diff --git a/slides.md b/slides.md
index bdf44b6..211cee6 100644
--- a/slides.md
+++ b/slides.md
@@ -119,7 +119,8 @@ title: WMS
:: title ::
-# WMS: Workload Management System
+# WMS
+### Workload Management System
- Pull model based on Pilot jobs
- Also "Push" solution for HPCs that do not support pilots (because of limited internet access).
- Will integrate [CWL (Common Workflow Language)](https://www.commonwl.org) as a way of defining jobs (replacing JDL) --> see poster #217
@@ -159,7 +160,8 @@ titlewidth: is-5
:: title ::
-# DMS: Data Management System
+# DMS
+### Data Management System
It’s about **files**: placing, replicating, removing files
- there are **LFNs** (logical file names) → and users ONLY work with these
@@ -194,16 +196,17 @@ title: TS
:: title ::
-# Productions and Dataset management
+# TS (Transformation System)
+### For productions and Dataset management
-- A *Data Processing* **transformation** (e.g. Simulation, Merge, DataReconstruction...) creates jobs in the WMS (and re-sumbit them, and destroy them).
+- A *Data Processing* **transformation** (e.g. Simulation, Merge, DataReconstruction...) creates jobs in the WMS (and re-sumbit them if needed, eventually destroy them).
- A *Data Manipulation* **transformation** replicates, or remove, data from storage elements.
:: content ::
- The Transformation System (TS) is used to automate common tasks related to production activities. It can handle thousands of productions, millions of files and jobs.
+ The TS is used to automate common tasks related to production activities. It can handle thousands of productions, millions of files and jobs.
@@ -273,12 +276,12 @@ title: issues
somewhat cumbersome deployment
late on “standards”
- - http services
- - tokens
- - monitoring
+ - No http services
+ - No tokens
+ - Old monitoring
- “old”-ish design (RPC, “cron” agents…)
+ “old”-ish design (RPC, "cron" agents…)
not very developer-friendly: rather un-appealing/confusing, especially for new (and young) developers
multi-VO, but was not designed to do so since the beginning
no clear interface to a running DIRAC instance
@@ -359,6 +362,7 @@ align: lm
# DiracX Web API
+
What is on the right is the certification Web API, loaded live. Use with caution!
@@ -368,11 +372,11 @@ What is on the right is the certification Web API, loaded live. Use with caution
-
DIRAC Web APIs with
-
+
-
Nicely documented in
-
+
- --> this is what you see on the right
@@ -423,16 +427,32 @@ function helloworld() {
You can even edit the code in the browser
-```ts {monaco}
-console.log('HelloWorld')
-```
+```sh
+❯ DIRACX_URL=https://diracx-cert.app.cern.ch dirac login gridpp (diracx-dev)
+Logging in with scopes: ['vo:gridpp']
+Now go to: https://diracx-cert.app.cern.ch/api/auth/device?user_code=SLZNLZNS
+.............Saved credentials to /home/fstagni/.cache/diracx/credentials.json
-You can even run the code in the browser
+Login successful!
+```
+````md magic-move
```sh
curl -X 'GET' \
- 'https://diracx-cert.app.cern.ch/api/jobs/status?job_ids=123' \
- -H 'accept: application/json'
+ 'https://diracx-cert.app.cern.ch/api/jobs/status?job_ids=8971' \
+ -H 'accept: application/json' \
+ -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXV ...' | jq
+```
+
+```json
+{
+ "8971": {
+ "Status": "Done",
+ "MinorStatus": "Execution Complete",
+ "ApplicationStatus": "Unknown"
+ }
+}
+
```
@@ -471,6 +491,7 @@ color: gray-light
# Architecture diagram
+to-do
---
@@ -481,9 +502,9 @@ authorsize: text-s
author: 'Some of you out there'
---
-"OK, but the Grid still uses proxies.
+"OK, but there are several communities using DIRAC right now.
-VOMS is alive!"
+"Also, the Grid still uses proxies. VOMS is alive!"
---
layout: top-title
@@ -504,59 +525,60 @@ title: tokens
- **Verifying a user's identity** (internally to Dirac):
- **DiracX** uses only tokens ([link to security model](https://github.com/DIRACGrid/diracx/blob/main/security_model.md))
- **DIRAC** uses only X509 proxies and certificates to verify identities
- - --> For a (long) while, **users will have both a token and proxy**.
-
-DiracX delivers its own tokens, they are not the same tokens used for the Grid endpoints
-
---
-layout: standard
+layout: top-title-two-cols
color: gray-light
-align: lm
-title: interactions
+align: c-lm-rm
+title: proxies+tokens
---
- On proxies and tokens/2
+:: title ::
-```mermaid {theme: 'neutral', scale: 0.5}
-%%{init: { "theme": "forest" } }%%
+# On proxies and tokens
+
+:: left ::
+
+```mermaid {theme: 'forest', scale: 0.5}
sequenceDiagram
+ title Tokens with standard OAuth2 flow
create actor U as User
- create participant DIRAC_ProxyManager
- U->>DIRAC_ProxyManager: dirac-proxy-init
- create participant VOMS
- DIRAC_ProxyManager->>VOMS: get proxy
- destroy VOMS
- VOMS->>DIRAC_ProxyManager: VOMS proxy
- DIRAC_ProxyManager-->>U: redirect to external IdP
- create participant IAM
- U->>IAM: Authorization Code Flow or Device Flow
- destroy IAM
- IAM->>DIRAC_ProxyManager: IAM token
- destroy DIRAC_ProxyManager
- DIRAC_ProxyManager->>U: DIRAC proxy and DiracX token
- create participant DIRAC_service
- U->>DIRAC_service: DIRAC proxy
- destroy DIRAC_service
- create participant DiracX_service
- U->>DiracX_service: DiracX token
- destroy DiracX_service
+ create participant DiracX
+ U->>DiracX: Login
+ DiracX->>U: Redirect
+ create participant External_IdP
+ U->>External_IdP:
+ destroy External_IdP
+ External_IdP->>DiracX: ID token
+ DiracX->>U: DiracX token
```
+
+DiracX delivers its own tokens, they are not the same tokens used for the Grid endpoints
+
----
-layout: quote
-color: sky-light
-quotesize: text-m
-authorsize: text-s
-author: 'Again, some of you out there'
----
+:: right ::
+
+```mermaid {theme: 'forest', scale: 0.5}
+sequenceDiagram
+ title Working with proxy and token
+ create actor U as User
+ create participant dirac-proxy-init
+ U->>dirac-proxy-init:
+ create participant VOMS
+ dirac-proxy-init->>VOMS:
+ destroy VOMS
+ VOMS->>dirac-proxy-init: VOMS proxy
+ dirac-proxy-init->>DiracX: exchange proxy for token
+ DiracX->>dirac-proxy-init: DiracX token
+ dirac-proxy-init->>U: proxy+token bundle
+ U->>DIRAC_service: proxy
+ U->>DiracX: token
+```
-"OK, but there are several communities using DIRAC right now.
-What should they do?"
---
layout: side-title
@@ -579,15 +601,15 @@ title: Migration
```mermaid {theme: 'neutral', scale: 0.5}
architecture-beta
- group common(db)[common]
+ group common(database)[common]
group DIRAC(server)[DIRAC]
group DiracX(server)[DiracX]
- service db(devicon:sqldeveloper)[Database] in common
- service client(clarity:thin-client-solid)[Client] in DIRAC
+ service db(database)[Database] in common
+ service client(internet)[Client] in DIRAC
service dips(server)[DIPS] in DIRAC
- service fastapi(devicon:fastapi)[FastAPI] in DiracX
- service clientx(clarity:thin-client-line)[Client] in DiracX
+ service fastapi(server)[FastAPI] in DiracX
+ service clientx(internet)[Client] in DiracX
db:B -- T:dips
db:B -- T:fastapi
@@ -749,6 +771,7 @@ title: summary
- Foundations are there, the first release will soon be here
- We plan to ease the interoperability with Rucio
- DiracX will still have the Data Management part, but WMS will come first
+- In October 2023 the DIRAC consortium members approved DiracX recommending a smooth transition from DIRAC
@@ -757,6 +780,7 @@ layout: credits
color: navy
loop: true
speed: 0.4
+title: credits/people
---