Global Grid Forum and AgentLink III Omer Rana Active since 2000 –Grid Forum Asia-Pacific –eGrid...
-
Upload
kerrie-ferguson -
Category
Documents
-
view
225 -
download
3
Transcript of Global Grid Forum and AgentLink III Omer Rana Active since 2000 –Grid Forum Asia-Pacific –eGrid...
Global Grid Forum and AgentLink IIIOmer Rana
• Active since 2000 – Grid Forum Asia-Pacific– eGrid (European Grid activities)– Grid Forum US
• Led by – Mark Linesch, Hewlett Packard – Recently very industry focused
Management
• GGF Chair
• Steering Group
• Advisory Group
Bill Feiereisen, Los Alamos National Laboratory Ian Baird, EMC
Kyriakos Baxevanidis, CECWolfgang Boch, European Commission
Walt Brooks, NASAFrederica Darema, US National Science Foundation
Robert Fogel, Intel CorporationIan Foster, Argonne National Laboratory and The University of Chicago
Fabrizio Gagliardi, CERNTony Hey, Microsoft
John Hurley, The Boeing CompanyLennart Johnsson, University of Houston
Ken King, IBMJysoo Lee, KISTI
Yoichi Muraoka, Waseda University Simon Nicholson, Sun Microsystems and OASIS
Alexander Reinefeld, ZIB BerlinMary Anne Scott, US Department of Energy
Satoshi Sekiguchi, AISTRick Stevens, Argonne National Laboratory
Martin Walker, Hewlett-Packard
Recent change in structure – previously: (1) Research Groups,(2) Working Groups.
Standards Function GroupsInfrastructure
Area Director: Cees de Laat•IPv6 (IPv6-WG) •Network Measurement (NM-WG) •Data Transport (DT-RG) •Grid High-Performance Networking (GHPN-RG) •Network Measurements for Applications (NMA-RG)
DataArea Directors: David Martin and Malcolm Atkinson •Data Access and Integration Services (DAIS-WG)
•Grid File Systems (GFS-WG) •Data Format Description Language (DFDL-WG) •GridFTP-WG •Grid Storage Management (GSM-WG) •Information Dissemination (INFOD-WG) •OGSA Data Replication Services (OREP-WG) •Transaction Management (TM-RG) •OGSA Data (OGSA-D-WG) •Byte IO (ByteIO-WG)
ComputeArea Directors: Bill Nitzberg and Steven Pickles •Grid Resource Allocation Agreement Protocol (GRAAP-WG
) •Job Submission Description Language (JSDL-WG) •Grid scheduling Architecture (GSA-RG) •OGSA Basic Execution Services (OGSA-BES-WG)
ArchitectureArea Director: Andrew Grimshaw •Open Grid Services Architecture (OGSA-WG)
•Grid Protocol Architecture (GPA-RG) •OGSA Naming (OGSA-Naming-WG)
ApplicationsArea Director: Dennis Gannon •Grid Remote Procedure Call (GridRPC-WG)
•Grid Information Retrieval (GIR-WG) •Distributed Resource Management Application API (DRMAA-WG)
•Simple API for Grid Applications (SAGA-RG) •Grid Checkpoint Recovery (GridCPR-WG)
ManagementArea Directors: Hiro Kishimoto and John Tollefsrud •Application Contents Service (ACS-WG)
•Configuration Description, Deployment, and Lifecycle Management (CDDLM-WG)
•Grid Economic Services Architecture (GESA-WG) •OGSA Resource Usage Service (RUS-WG) •Usage Record (UR-WG)
SecurityArea Directors: Olle Mulmo and Dane Skow •Open Grid Service Architecture Authorization (OGSA AUT
HZ-WG) •OGSA-P2P-Security (OGSAP2P-RG) •Firewall Issues (FI-RG) •Trusted Computing (TC-RG)
LiaisonArea Director: Hiro Kishimoto •Standards development organizations Collaboration on n
etworked Resources Management Working Group (SCRM-WG)
Standards Function Groups
Research Applications
Area Director: Satoshi Matsuoka
•Application Developers and Users (APPS-RG) •Astronomy Applications (Astro-RG) •Humanities, Arts, and Social Science (HASS-RG) •Life Sciences Grid (LSG-RG) •Particle and Nuclear Physics Applications (PNPA-RG)
•Preservation Environments(PE-RG)
Industry ApplicationsArea Director: Craig Lee •Enterprise Grids Requirements (EGR-RG)
•Telecomm Community Group (Telco-CG)
Grid OperationsArea Director: Ken Klingenstein •CA Ops (CAOPs-WG)
•Production Grid Services (PGS-RG)
Technology Innovators
Area Director: David DeRoure•Advanced Collaborative Environments (ACE-RG) •Appliance Aggregation (APPAGG-RG) •Grid Computing Environments (GCE-RG) •User Program Development Tools for the Grid (UPDT-RG) •Semantic Grid (SEM-RG) •Workflow Management (WFM-RG)
Community Affairs
Area Director: Geoffrey Fox•GGF Process-WG •Grid Benchmarking (GB-RG)
Major Grid ProjectsArea Directors: Charlie Catlett andAlan Blatecky
Community Function Groups
What do Grids do? •Security
– Secure connections– Authorization control– Delegation
•Virtual Organizations– Shared goals– Authorization Sharing– Resource Sharing
•Data– Transport– Virtualization– Federation– Replica Management– Streaming Data
•Execution– Jobs– Services– Scheduling
•Service Composition– Workflow– Subcontracting
•Discovery– Services– Data Sets– Resources– Registration
Science today is a “Team Sport”
Dave Snelling (Fujitsu)
Activities closely aligned to AgentLink work
• Semantic Grids– Specification of “service” ontology– Specification of application specific ontologies
• Grid Resource Allocation Agreement Protocol (GRAAP)– Description of Service Level Agreements and
Service Level Indicators
• Trusted Computing
Open Grid Services Architecture Evolution
Anatomy ofthe Grid
Physiology ofthe Grid
OGSA V1.0
OGSA Glossary
OGSAProfile
Basic ExecutionService
Naming
JSDL
Open GridServices
Infrastructure
Web ServicesResource
Framework
Web ServicesNotification
informational
Normative
Dave Snelling (Fujitsu)
OGSA Specifications Landscape
SYSTEMSMANAGEMENT
UTILITYCOMPUTING
GRIDCOMPUTING
Core Services
Basic Profile WS-Addressing
Privacy
WSRF-RAP
WSDM
WS-Security
Naming
OGSA-EMSOGSA Self Mgmt
Others ...
GGF-UR Data Model
HTTP(S)/SOAP
Discovery
SAML/XACML
WSDL WSRF-RL
Trust
WS-DAI
VO Management
Information
Distributed query processing
ASP
Data CentreUse Cases &Applications Collaboration Multi MediaPersistent Archive
WSRF-RP
X.509
NotificationService Groups WS-I BP
Dave Snelling (Fujitsu)
WSRF : Stateful Resource
• A Resource:– A specific set of state data expressible as an XML document
• This is not typically all of the resource’s state!
– Has a well-defined identity and lifecycle – Known to, and acted upon, by one or more Web services.
• Many Possible Instances– Files, Database tables, EJB Entities, XML documents,
Compositions of multiple data sources, Virtualized executions of applications, etc.
• A WS-Resource has:– Identity: Can be uniquely identified/referenced– Lifetime: Often created & destroyed by clients– State: Part of the state can be projected as XML– Type: Its Web service interface
Dave Snelling (Fujitsu)
WSRF: Resource Access
context
Inte
rface
WebService
messageid
message
id
address
resource
Run-time environment
Endpoint Reference
Dave Snelling (Fujitsu)
WSRF: Multiple Resources
context
Inte
rface
WebService
messageid
message
id
address
resource
resource
Endpoint ReferenceEndpoint Reference
Run-time environment
Dave Snelling (Fujitsu)
WSRF: Factory Pattern
Inte
rface
WebService
message
message
address
Endpoint Reference
resource
Endpoint Reference
address
id
Run-time environment
Dave Snelling (Fujitsu)
Configuration Description, Deployment, and Lifecycle Management (CDDLM)
• Uses:– CDL for declarative descriptions of system configuration– Based on a CDDLM Component Model
• CDL– Based on “SmartFrog” from HP (attribute,value) pairs, supports inheritance
configurable platform providers
(cddlm.org)
ws hosting service
providers (hosting.com)
resource allocation agreement process
hosting service users
(example.com)
app server (BackEnd)
web server
Tomcat
Apache Axis
web server (FrontEnd)
FrontEnd BackEnd
system request
deployment request
WS-Resource
basic service
refers-to
refers-to
refers-to
refers-to
submitted- to
submitted- to
provides
Component Model
Based on a “deployment object” manages lifecycle of a deployed resource
Each deployment object defined using CDL, and mapped to its implementation
Deployment object = WSRF-compliant EPR
CDDLM Deployment API supports interaction with object
Basic Execution Service (OGSA) may make requests to CDDLM for deployment
<cdl:cdl targetNamespace="http://cddlm.org/webserver/apache" xmlns="http://cddlm.org/webserver/apache" xmlns:tns="http://cddlm.org/webserver/apache" xmlns:cdl="http://ggf.org/cddlm-wg/xmlcdl/1.0" xmlns:base="http://cddlm.org/webserver/generic"><cdl:import namespace="http://cddlm.org/webserver/generic" location="http://cddlm.org/webserver/generic.cddlm" /><cdl:types ... /><cdl:configuration> <Tomcat cdl:name="tomcat" cdl:extends="base:webserver"> <port>8080</port> <tomcatOpts /> </Tomcat> <SoapEndpoint cdl:name="soapendpoint"> <name /> <namespace /> </SoapEndpoint> <ApacheAxis cdl:name="apacheaxis" cdl:extends="base:webapplication"> <hostname /> <port /> <wsddDescriptor /> <path>/axis</path> <livenessPage>happyaxis.jsp</livenessPage> <AxisAdmin cdl:extends="tns:soapendpoint"> <name>admin</name> <namespace>http://ws.apache.org/axis/admin</namespace> </AxisAdmin> <endpoints /> </ApacheAxis></cdl:configuration></cdl:cdl>
Distributed Deployment
• Binary Components– Environment variables– Dynamic linking/loading
• Source Code– Environment variables– Distributed “build” tools
• Extract dependencies– Download libraries
Aspects of Grid Security• Restrict access to resources or service state• Related to the formation and management of Virtual
Organisations • VO Resources and users are often located in distinct
administrative domains– Can’t assume cross-organizational trust agreements– Different mechanisms & credentials
• Interactions are not just client/server, but service-to-service on behalf of the user– Requires delegation of rights by user to service– Services may be dynamically instantiated
slide based on presentation given by Carl Kesselman at GGF Summer School 2004
The Trust Model
Certification
Domain A
Server X Server Y
PolicyAuthority
PolicyAuthority
TaskDomain B
Sub-Domain A1
GSI
CertificationAuthority
Sub-Domain B1
Authority
FederationService
VirtualOrganization
Domain
No Cross-
Domain Trust
slide based on presentation given by Carl Kesselman at GGF Summer School 2004
Delegation (a key aspect of VO)
• A Site delegates responsibility for the users that may access its resources to the managers/management system.
• An organisation delegates its rights to a user.
• A user delegates their authentication to a service to allow programs to run on remote sites.
Delegation : The act of giving an organisation, person or service the right to act on your behalf.
Use Delegation toEstablish Dynamic Distributed System
ComputeCenter
ComputeCenter
VO
Service
slide based on presentation given by Carl Kesselman at GGF Summer School 2004
with arbitrary mechanisms
ComputeCenter
VO
Rights
ComputeCenter
ServiceKerberos/
WS-Security
X.509/SSL
SAML Attribute
slide based on presentation given by Carl Kesselman at GGF Summer School 2004
A Working Definition of Trust A Working Definition of Trust
This period may be in the past (history), the duration of the service (from now and until end of service), future (a scheduled or forecasted critical time slot), or alwaysThis period may be in the past (history), the duration of the service (from now and until end of service), future (a scheduled or forecasted critical time slot), or always
Dependability is deliberately understood broadly to include security, safety, reliability, timeliness, maintainability
Dependability is deliberately understood broadly to include security, safety, reliability, timeliness, maintainability
The measurement may be absolute (e.g. probability) or relative (e.g. dense order)The measurement may be absolute (e.g. probability) or relative (e.g. dense order)
Trust is relative to a specific service. Different trust relationships appear in different business contextsTrust is relative to a specific service. Different trust relationships appear in different business contexts
Trust of a party Trust of a party AA to a party to a party BB for a service for a service XX is is
the measurable belief of the measurable belief of AA in that in that BB behaves behaves dependably for a specified period within a dependably for a specified period within a
specified context (in relation to service specified context (in relation to service XX))
Brian Matthews, TrustCom
POLICY ONTOLOGY TRUST ISSUES
• Policy applied to• Contract Negotiation• Service Access Negotiation• Namespaces
• SLA Validation• Trust Relationship (Risk Assessment)• Reputation and Trust
– Service type + provider
Trust LifeCycleTrust & Security
discovery & justified identification of credible, trusted partners
establishment of trust between perspective VO members
maintenance of trust, autonomic security management, adaptive deployment of security policies
termination of trust relationships & maintenance of trust knowledge
Contract
elicitation of contractual requirementsformulation, negotiation
Instantiation and endorsement of collaboration agreements between VO partners
contract enforcement, performance monitoring, arbitration & contract amendment
nullification of contracts, posterior analysis
Collaborative Process
definition of VO objectives, elicitation of process goals and requirements
process definition (overlaying trust information), engagement of collaborators, optimisation of resource utilisation
adaptive enactment of collaborative processes, trust-based decision making, secure service orchestration, dynamic service invocation, accounting
resource disengagement, posterior analysis
Identification
Formation
Operation
Dissolution
Policy Spec
Feedback + Reasoning
Reputation Repository
Brian Matthews, TrustCom
Policy IssuesRequirements (Declarative Policy)• User• ServiceReputation Repository• Grouping/Aggregating (Reasoning)• Ontology Definition • Consistency Check (does not invalidate old info)Contract Formation based on this• By checking Reputation RepositoryRelationship between Policy SLA (Contract)• Penalty in case of violationSupport for Reasoning and Policy Evaluation•
Standards• WS-Agreement
– Significant potential of involvement from the agents community
– Electronic contracts/negotiation
• Grid Policy– Use of trust models from agents community
• Automated Deployment – Tuning deployment scripts
• Semantic Grids– Ontologies for Policy Description– Ontologies for services