--- # T&I WG: Recommendations implementation update --- ## Context * 2016: Working Group started * 2017: Technology (containers) forked to another WG * 2019: Recommendations written and presented to MB * Given to WLCG/EGI policy group as input for change * VOs asked to go forward with the implementation * Final policy expected to be close to recommendations * EGI IRTF already including VOs in incident response * 2019: EGI running security challenge with LHCb --- ## VO status Collected from the VOs ---- ### ALICE > The implementation of the recommendations depends on the replacement of AliEn by JAliEn, which is progressing slowly but is foreseen to be ~100% done by the start of Run 3 (i.e. summer 2021) ---- ### ATLAS - All the analysis jobs (user payloads) run isolated from the pilot job (containers with singularity, all the sites isolate the PID, IPC and environment as well (containall)) - These jobs still use the pilot's credentials. Their replacement with a custom low privilege proxy is still in development, no clear timeline yet for deployment - Dedicating the pilot to the user (single user or single job payload) was tested but had negative impact on submission rate so was reverted ---- ### CMS > CMS meets all [the] requirements ---- ### LHCb - There has been unfortunately no real process on these specific tasks. As of today LHCb is running singularity containers for software preservation but not in the context of isolation. Through this activity, it has been verified that all LHCb T1 could provide singularity as required by LHCb - As the LHCb DIRAC team is unfortunately already very busy with several othe developments, there is no defined future plan, but LHCb still hopes to get some help from non-LHCB users of DIRAC even though not much came so far. --- ## Future steps - Implementation to be finalized by the VOs - Policies to be formalized by policy group - Resulting procedures to be written as needed ---