels

The LSST data access plan, roughly speaking, is that all users will have access to the same data, but with different priorities and bandwidth. Much of the differentiation will be natural. For example, a grad student on Internet2 will naturally have greater bandwidth than a 2nd-grade classroom sharing a DSL line.

Our security measures and application designs will need to ensure some level of fairness among our users:

  • Guard against out-of-proportion demands on bandwidth and processing that can have a denial-of-service effect
  • Prioritize user access and allocate resources fairly

Preventing "Backwash"

LSST infrastructure will have several security realms. We need to prevent security breaches in lower realms from "leaking" into higher realms. For example:

  • a breach of a public-facing application should not affect our internal processing pipelines
  • a breach of nightly processing systems should not leak into data transport from the base station to the archive site
  • a breach of the base station systems should not leak into the mountaintop systems

For more detail, see the security realms table.