270 likes | 457 Views
Global Grid Forum and AgentLink III Omer Rana. Active since 2000 Grid Forum Asia-Pacific eGrid (European Grid activities) Grid Forum US Led by Mark Linesch, Hewlett Packard Recently very industry focused. Management. Bill Feiereisen, Los Alamos National Laboratory Ian Baird, EMC
E N D
Global Grid Forum and AgentLink IIIOmer Rana • Active since 2000 • Grid Forum Asia-Pacific • eGrid (European Grid activities) • Grid Forum US • Led by • Mark Linesch, Hewlett Packard • Recently very industry focused
Management Bill Feiereisen, Los Alamos National Laboratory Ian Baird, EMC Kyriakos Baxevanidis, CEC Wolfgang Boch, European Commission Walt Brooks, NASA Frederica Darema, US National Science Foundation Robert Fogel, Intel Corporation Ian Foster, Argonne National Laboratory and The University of Chicago Fabrizio Gagliardi, CERN Tony Hey, Microsoft John Hurley, The Boeing Company Lennart Johnsson, University of Houston Ken King, IBM Jysoo Lee, KISTI Yoichi Muraoka, Waseda University Simon Nicholson, Sun Microsystems and OASIS Alexander Reinefeld, ZIB Berlin Mary Anne Scott, US Department of Energy Satoshi Sekiguchi, AIST Rick Stevens, Argonne National Laboratory Martin Walker, Hewlett-Packard • GGF Chair • Steering Group • Advisory Group
Recent change in structure – previously: (1) Research Groups, (2) Working Groups.
Security Secure connections Authorization control Delegation Virtual Organizations Shared goals Authorization Sharing Resource Sharing Data Transport Virtualization Federation Replica Management Streaming Data What do Grids do? • Execution • Jobs • Services • Scheduling • Service Composition • Workflow • Subcontracting • Discovery • Services • Data Sets • Resources • Registration Science today is a “Team Sport” Dave Snelling (Fujitsu)
Activities closely aligned to AgentLink work • Semantic Grids • Specification of “service” ontology • Specification of application specific ontologies • Grid Resource Allocation Agreement Protocol (GRAAP) • Description of Service Level Agreements and Service Level Indicators • Trusted Computing
Open Grid Services Architecture Evolution informational Anatomy of the Grid OGSA V1.0 OGSA Profile Normative OGSA Glossary Basic Execution Service Naming JSDL Physiology of the Grid Open Grid Services Infrastructure Web Services Resource Framework Web Services Notification Dave Snelling (Fujitsu)
OGSA Specifications Landscape SYSTEMS MANAGEMENT GRID COMPUTING UTILITY COMPUTING Use Cases & Applications Distributed query processing Data Centre Collaboration Persistent Archive ASP Multi Media VO Management OGSA Self Mgmt OGSA-EMS WS-DAI Information WSDM Discovery GGF-UR Data Model Naming Core Services Privacy Trust Others ... Service Groups Notification WS-I BP WSRF-RAP WS-Security SAML/XACML X.509 Basic Profile WS-Addressing HTTP(S)/SOAP WSDL WSRF-RL WSRF-RP Dave Snelling (Fujitsu)
WSRF : Stateful Resource • A Resource: • A specific set of state data expressible as an XML document • This is not typically all of the resource’s state! • Has a well-defined identity and lifecycle • Known to, and acted upon, by one or more Web services. • Many Possible Instances • Files, Database tables, EJB Entities, XML documents, Compositions of multiple data sources, Virtualized executions of applications, etc. • A WS-Resource has: • Identity: Can be uniquely identified/referenced • Lifetime: Often created & destroyed by clients • State: Part of the state can be projected as XML • Type: Its Web service interface Dave Snelling (Fujitsu)
context WSRF: Resource Access Endpoint Reference Run-time environment id resource message Interface Web Service message address id Dave Snelling (Fujitsu)
context WSRF: Multiple Resources Endpoint Reference Endpoint Reference Run-time environment id resource message Interface Web Service message address id resource Dave Snelling (Fujitsu)
id address WSRF: Factory Pattern Endpoint Reference Run-time environment Endpoint Reference resource message Interface Web Service message address Dave Snelling (Fujitsu)
Configuration Description, Deployment, and Lifecycle Management (CDDLM) • Uses: • CDL for declarative descriptions of system configuration • Based on a CDDLM Component Model • CDL • Based on “SmartFrog” from HP (attribute,value) pairs, supports inheritance Component Model Based on a “deployment object” manages lifecycle of a deployed resource Each deployment object defined using CDL, and mapped to its implementation Deployment object = WSRF-compliant EPR CDDLM Deployment API supports interaction with object Basic Execution Service (OGSA) may make requests to CDDLM for deployment
<cdl:cdl targetNamespace="http://cddlm.org/webserver/apache" xmlns="http://cddlm.org/webserver/apache" xmlns:tns="http://cddlm.org/webserver/apache" xmlns:cdl="http://ggf.org/cddlm-wg/xmlcdl/1.0" xmlns:base="http://cddlm.org/webserver/generic"> <cdl:import namespace="http://cddlm.org/webserver/generic" location="http://cddlm.org/webserver/generic.cddlm" /> <cdl:types ... /> <cdl:configuration> <Tomcat cdl:name="tomcat" cdl:extends="base:webserver"> <port>8080</port> <tomcatOpts /> </Tomcat> <SoapEndpoint cdl:name="soapendpoint"> <name /> <namespace /> </SoapEndpoint> <ApacheAxis cdl:name="apacheaxis" cdl:extends="base:webapplication"> <hostname /> <port /> <wsddDescriptor /> <path>/axis</path> <livenessPage>happyaxis.jsp</livenessPage> <AxisAdmin cdl:extends="tns:soapendpoint"> <name>admin</name> <namespace>http://ws.apache.org/axis/admin</namespace> </AxisAdmin> <endpoints /> </ApacheAxis> </cdl:configuration> </cdl:cdl>
Distributed Deployment • Binary Components • Environment variables • Dynamic linking/loading • Source Code • Environment variables • Distributed “build” tools • Extract dependencies • Download libraries
Aspects of Grid Security • Restrict access to resources or service state • Related to the formation and management of Virtual Organisations • VO Resources and users are often located in distinct administrative domains • Can’t assume cross-organizational trust agreements • Different mechanisms & credentials • Interactions are not just client/server, but service-to-service on behalf of the user • Requires delegation of rights by user to service • Services may be dynamically instantiated slide based on presentation given by Carl Kesselman at GGF Summer School 2004
No Cross- Domain Trust Certification Certification Authority Authority Policy Policy Authority Authority Sub-Domain B1 Sub-Domain A1 Domain A Domain B Task Federation Service GSI Server X Server Y Virtual Organization Domain The Trust Model slide based on presentation given by Carl Kesselman at GGF Summer School 2004
Delegation (a key aspect of VO) Delegation : The act of giving an organisation, person or service the right to act on your behalf. • A Site delegates responsibility for the users that may access its resources to the managers/management system. • An organisation delegates its rights to a user. • A user delegates their authentication to a service to allow programs to run on remote sites.
ComputeCenter Service VO ComputeCenter Use Delegation toEstablish Dynamic Distributed System slide based on presentation given by Carl Kesselman at GGF Summer School 2004
Service with arbitrary mechanisms ComputeCenter X.509/SSL Kerberos/ WS-Security Rights VO ComputeCenter SAML Attribute slide based on presentation given by Carl Kesselman at GGF Summer School 2004
Brian Matthews, TrustCom Trust is relative to a specific service. Different trust relationships appear in different business contexts The measurement may be absolute (e.g. probability) or relative (e.g. dense order) This period may be in the past (history), the duration of the service (from now and until end of service), future (a scheduled or forecasted critical time slot), or always A Working Definition of Trust Trust of a party A to a party B for a service X isthe measurable belief of A in that B behaves dependably for a specified period within a specified context (in relation to service X) Dependability is deliberately understood broadly to include security, safety, reliability, timeliness, maintainability
Brian Matthews, TrustCom Trust & Security Contract Collaborative Process Identification discovery & justified identification of credible, trusted partners elicitation of contractual requirements formulation, negotiation definition of VO objectives, elicitation of process goals and requirements Formation establishment of trust between perspective VO members Instantiation and endorsement of collaboration agreements between VO partners process definition (overlaying trust information), engagement of collaborators, optimisation of resource utilisation Operation maintenance of trust, autonomic security management, adaptive deployment of security policies contract enforcement, performance monitoring, arbitration & contract amendment adaptive enactment of collaborative processes, trust-based decision making, secure service orchestration, dynamic service invocation, accounting Dissolution termination of trust relationships & maintenance of trust knowledge nullification of contracts, posterior analysis resource disengagement, posterior analysis Trust LifeCycle Policy Spec Feedback + Reasoning Reputation Repository
Policy Issues Requirements (Declarative Policy) • User • Service Reputation Repository • Grouping/Aggregating (Reasoning) • Ontology Definition • Consistency Check (does not invalidate old info) Contract Formation based on this • By checking Reputation Repository Relationship between Policy SLA (Contract) • Penalty in case of violation Support for Reasoning and Policy Evaluation
Standards • WS-Agreement • Significant potential of involvement from the agents community • Electronic contracts/negotiation • Grid Policy • Use of trust models from agents community • Automated Deployment • Tuning deployment scripts • Semantic Grids • Ontologies for Policy Description • Ontologies for services