Global Grid Forum and AgentLink IIIOmer Rana

• Active since 2000 – Grid Forum Asia-Pacific– eGrid (European Grid activities)– Grid Forum US

• Led by – Mark Linesch, Hewlett Packard – Recently very industry focused

Management

• GGF Chair

• Steering Group

• Advisory Group

Bill Feiereisen, Los Alamos National Laboratory Ian Baird, EMC

Kyriakos Baxevanidis, CECWolfgang Boch, European Commission

Walt Brooks, NASAFrederica Darema, US National Science Foundation

Robert Fogel, Intel CorporationIan Foster, Argonne National Laboratory and The University of Chicago

Fabrizio Gagliardi, CERNTony Hey, Microsoft

John Hurley, The Boeing CompanyLennart Johnsson, University of Houston

Ken King, IBMJysoo Lee, KISTI

Yoichi Muraoka, Waseda University Simon Nicholson, Sun Microsystems and OASIS

Alexander Reinefeld, ZIB BerlinMary Anne Scott, US Department of Energy

Satoshi Sekiguchi, AISTRick Stevens, Argonne National Laboratory

Martin Walker, Hewlett-Packard

Recent change in structure – previously: (1) Research Groups,(2) Working Groups.

Standards Function GroupsInfrastructure

Area Director: Cees de Laat•IPv6 (IPv6-WG) •Network Measurement (NM-WG) •Data Transport (DT-RG) •Grid High-Performance Networking (GHPN-RG) •Network Measurements for Applications (NMA-RG) 

DataArea Directors: David Martin and Malcolm Atkinson •Data Access and Integration Services (DAIS-WG)

•Grid File Systems (GFS-WG) •Data Format Description Language (DFDL-WG) •GridFTP-WG •Grid Storage Management (GSM-WG) •Information Dissemination (INFOD-WG) •OGSA Data Replication Services (OREP-WG) •Transaction Management (TM-RG) •OGSA Data (OGSA-D-WG) •Byte IO (ByteIO-WG)

ComputeArea Directors: Bill Nitzberg and Steven Pickles •Grid Resource Allocation Agreement Protocol (GRAAP-WG

) •Job Submission Description Language (JSDL-WG) •Grid scheduling Architecture (GSA-RG) •OGSA Basic Execution Services (OGSA-BES-WG)

ArchitectureArea Director: Andrew Grimshaw •Open Grid Services Architecture (OGSA-WG)

•Grid Protocol Architecture (GPA-RG) •OGSA Naming (OGSA-Naming-WG)

ApplicationsArea Director: Dennis Gannon •Grid Remote Procedure Call (GridRPC-WG)

•Grid Information Retrieval (GIR-WG) •Distributed Resource Management Application API (DRMAA-WG)

•Simple API for Grid Applications (SAGA-RG) •Grid Checkpoint Recovery (GridCPR-WG)

ManagementArea Directors: Hiro Kishimoto and John Tollefsrud •Application Contents Service (ACS-WG)

•Configuration Description, Deployment, and Lifecycle Management (CDDLM-WG)

•Grid Economic Services Architecture (GESA-WG) •OGSA Resource Usage Service (RUS-WG) •Usage Record (UR-WG)

SecurityArea Directors: Olle Mulmo and Dane Skow •Open Grid Service Architecture Authorization (OGSA AUT

HZ-WG) •OGSA-P2P-Security (OGSAP2P-RG) •Firewall Issues (FI-RG) •Trusted Computing (TC-RG)

LiaisonArea Director: Hiro Kishimoto •Standards development organizations Collaboration on n

etworked Resources Management Working Group (SCRM-WG)

Standards Function Groups

Research Applications

Area Director: Satoshi Matsuoka

•Application Developers and Users (APPS-RG) •Astronomy Applications (Astro-RG) •Humanities, Arts, and Social Science (HASS-RG) •Life Sciences Grid (LSG-RG) •Particle and Nuclear Physics Applications (PNPA-RG)

•Preservation Environments(PE-RG)

Industry ApplicationsArea Director: Craig Lee •Enterprise Grids Requirements (EGR-RG)

•Telecomm Community Group (Telco-CG)

Grid OperationsArea Director: Ken Klingenstein •CA Ops (CAOPs-WG)

•Production Grid Services (PGS-RG)

Technology Innovators

Area Director: David DeRoure•Advanced Collaborative Environments (ACE-RG) •Appliance Aggregation (APPAGG-RG) •Grid Computing Environments (GCE-RG) •User Program Development Tools for the Grid (UPDT-RG) •Semantic Grid (SEM-RG) •Workflow Management (WFM-RG)

Community Affairs

Area Director: Geoffrey Fox•GGF Process-WG •Grid Benchmarking (GB-RG)

Major Grid ProjectsArea Directors: Charlie Catlett andAlan Blatecky

 

Community Function Groups

What do Grids do? •Security

– Secure connections– Authorization control– Delegation

•Virtual Organizations– Shared goals– Authorization Sharing– Resource Sharing

•Data– Transport– Virtualization– Federation– Replica Management– Streaming Data

•Execution– Jobs– Services– Scheduling

•Service Composition– Workflow– Subcontracting

•Discovery– Services– Data Sets– Resources– Registration

Science today is a “Team Sport”

Dave Snelling (Fujitsu)

Activities closely aligned to AgentLink work

• Semantic Grids– Specification of “service” ontology– Specification of application specific ontologies

• Grid Resource Allocation Agreement Protocol (GRAAP)– Description of Service Level Agreements and

Service Level Indicators

• Trusted Computing

Open Grid Services Architecture Evolution

Anatomy ofthe Grid

Physiology ofthe Grid

OGSA V1.0

OGSA Glossary

OGSAProfile

Basic ExecutionService

Naming

JSDL

Open GridServices

Infrastructure

Web ServicesResource

Framework

Web ServicesNotification

informational

Normative

Dave Snelling (Fujitsu)

OGSA Specifications Landscape

SYSTEMSMANAGEMENT

UTILITYCOMPUTING

GRIDCOMPUTING

Core Services

Basic Profile WS-Addressing

Privacy

WSRF-RAP

WSDM

WS-Security

Naming

OGSA-EMSOGSA Self Mgmt

Others ...

GGF-UR Data Model

HTTP(S)/SOAP

Discovery

SAML/XACML

WSDL WSRF-RL

Trust

WS-DAI

VO Management

Information

Distributed query processing

ASP

Data CentreUse Cases &Applications Collaboration Multi MediaPersistent Archive

WSRF-RP

X.509

NotificationService Groups WS-I BP

Dave Snelling (Fujitsu)

WSRF : Stateful Resource

• A Resource:– A specific set of state data expressible as an XML document

• This is not typically all of the resource’s state!

– Has a well-defined identity and lifecycle – Known to, and acted upon, by one or more Web services.

• Many Possible Instances– Files, Database tables, EJB Entities, XML documents,

Compositions of multiple data sources, Virtualized executions of applications, etc.

• A WS-Resource has:– Identity: Can be uniquely identified/referenced– Lifetime: Often created & destroyed by clients– State: Part of the state can be projected as XML– Type: Its Web service interface

Dave Snelling (Fujitsu)

WSRF: Resource Access

context

Inte

rface

WebService

messageid

message

id

address

resource

Run-time environment

Endpoint Reference

Dave Snelling (Fujitsu)

WSRF: Multiple Resources

context

Inte

rface

WebService

messageid

message

id

address

resource

resource

Endpoint ReferenceEndpoint Reference

Run-time environment

Dave Snelling (Fujitsu)

WSRF: Factory Pattern

Inte

rface

WebService

message

message

address

Endpoint Reference

resource

Endpoint Reference

address

id

Run-time environment

Dave Snelling (Fujitsu)

Configuration Description, Deployment, and Lifecycle Management (CDDLM)

• Uses:– CDL for declarative descriptions of system configuration– Based on a CDDLM Component Model

• CDL– Based on “SmartFrog” from HP (attribute,value) pairs, supports inheritance

configurable platform providers

(cddlm.org)

ws hosting service

providers (hosting.com)

resource allocation agreement process

hosting service users

(example.com)

app server (BackEnd)

web server

Tomcat

Apache Axis

web server (FrontEnd)

FrontEnd BackEnd

system request

deployment request

WS-Resource

basic service

refers-to

refers-to

refers-to

refers-to

submitted- to

submitted- to

provides

Component Model

Based on a “deployment object” manages lifecycle of a deployed resource

Each deployment object defined using CDL, and mapped to its implementation

Deployment object = WSRF-compliant EPR

CDDLM Deployment API supports interaction with object

Basic Execution Service (OGSA) may make requests to CDDLM for deployment

<cdl:cdl targetNamespace="http://cddlm.org/webserver/apache" xmlns="http://cddlm.org/webserver/apache" xmlns:tns="http://cddlm.org/webserver/apache" xmlns:cdl="http://ggf.org/cddlm-wg/xmlcdl/1.0" xmlns:base="http://cddlm.org/webserver/generic"><cdl:import namespace="http://cddlm.org/webserver/generic" location="http://cddlm.org/webserver/generic.cddlm" /><cdl:types ... /><cdl:configuration> <Tomcat cdl:name="tomcat" cdl:extends="base:webserver"> <port>8080</port> <tomcatOpts /> </Tomcat> <SoapEndpoint cdl:name="soapendpoint"> <name /> <namespace /> </SoapEndpoint> <ApacheAxis cdl:name="apacheaxis" cdl:extends="base:webapplication"> <hostname /> <port /> <wsddDescriptor /> <path>/axis</path> <livenessPage>happyaxis.jsp</livenessPage> <AxisAdmin cdl:extends="tns:soapendpoint"> <name>admin</name> <namespace>http://ws.apache.org/axis/admin</namespace> </AxisAdmin> <endpoints /> </ApacheAxis></cdl:configuration></cdl:cdl>

Distributed Deployment

• Binary Components– Environment variables– Dynamic linking/loading

• Source Code– Environment variables– Distributed “build” tools

• Extract dependencies– Download libraries

Aspects of Grid Security• Restrict access to resources or service state• Related to the formation and management of Virtual

Organisations • VO Resources and users are often located in distinct

administrative domains– Can’t assume cross-organizational trust agreements– Different mechanisms & credentials

• Interactions are not just client/server, but service-to-service on behalf of the user– Requires delegation of rights by user to service– Services may be dynamically instantiated

slide based on presentation given by Carl Kesselman at GGF Summer School 2004

The Trust Model

Certification

Domain A

Server X Server Y

PolicyAuthority

PolicyAuthority

TaskDomain B

Sub-Domain A1

GSI

CertificationAuthority

Sub-Domain B1

Authority

FederationService

VirtualOrganization

Domain

No Cross-

Domain Trust

slide based on presentation given by Carl Kesselman at GGF Summer School 2004

Delegation (a key aspect of VO)

• A Site delegates responsibility for the users that may access its resources to the managers/management system.

• An organisation delegates its rights to a user.

• A user delegates their authentication to a service to allow programs to run on remote sites.

Delegation : The act of giving an organisation, person or service the right to act on your behalf.

Use Delegation toEstablish Dynamic Distributed System

ComputeCenter

ComputeCenter

VO

Service

slide based on presentation given by Carl Kesselman at GGF Summer School 2004

with arbitrary mechanisms

ComputeCenter

VO

Rights

ComputeCenter

ServiceKerberos/

WS-Security

X.509/SSL

SAML Attribute

slide based on presentation given by Carl Kesselman at GGF Summer School 2004

A Working Definition of Trust A Working Definition of Trust

This period may be in the past (history), the duration of the service (from now and until end of service), future (a scheduled or forecasted critical time slot), or alwaysThis period may be in the past (history), the duration of the service (from now and until end of service), future (a scheduled or forecasted critical time slot), or always

Dependability is deliberately understood broadly to include security, safety, reliability, timeliness, maintainability

Dependability is deliberately understood broadly to include security, safety, reliability, timeliness, maintainability

The measurement may be absolute (e.g. probability) or relative (e.g. dense order)The measurement may be absolute (e.g. probability) or relative (e.g. dense order)

Trust is relative to a specific service. Different trust relationships appear in different business contextsTrust is relative to a specific service. Different trust relationships appear in different business contexts

Trust of a party Trust of a party AA to a party to a party BB for a service for a service XX is is

the measurable belief of the measurable belief of AA in that in that BB behaves behaves dependably for a specified period within a dependably for a specified period within a

specified context (in relation to service specified context (in relation to service XX))

Brian Matthews, TrustCom

POLICY ONTOLOGY TRUST ISSUES

• Policy applied to• Contract Negotiation• Service Access Negotiation• Namespaces

• SLA Validation• Trust Relationship (Risk Assessment)• Reputation and Trust

– Service type + provider

Trust LifeCycleTrust & Security

discovery & justified identification of credible, trusted partners

establishment of trust between perspective VO members

maintenance of trust, autonomic security management, adaptive deployment of security policies

termination of trust relationships & maintenance of trust knowledge

Contract

elicitation of contractual requirementsformulation, negotiation

Instantiation and endorsement of collaboration agreements between VO partners

contract enforcement, performance monitoring, arbitration & contract amendment

nullification of contracts, posterior analysis

Collaborative Process

definition of VO objectives, elicitation of process goals and requirements

process definition (overlaying trust information), engagement of collaborators, optimisation of resource utilisation

adaptive enactment of collaborative processes, trust-based decision making, secure service orchestration, dynamic service invocation, accounting

resource disengagement, posterior analysis

Identification

Formation

Operation

Dissolution

Policy Spec

Feedback + Reasoning

Reputation Repository

Brian Matthews, TrustCom

Policy IssuesRequirements (Declarative Policy)• User• ServiceReputation Repository• Grouping/Aggregating (Reasoning)• Ontology Definition • Consistency Check (does not invalidate old info)Contract Formation based on this• By checking Reputation RepositoryRelationship between Policy SLA (Contract)• Penalty in case of violationSupport for Reasoning and Policy Evaluation•

Standards• WS-Agreement

– Significant potential of involvement from the agents community

– Electronic contracts/negotiation

• Grid Policy– Use of trust models from agents community

• Automated Deployment – Tuning deployment scripts

• Semantic Grids– Ontologies for Policy Description– Ontologies for services