Grid Resources, Services and Data – Towards a Semantic Grid System

Marko Niinimäki 

Grid Resources, Services and Data – Towards a Semantic Grid 

System  

DEPARTMENT OF COMPUTER SCIENCES 

UNIVERSITY OF TAMPERE 

 D‐2006‐1 

TAMPERE 2006 

UNIVERSITY OF TAMPERE 

DEPARTMENT OF COMPUTER SCIENCES 

SERIES OF PUBLICATIONS D – NET PUBLICATIONS D‐2006‐1, JANUARY 2006 

Marko Niinimäki 

Grid Resources, Services and Data – Towards a Semantic Grid 

System  

DEPARTMENT OF COMPUTER SCIENCES FIN‐33014  UNIVERSITY OF TAMPERE    

ISBN 951‐44‐6555‐5 ISSN 1795‐4274 

GridResources,ServicesandData–Towardsa

SemanticGridSystem

MarkoNiinim¨aki

HelsinkiInstituteofPhysics,TechnologyProgrammeandDepartmentofComputerScience,UniversityofTampere,Finland

January2006

Abstract

Thispaperdescribessomeofthemany-facetedtechnologiesthatareknownastheGrid.Thesetechnologieshavebeenusedcreatedistributedapplicationsanddataservicesinasecuremanner.

WithexistingGridsoftware,severalmilestoneshavebeenreached.However,mostoftheapplicationsthatrunonproductionGridsarequitespecialisedandrequirealotofexpertisetosetup,runandmaintain.Inthispaper,wedesignandimplementaneasy,genericframeworkforresource,serviceanddatadescriptiondirectory,andapresentauserinterfaceprototypeforit.

Inthisframework,theuserisnotusing“computerprograms”inthetraditionalway,thereareonlyservicesanddatathattheservicescanmanipulatefortheuser.Keywords:Grid,Gridservices,virtualorganizations.

1Introduction

AsFosteretal.statein[FKNT04],“Gridsystemsandapplicationsaimtointegrate,vir-tualize,andmanageresourcesandserviceswithindistributed,heterogeneous,dynamic’virtualorganizations’.”Catlettin[Cat03]dividesGridsystemsintothreegenerations.Thefirstgenerationinvolvedlocal”metacomputers”withbasicservicessuchasdis-tributedfilesystemsandsite-widesinglesign-on.Itwasuptoprogrammerstoprovidedistributedapplicationsusingtheseandcustomcommunicationprotocols.ThesecondgenerationGridssuchasI-WAY[DFP+96],Legion[GW97]andCondor[LLM88]createdsoftwareservicesandcommunicationsprotocolsthatcouldbeusedasaba-sisfordevelopingdistributedapplicationsandservices.Itis,however,obviousthatthesenewbundlesofservicesandprotocols(latercalledGridmiddlewares)weremu-tuallyincompatible.CatlettseesthethirdgenerationGridstobebasedoncompatibletechnologiesandarchitectures,featuringOpenGridServiceArchitecture(OGSA,see[FKNT04]).

WithsecondgenerationGridSystems,theconceptofjobmanagementisperva-sive:theuserdesignsajobdescriptionthatdeclaresthecomputinganddataresourcesneeded,andasystemknownastheresourcebrokerusessomeheuristicstofindan“end

Figure1:AgeneralarchitectureofatypicalsecondgenerationGrid

point”wherethejobcanberun.Aftera(hopefully)successfulcompletion,theresultsofthejobarestoredandtheuserisnotified.AsanexampleofasecondgenerationGridsystem,weconsiderCondor-G[F+02],acombinationofCondorbatchjobman-agementsystemandGlobusToolkit(see[FK97]).AsimplifiedviewofsuchasystemisshowninFigure1.There,theresources(storage,computingpower)registertheircapabilitiesinaresourceinformationdirectory.Theuserwhowantstoutilizethere-sourcesexpresseshisrequest(2)usingajobdescriptionlanguage.Theresourcebrokermatchestheresourcesandtherequestandthejobissendtobeexecutedina“suitable”location(3).Theresultsareeitherrecoveredbytheuser(4)or“automatically”writtentothespecifiedlocation.

However,themainfocusofthispaperareGridtechnologiesbeyondjobsubmis-sions.Theimportantconceptstobuildonarethoseofvirtualorganizations;secureservices;resourceandserviceontologies;andresourceandservicecatalogs.Asanovelitemofdesign,wepresenthowtodescribedataintheGridcontextandintegrateitwithresourcesandservices.Basedonthese,wepresentadesignandaprototypeofaserviceorientedGridsystemthatemphasisesthesemanticsofdata,resourcesandservices.Asfarasweknow,acoherent,ontologicalframeworklikethishasnotbeenpresentedpreviously,thoughseveralofitscomponentshavebeendevelopedinGridprojects(seebelow).

Therestofthepaperisorganizedasfollows.InSection2,weprovideaback-

2

groundtoexistingGridsystemsanddiscusshowtoaccessaknownGridresourceandservice.ThissectioncanbereadasasurveyofbasicGridtechnologies.InSection3wepresenthowtodescriberesources,servicesanddata;morespecificallyinSection3.1weprovideanontology-baseddescriptionframeworkforresources,in3.2forGridservices,andin3.3fordata.ThemaincontributionofthispaperispresentedinSec-tion4,whereaunifieddesignofaresource,serviceanddatadirectoryispresented.InSection5wediscusshowausercouldintuitivelyusesuchaplatformofservicesandresources.

2Relatedworkandbackground

RelatedworkrelevantinthiscontextincludesFosterandKesselman’sseminalintro-ductionstotheGrid(andapplications)in[FK98,FK03].Specifically,Chapter21,[SNWN03a],inthelatter,andChapter4of[LB05]describethestateoftheartofGridsecuritytechnologies;theyareusedasthebackgroundofSection2.1.

TheOpenGridServiceArchitecture(OGSA)hasbeenpresentedin[FKNT04,KT05,FK03].OGSAisbasedonSemanticWebtechnologies,discussedin[BLHL01,AvH04].Amongthesetechnologies,theResourceDescriptionFramework(RDF)[W3C04c]andWebOntologyLanguage(OWL)[B+04]areWorldWideWebConsor-tiumrecommendationsfortheSemanticWebandpreviouslyappliedtoGridcontextforinstancein[PCS03].ApplyingSemanticWebtechnologiestoGridenvironmentsiscommonlyknownastheSemanticGridanddiscussedine.g.[RJS05].

Gridresourcedescriptionshavebeenanissueofmanystudies,e.g.[KBM02].Theresourcedescriptionsarematchedwiththerequirementsofjobsbydifferentbrokeringapproachesdiscussedine.g.[YSL05,VBW05].TheconceptofGridservicesinOGSAembracesthemanagementofresourcesas“Resourcemanagementservices”anddataas“Dataservices”(see[PTF05]).ResearchrelatedtodiscoveringGridresourcesandserviceshasbeendoneine.g.[HDH+04,LvS02,TDK03,BGG03].However,aspecif-icallydataorientedapproachisseeninOpenGridServiceArchitecture-DataAccessandIntegrationOGSA-DAI[A+05b].

2.1AuthenticationandauthorisationinGrids

Authentication(i.e.useridentityverification)andauthorisation,i.e.decidingwhethertheusercanhaveanaccesstoacertainresourceareessentialindistributedapplications.AuthenticationandauthorisationinGridreliesonpublickeyinfrastructure(PKI).Thebest-knownexampleofitsuseisGridsecurityinfrastructure(GSI)promotedbytheGlobusAlliance(see[SNWN03b]).

PKIisasetofprotocols,servicesandstandardsthatfacilitatetheuseofpublickeycryptographybyallowingthesecuredistributionofpublickeysbetweencommu-nicatingparties,andtherebysupportingtheexchangeofsensitiveinformationoveranunsecurednetworksuchastheInternet[Nie02].PKIusestwodigitalkeysmathe-maticallyrelated:apublickeyandacorrespondinganduniqueprivatekey.Givenamessage,anencryptionfunction(thatcryptsthemessage)EKcanbeeasilycomputedfromthepublickeyX,andXiscomputedfromtheprivatekeyK.Xispublished,so

3

thatanyonecanencryptmessages.IfadecryptionfunctionDKcannotbeeasilycom-putedfromXwithoutknowledgeofK,butreadilywithknowledgeofK,thenonlythepersonwhogeneratedKcandecryptmessages(adaptedfrom[cc04],fordetails,see[MvOV96]).

InthescopeofthispaperwediscussPKIasrelatedtodigitalcertificates.Inordertodoso,weneedtheconceptofdigitalsignature,thatwedescribefollowingGalwinandMurphy[GM95]:

“Adigitalsignatureforanobjectiscreatedbyhashingtheobjectwithaone-wayhashfunctionandencrypting(signing)thehashvaluewiththeprivatekeycomponentofapublic/privatekeypair.Thesignatureisverifiedbydecryptingitwiththepublickeycomponenttoexposethehashvalueandcomparingtheexposedhashvaluetoarecomputedhashvalue.Ifthetwohashvaluesmatchthesignatureis[..]consideredvalid.”

Currently,X.509version3(recommendedbytheInternationalTelecommunica-tionsUnion(ITU)in[IT97])isthemostcommonlyusedPKIstandard.

AX.509v3certificatecontainsinformationreferringtoapublickey,whichhasbeendigitallysignedbyaCertificationAuthority(CA).Itisrepresentedbyadocumentwherethepublickeyiscontained–aswellasotherusefulidentificationinformationsuchasthedistinguishedname(DN)oftheentityitidentifies,anexpirationdateandtheCA’sname(see[Nie02]).Thecertificateassuresanyrelyingparty(usingthepublickey)thattheassociatedprivatekeyisheldbythe”correct”remoteentitytowhomthecertificatewascreated.AnexampleofaX.509v3usercertificateisshowninFigure3.Ahostcertificatethatidentifiesforinstanceacomputerissomewhatdifferent;somefieldsofsuchacertificateareshowninFigure4.Somefieldsofthe(self-signed)NorduGridCAcertificateareshowninFigure5.

AproxycredentialallowsentityAtogranttoanotherentityBtherightforBtobeauthorisedwithothersasifitwereA(see[T+04,W+04]).InthecontextofGSI,proxycredentialsareproxycertificates;typicallyuserproxies(createdbytheuser)ordelegatedproxies(createdbyservices,usingtheuserproxy).Auserproxycontainsbothapublicandaprivatekeywithasubjectof“A/proxy”1,togetherwithA’spublickeyanditissignedbyA.AserviceorotherentityreceivingtheproxycanverifythatitisindeedsignedbyA.Moreover,throughA’spublickey,itcanverifythatithasbeensignedbytheCAitclaimstobe.However,sinceaninterceptorcanatleasttheoreticallystealtheproxy,itsvalidityistypicallylimitedto12hours.2TheauthenticationprocessisdescribedinFigure2,adoptedfrom[The04a],[LB05]andGlobusGSIsourcecode.Technically,themethodofimplementationforcarryingouttheexchangeofcertificateinformationisbasedonSecureSocketsLayer/TransportLayerSecurity(SSL/TLS)[Tho00].Thenegotiationtakesplaceswhentheconnectionisestablishedbetweentheclientandtheserver.

AsobviousinFigure2,theidentityofthehostcomputerisbasedonitsIPaddressandhostname.Thiscanbeseenaslimitation;anovelapproachcalledHostIdentity

•Tostarttheauthenticationprocess,AgivesBhisproxycertificatefilecontainingtheproxyprivateandpublickeysandA’spublickey.•A’spublickeyisusedtovalidatethesignatureontheproxycertificate.•TheCA’spublickeyisthenusedtovalidatethesignatureA’scertificate.

•OnceBhascheckedoutA’scertificate,BmustmakesurethatAreallyisthepersonidentifiedinthecertificate:

–BgeneratesarandommessageandsendsittoA,askingAtoencryptit.–Aencryptsthemessageusinghisprivatekey,andsendsitbacktoB.–BdecryptsthemessageusingA’spublickey.

–Ifthisresultsintheoriginalrandommessage,thenBknowsthatAiswhohesaysheis.

•ThesameoperationtakesplacesothatAverifiesB’sidentity.InthiscaseBhasaservercertificateinsteadofaproxy.Therefore:

–BsendsAhercertificate,Avalidatesthecertificateandsendsachallengemessagetobeencrypted.–BencryptsthemessageandsendsitbacktoA,andAdecryptsitandcomparesitwiththeoriginal.–Ifitmatches,thenAknowsthatBiswhoshesayssheis.

•Additionally,bothpartiescheckthattheotherparty’scertificateisvalid.Moreover,AchecksthatB’scanonicalname(likepcrship01.cern.ch)correspondswiththesubjectofB’scertificate.

Figure2:AmutualauthenticationprocessusingaproxycertificateofAandservercertificateofB.

Certificate:Data:Version:3(0x2)SerialNumber:527(0x20f)SignatureAlgorithm:md5WithRSAEncryptionIssuer:O=Grid,O=NorduGrid,CN=NorduGridCertificationAuthorityValidityNotBefore:Feb1115:53:212004GMTNotAfter:Feb1015:53:212005GMTSubject:O=Grid,O=NorduGrid,OU=hip.fi,CN=MarkoNiinimakiSubjectPublicKeyInfo:PublicKeyAlgorithm:rsaEncryptionX509v3extensions:X509v3BasicConstraints:CA:FALSENetscapeCertType:SSLClient,S/MIMEX509v3KeyUsage:DigitalSignature,NonRepudiation,KeyEnciphermentNetscapeComment:OpenSSLGeneratedCertificateX509v3SubjectKeyIdentifier:34:52:66:B3:55:FD:65:79:E7:EA:59:A2:74:28:C0:1E:D7:DD:17:DBX509v3AuthorityKeyIdentifier:keyid:18:05:C0:FC:0B:D1:B7:3A:F4:65:92:09:FB:59:A1:5F:C7:88:C4:F0DirName:/O=Grid/O=NorduGrid/CN=NorduGridCertificationAuthorityserial:00X509v3SubjectAlternativeName:email:marko.niinimaki@hip.fiSignatureAlgorithm:md5WithRSAEncryptionFigure3:AnexampleofaX.509usercertificate(somefieldsandvaluesomitted)

5

Issuer:O=Grid,O=NorduGrid,CN=NorduGridCertificationAuthoritySubject:O=Grid,O=NorduGrid,CN=host/pcrship01.cern.chFigure4:ExamplesoffieldsandvaluesinaX.509hostcertificate

Issuer:O=Grid,O=NorduGrid,CN=NorduGridCertificationAuthoritySubject:O=Grid,O=NorduGrid,CN=NorduGridCertificationAuthorityX509v3extensions:X509v3BasicConstraints:CA:TRUEFigure5:ExamplesoffieldsandvaluesinaX.509CAcertificate

Proxypublickey

Proxycreator’spublickey

Issuer:O=Grid,O=NorduGrid,OU=hip.fi,CN=MarkoNiinimakiValidityNotBefore:Nov1807:56:232004GMTNotAfter:Nov1820:01:232004GMTSubject:O=Grid,O=NorduGrid,OU=hip.fi,CN=MarkoNiinimaki,CN=proxyFigure6:Thestructureofaproxycertificateandsomelinesofatypicalproxy

6

Limitedproxypublickey(signedbyproxypublickey)

Subject:O=Grid,O=NorduGrid,OU=hip.fi,CN=MarkoNiinimaki,CN=proxy,CN=limitedproxy

Proxypublickey(signedbyproxycreator’spublickey)

O=Grid,O=NorduGrid,OU=hip.fi,CN=MarkoNiinimaki,CN=proxy

CA’spublickey

O=Grid,O=NorduGrid,CN=NorduGridCertificationAuthority

Figure7:Thestructureofadelegatedproxycertificate

Protocolisdiscussedin[KGN05,Kar05a]buttoourknowledgeithasnotbeenappliedtoGridcontexts.

Whentheclienthasbeenauthenticatedandauthorizedbytheserver,aproxydel-egationisperformed.Adelegatedproxyfile(representingtheuser)iscreatedbytheserversoftware.ThestructureofadelegatedproxyisshowninFigure7;fordetails,see[W+04,The04a].Thebenefitofthedelegatedproxycertificateisthattheoriginal(user’s)proxy,containingtheproxyprivatekeyisverifiedbutnotsenttotheserver.However,insomeapproacheslikeHelsinkiInstituteofPhysics’OpenGridportal(see[WNN03])theuser’sproxyfileistransferedquiteliberallytobeusedbygridservices.AsamekindofproxystoreisusedbyMyProxysoftware(see[NTW01]).Themotiva-tionthereisthatsincedatatransmissionsareencrypteditisunlikelythattheproxyfilewillbestolenbyathirdpartyduringitstransfer.ThisistheapproachweshalluseinourimplementationinSection4,too.

TheGridcomputingfieldcanbecharacterizedasacollectionofheterogeneouscomputingresourcesthataresharedbymanyindividualsandorganizations.Thishasgivenrisetotheconceptof“virtualorganizations”.Avirtualorganization(VO)isacollectionofpeopleinsomeadministrativedomain.Auser’srelationshipwithhisVOisdefinedbytheorganization’sinternalhierarchy.Theusercanbeapartofanynumberofinternalgroupsintheirorganizationandhavemultiplerolesinmanyorga-nizations[ACC+03].AuserisauthorisedtoperformtasksoraccessresourcesintheGridaccordingtotheirVOaffiliationandtheirrole(s)withintheVO.VirtualOrgani-zationMembershipServiceVOMSisanauthenticationandauthorisationsystemthatallowstheadditionofVOinformationintheuser’sproxy.AVOMSsystemconsistsofauserserver,auserclient,anadministrationserverandanadministrationclient(see[ACC+03]);hereitissufficienttonotethatauserexecutesaclient“voms-proxy-init”withaparameterspecifyingtheVO(e.g.nordugrid).Theclientconnectstotheserver,andtheserverreturnstheuser’sproxywiththeappropriateVOinformation.Theextensionas“rawdata”andparsedbyvoms-proxy-infoisshowninFigure8.Thesetoolsprovideuswithratherflexiblemeansofauthenticationandauthorisa-tion.WiththefirstversionsofGlobusmiddleware,theauthenticationandauthorisation

7

X509v3extensions:1.3.6.1.4.1.8005.100.100.5:....MarkoNiinimaki........nordugrid://hydra.ii.uib.no:15002..../nordugrid/Role=NULL/voms-proxy-info-allsubject:/O=Grid/O=NorduGrid/OU=hip.fi/CN=MarkoNiinimaki/CN=proxyissuer:/O=Grid/O=NorduGrid/OU=hip.fi/CN=MarkoNiinimakiidentity:/O=Grid/O=NorduGrid/OU=hip.fi/CN=MarkoNiinimakitype:proxystrength:512bitspath:/tmp/x509up_u1007timeleft:10:08:13VO:nordugridsubject:/O=Grid/O=NorduGrid/OU=hip.fi/CN=MarkoNiinimakiissuer:/O=Grid/O=NorduGrid/CN=host/hydra.ii.uib.noattribute:/nordugrid/Role=NULL/Capability=NULLtimeleft:10:08:12Figure8:Somefeaturesofavomsproxy

\"/O=Grid/O=NorduGrid/OU=hip.fi/CN=MarkoNiinimaki\"markoFigure9:Anentryin/etc/grid-security/grid-mapfile

processwasquitelimited;themiddleware’s“gatekeeper”componentgavetheusertherighttoexecuteprogramsasalocaluserbasedonentriesinaspecificfileinthelocal(Unix)system,grid-mapfile(see[Theb]).AnexampleofthatisshowninFigure9.There,usingaclientjobsubmissionprogram,theuserwhoseproxyissuercorrespondstothegivenlineisallowedtoexecutehisprogramasuser“marko”.Naturally,thegatekeeperalsoverifiesthattheuser’sCAisknown.

Amorefine-grainedapproachutilisesaccesscontrollists(ACL’s).WithGridSiteserversoftware(see[McN05]),severalaccesstypes(read,write,execute..)canbedefined,andtheaccesstofilesisper-directorybasis.AnexampleinFigure10showsa“.gacl”filethatcontrolsaccesstoadirectoryintheservercomputer.Thefirstentryauthorisesapersonforsomeaccesstypes.However,givendynamiccommunities,itwouldbecomeaburdentomaintainsuchaccesscontrolentriestoallpotentialusers.EntriesspecifyingaccessforVOmembersareeasiertomaintain;anentryshownbelowwouldallowtheusersinVOnordugrid(theirmembershipsignedbyVOMSserverhydra.ii.uib.no)toreadwriteandlistentriesinthisdirectory.

2.2Gridmiddlewareandotherdistributedcomputingapproaches

¨Ingeneral,adistributedcomputingsystemcanbedefined(likeOzsuandValduriezin

[OV99])asanumberofautonomousprocessingelementsthatareinterconnectedbyacomputernetworkandthatcooperateinperformingtheirassignedtasks.According¨toOzsuandValduriez,theissuesthataredistributedcanbe(i)processinglogic(ii)functions(iii)data,and(iv)control.Distributingtheprocessinghasbeenthefocusofseveralprogrammingpackagesthatallowtheprogrammertoembedefficientparalleli-sationinthesoftware,e.g.ParallelVirtualMachinePVM(see[G+94]).Distribution

8

/O=Grid/O=NorduGrid/OU=hip.fi/CN=MarkoNiinimaki/O=Grid/O=NorduGrid/CN=host/hydra.ii.uib.nonordugridFigure10:AGridaccesscontrolfile

accordingtofunctions(orfunctionality)canbeseenasassigningspecialisedtaskstoresourcesthataremostsuitedtoprocessthem.Matchingtasksandresourcesisgen-erallyseenasthetaskofabrokerandimplementedforinstanceasapartoftheJXTAarchitecture(see[Gon01]),orinamoreabstractwayintheCommonObjectRequestBrokerArchitecture(CORBA,[Vin97]).Datadistributionhasbeenresearchedinthecontextofdistributed(orfederated)databasesystems(see[OV99]).Thedistributionofcontrolbycollaboratingsoftwareagentshasbeenaddressedine.g.[Lan98].

Givenallthesediversetechnologiesofdistributedcomputing,onecanaskwhatistheroleofGrid.This,however,canbeseenasaninterfacetodistributeddata,re-sources,andservicesthroughGridmiddleware;orasGrimshawstatesin[Gri02],“theobjectiveofGridmiddlewareistovirtualizeresources,provideaccess,andingeneraldealwiththephysicalcharacteristicsoftheGrid.”Fromtheperspectiveofaccessingdata,resourcesandservices,weseethatthedefiningfeatureofGridmiddlewareandGridsoftwareingeneralistheuseofGSI,discussedinSection2.1.

3Gridresourcesandservices

InthecontextofthispaperweconsiderGridresourcessimplyasanythingaGridusermightbeinterestedin.GridservicesarestandardizedoratleastpublishedwaysofaccessingtheseresourcesintheGridcommunityinquestion.Thus,diskspaceisaresource,butaGridmethodofputtingfilesorrecordsonadisk,orrecoveringthem,isaservice.Inasimilarmanner,executingjobsremotelyina“suitable”computerisaservice.

AsasimplesecondgenerationGridexample,weconsidertheGSIFTP[Thea,The00]protocolandservicesthatutiliseit.GSIFTPisanimplementationofFTP(FileTransferProtocol,originallycalledBulkDataTransferProtocol,see[CLZ85])suchthatGSI(seeSection2.1)isusedforauthenticationandauthorisation.Inprac-tice,GSIFTPworksasaclient-serverprogram;theGlobusprojectusesamodifiedWU-FTP3serverandNCFTP4client.Inpractice,theusercreatesaproxycertificate,

grid-proxy-initYouridentity:/O=Grid/O=NorduGrid/OU=hip.fi/CN=MarkoNiinimakiEnterGRIDpassphraseforthisidentity:Creatingproxy.....................................................Donegsincftpgsiftp://pcrship04.cern.chNcFTP3.0.3(April15,2001)byMikeGleason(ncftp@ncftp.com).Connectingto137.138.250.35...ServerreadyLoggingin...NoneedforusernameLoggedintopcrship04.cern.ch.Currentremotedirectoryis/.ncftp/>putcompute.shcompute.sh:173.76kB51.74kB/sngsub-cpcrship01.cern.ch-ftest.jobClientmiddleware:nordugrid-0.5.33Submittingxrsl:&(executable=\"/bin/echo\")(arguments=\"track1\")(jobName=\"ngtest\")(stdout=\"stdout\")(executables=\"compute.sh\")(inputfiles=(\"compute.sh\"\"gsiftp://pcrship04.cern.ch/compute.sh\"))Jobsubmittedwithjobidgsiftp://pcrship01.cern.ch:2811/jobs/2831111340415291997069207Figure11:FiletransfersandjobsubmissionsusingARC

initiatestheconnectiontotheserverusingthegsincftpclientprogram.ThemutualauthenticationproceedsasinFigure2.

TheNorduGridconsortium’sAdvanceResourceConnector(ARC,see[E+06])isasecondgenerationGridmiddlewarethatusestheGSIFTPprotocolforjobsubmissionsinadditiontofiletransfers.AfiletransferandajobsubmissiontoaspecificcomputerrunningARCisshowninFigure11.There,ausertransfersafile(compute.sh)inafileserverusingGSIFTP,and,inanothercomputer,startsajobthatutilisesthefile.Inthelattercase,thesoftwarecomponent(calledGridManagerinARC)collectstheinputfiles,startsthejobandsupervisesitsexecution.Itsabilitytorecoverinputfilesisnaturallybasedonthefactthatitcanusetheuser’sdelegatedproxy,asexplainedinSection2.1.

Forresourcedescriptions,ARCusesasystembasedonLightweightDirectoryAccessProtocolLDAP[HS95]andMonitoringandDiscoverySystem(MDS,origi-nallycalledMetacomputingDirectoryServicein[F+97],see[Thec]).However,in[NTN05b],wehaveoutlinedGridresourcedescriptionbasedonResourceDescriptionFramework(RDF)ontologies.InSection3.1,weprovideashortsummary.InSec-tion3.2,weconcentratein(thirdgeneration)Gridservices.Weassume,naturally,thataccesstoservicesiscontrolledbyGSI.

3.1GridResourceDescriptions

In[And04]DataTAG’sGLUEproject’sgoalsaredescribedasfollows.“TheGlue-Schemaactivityaimstodefineacommonconceptualdatamodeltobeusedforgridresourcesmonitoringanddiscovery.”GLUE1.1dividesGridintocomputing(Comput-ingElement,CE),storage(StorageElement,SE)andnetwork.Slightlysurprisingly,

10

Figure12:GLUECEdescription

thereisnoseparateconceptofa“principal”(auser,agroupofusersoravirtualorga-nization).5Figure12showsGLUE’sCEdescriptioninUML6classdiagramformat.GLUEismeticulouslymappedintoseveralimplementationalresourcepresentationformats,includinganLDAPschemaandarelationaldatabaseschema.

In[NTN05b],wehavecreatedaformalontologicaldescriptionofGLUEusingtheWorldWideWebWebConsortium’sWebOntologyLanguageOWLthatisbasedonRDF(see[B+04]).Morespecifically,withRDF,themostbasicmethodofrep-resentationisstatingthatsomething(asubject)hasa”property”(apredicate)whosevalueissomething(anobject,see[W3C04a]).Thesubject-property-valuetriplescanexpresssimplefactsaboutindividualslike“thisdocument(object)hasanauthor

(property)whosevalueisN.N.”,butRDFintroducestheuseofUniformResourceIden-tifiers(URIs)thatareusedasreferencesinthesedescriptionsto(i)network-accessiblethings,suchasanelectronicdocument,animage,aservice,oragroupofotherre-sources;(ii)thingsthatarenotnetwork-accessible,suchashumanbeings,corpora-tions,andbooksinprint;and(iii)abstractconceptsthatdonotphysicallyexist,suchastheconceptofa“creator”(see[W3C04a]).UsingURIreferences,theaboveexpres-sioncouldbeparaphrased“documenthttp://wiki.hip.fi/xml/examplehasprop-ertyhttp://purl.org/dc/elements/1.1/creatorwhosevalueishttp://www.cs.uta.fi/henkilosto/henkilo.php?uid=csmani”.AsetofURIreferencesspec-ifiedforaspecificpurpose(e.g.forexpressingcreatorsandcreationdatesofdocu-ments)iscommonlyreferedtoasavocabulariumandtechnicallyoftenpresentedasaXMLnamespace(fordetails,see[BHL99]).TheRDFSchemalanguage(RDFS,see[W3C04b])hasbeenspecificallydesignedforexpressingvocabularies,andOWLisanextensionoftheschemalanguage.RDFSitselfhasarichsetofdatamodellingconstructslikeclasses,theirsub-classesandproperties(relationswithotherclasses),butOWLfurtherextendsRDFSbyaddingrestrictions(likecardinalityconstraints)totheseconstructs;fordetails,see[B+04].Ingeneral,wecalladescriptionthatusesOWLconstructsanOWLontologyorOWLschema.

Thebenefitofthispresentationisthatitallowssearchoperationsusinghigh-levelquerylanguageslikeRQLandRDQL[KAS+02,Sea04]insteadofimplementationspecificLDAPqueries.Moreover,theformofexpressingtheseresourcescanbematchedwithserviceanddatadescriptionsthatareexpressedusingRDF,too.ApartofthisOWLontologyisshowninFigure13,where“glue”isanamespacedesignedforpresentingGLUEelements.AninstancesatisfyingthisschemainFigure14.

Thefullontology(thesourceoftheexcerpts)isavailableinhttp://wiki.hip.fi/xml/ontology/glue.xml.

RDF/OWLdescriptionscanbequeriedusingRQL,anSQLbasedquerylanguageandcanoperatewithconceptsofRDFandOWL,i.e.classes,properties,etc.ThesyntaxofRQLremindsSQLwithitsSELECT,FROM,WHEREclauses.TheexamplequeryinFigure16returnsallUnixcomputers.InpracticethismeansthattheusercanspecifythathewantstoexecutethejobinacomputerwithanUnixoperatingsystem,hisjobdescriptionisappendedwiththequeryinFigure16,andtheanswerwillcontaincomputerswithLinuxOS’ssinceLinuxisUnix(asspecifiedinFigure15).

3.2GridServiceDescriptions

AccordingtoBakeretal.in[BAFB05],themostimportantGridstandardtoemergerecentlyistheOpenGridServicesArchitecture(OGSA),which“aimstodefineacom-mon,standard,andopenarchitectureforGrid-basedapplications.”

AsshowninFigure17,OGSAisalayeredapproachwhere“GridServices”(OGSAServices)makeuseofWebServices.These,inturn,havebeendefinedby[W3C04d]asfollows:“AWebserviceisasoftwaresystemdesignedtosupportinteroperablemachine-to-machineinteractionoveranetwork.Ithasaninterfacedescribedinamachine-processableformat(specificallyWSDL)7.Othersystemsinteractwiththe

..111Figure13:ExcerptsofGLUECEpresentedinOWL

\"3.0\"\"Linux\"\"Debian\"Figure14:Apartofaninstance

13

Figure15:StatingthatLinuxisUnix

SELECT?xWHERE(?x),(?x?y)AND(?yeq\"Unix\")USINGgluefor,rdffor;Figure16:AqueryretrievingUnixcomputers

Applications

WebServices

Figure17:TheupperlayersofOGSA

14

thesecretparameter..weneedtheproxyThenameoftherdffiletobeused.Thenameofthequeryfiletobeused.ananswertoyourqueryrdfqueryexecutessesameandreturnstheresponseFigure18:PartofthewsdlforanRDFqueryservice

WebserviceinamannerprescribedbyitsdescriptionusingSOAPmessages,typi-callyconveyedusingHTTPwithanXMLserializationinconjunctionwithotherWeb-relatedstandards.”AnexampleofaWSDLserviceisshowninFigure18.

Webservices,however,arebuiltonhttp/httpsprotocolsthatarestateless(see[FGM+99],foradescriptionaboutstatesandautomataingeneralseee.g.[AU95]).Foster&alemphasizein[FFG+04]that“EventhoseWebserviceimplementationscommonlyde-scribedasstatelessfrequentlyallowforthemanipulationofstate,i.e.,datavaluesthatpersistacross,andevolvebecauseof,Webserviceinteractions.”Asanexample,Foster&almentionanonlineairlinereservationsystemthatmustmaintainastateconcerningflightstatus,reservationsmadebyspecificcustomers,andthesystemitself:itscurrentlocation,load,andperformance.Webserviceinterfacesthatallowrequestorstoqueryflightstatus,makereservations,changereservationstatus,andmanagethereservationsystemmustprovideaccesstothisstate.Inordertostandardizetheaccesstosystems,Foster&alproposeaWebServiceResourceFramework(WSRF)approach.Inprac-ticethisapproachsimplymodelstheresource(likeanairlinereservationpool)inawaythatawebservicecandescribeit.Consequently,therequestor(theuseroftheservice)candiscovertheresourceandusestandardisedoperationstoqueryandmanipulatethestates.ThisistheaddedvalueofGridServices,expressedasfollowsin[The03a]:“..whileWebservicessuccessfullyimplementapplicationsthatmanagestatetoday,weneedtodefineconventionsformanagingstatesothatapplicationsdiscover,inspect,andinteractwithstatefulresourcesinstandardandinteroperableways.”

StandardsforOGSAandWSRFaredesignedandpromotedbytheGlobalGridForum(seee.g.[KT05],OGSAisatrademarkoftheGlobalGridForum).

Inourprototype(seeSection4),theservicedescriptionisquiteprimitive,mainlybecausetheserviceswehavedevelopedaresosimplethattheycanberatherexhaus-

15

RdfAsimplecategoryforqueriesqueries1PROXY..Figure19:PartoftheOWL-SinstanceforanRDFqueryservice

tivelydescribedbyacategoryofaservice(e.g.“Queries”)andtheWSDLoperationdescriptionasinFigure18.WehavegeneratedsimplemappingsfromWSDL(andtheirlocations)toOWL-SWebServiceontologylanguage(see[MBL+03])todemon-stratethepossibilityofusingontologydescriptionsinservicedirectories(seeSection4).AnexampleoftheOWL-SinstancecorrespondingwiththeWSDLisshowninFigure19.

3.3DataDescriptions

Asamissinglinkbetweenresourcesandservices,wepresenthereanontology-basedframeworkfordescribingdatafordistributedapplications.Thismeansthatforstruc-tureddata,theformatofthedatashouldbemadeexplicit.In[NTN05a],wehaveproposedthefollowingdesign:

•Thedatacanbedistributedandprovidedbyindependentparties,butforadatarepository(anXMLfileoradatabasewithaqueryinterface),adescriptionoftheformatisprovided.

•Thereisanontologythatprovidesuswithcanonicalnamesormappingsforeachdatarepository.

The“dataontology”canbespecificorgeneral.Itseemsfeasibletoassertthatthemostgeneralontologyforstructureddataexpressesthatthereare(named)subjects,predicatesandobjectaswithRDF(seeSection3.1and[W3C04c]).Ontheotherhand,domainspecificOWLontologiesdeterminetheuseofnamedentities(classesandsub-classes)andtheirpropertiesinagivendomain;anontologyofcountriesmaydefinethatthereisanentitynamedCountry,withtheattributesISO-code(astring),andGeo-graphicalLocation(anentityoftypeGeographicalLocation).Followingthisexample,eachindependentdataprovidercanhaveacountrydatabasewithalmostanyfindofstructuretheylike,foraslongthereisamappingfromtheirstructuretothedomainontology.ApartofamappingfileforasimpledatasetisshowninFigure20.There,

16

Figure20:Anontologymapping

asimpleclassfordataFigure21:Dataontology

thecolumnnamesvalue,year,product,orig,anddestaremappedintopropertieshasMeasure,hasYear,hasProduct,hasExportCountryandhasImportCountryofclassTradeFactRowinourdomainspecificOLAPontology(see[NTN05a]).Agram-mar(expressedusingXMLSchema,see[W3C99])forontologymapsisprovidedinhttp://wiki.hip.fi/xml/ontology/ontomapping.xsd.8Technically,transform-ingthedataintoadomainspecificontologyiscarriedoutusingtheontologymapsandtheXSLTtransformationlanguagestylesheets(see[Cla99]).

Inpractice,adatasourcecouldbeseenasadataproducingservice,anddescribedthesamewayasservicesinSection3.2.However,giventhespecialneedofdomainontologymapping,wehaveprovidedasimpledataontologyformatshowninFigure21.

4Application:Resource,ServiceandDataDirectories

Interestingly,Bakeretal.in[BAFB05]havelittletosayaboutfindingservicesintheGrid.However,thereareseveraltoolsavailablefordataandservicedirectories.Fordatadirectories,filereplicacatalogslikeGlobusReplicaCatalog([S+02]),GlobusReplicaLocationService([C+04]),EuropeanDataGrid’sReptor([GKL+02])andEGEE’s9Fireman[EJ05]havebeensuccessfullinhighenergyphysicsGrids.How-ever,thesedirectoriestypicallyallowonlymappingsbetweennicknames(“logicalfilenames”)andseverallocationsofthefile(“physicalfilenames”).TheOGSA-DAI(OpenGridServiceArchitecture-DataAccessInterfaces)projecthasworkedforagenericGriddatabaseaccess(seee.g.[A+05b]).

ServicedirectoriesincludetheUniversalDescription,Discovery,andIntegrationprotocolUDDI(see[Kre01]).Asdescribedin[LB05],UDDIisanindustrystandardforserviceregistrationandpublication.AserviceproviderusesUDDItoadvertisetheservices(asWSDLdescription)thatitmakesavailable.AclientusesUDDItofindtheappropriateservicesforitspurposes.The“yellowpages”informationinUDDIallowsorganisingtheservicesinvariouscategories.Giventheseproperties,UDDIwouldworkwellasaGridservicedirectory,butapparentlyGridsystemsdonotusuallyemployUDDI(see,however[BBG+05]),nordoUDDIsolutionsnormallyuseGSIauthenticationandauthorisation.

Thereareother,profoundlyGridstyle,approachestothesameproblem,forin-stanceGlobus’MonitoringandDiscoverySystem(MDS)andARC’sRuntimeEnvi-ronments(see[The04b]).Inthelatterframework,theserviceproviderpreparesanenvironmentfortheapplication.Theseenvironmentshavestandardizednames,forin-stance“APPS/GRAPH/POVRAY-3.6”.Theserviceproviderinsertstheinitializationscriptsofsuchanenvironmentinadirectorywherethelocalinformationsystemdis-coversit,anddeclaresthatitisavailable(fordetails,see[Kon04]).However,theuserissupposedtoknow(ortolookup)thestandartisednameinordertorequestitforhisjob.

Inourdesign,thedirectorycontainspointerstodescriptionsofresources,servicesanddata.Theyarecurrentlynotregisteredautomaticallytothedirectory;instead,auserinterfacefortheirregistrationanduseisprovided.

ThebasicarchitectureforthesystemisshowninFigure22.There,servicesinaGSI-enabledserverareexpressedinWDSLasinFigure18.Theyareregistered(1)intheGridservicedirectoryaspairsoftheoperation(url,inthiscasehttps://grid.cs.uta.fi:8443/Services#rdfquery;theparameters,thiscaseproxy,rdf-file,queryfile)andthedescriptionoftheoperation.Withtheclient,theusercanstorefiles(orotherdatasources,describedusingtheontologyofFigure21)inGSI-enabledfilestoragesandregistertuplesconsistingofthefilename,descriptionandanicknameinthedirectory(2).Theusercan,too,queryfilesandservicesbynicknameinthedirectory.Iftheuserwantstorunaservice,hequeriesthedirectorybytheclientandreceivesagroupofservicenames(3,4).Heselectstheservicehewantsandispromptedfortheparametersbytheclient.TheservicecallwiththeparametersissenttotheGridserverbytheclient(5).Theserverrecoversthefilesgivenasparameters

Figure22:Architecture

(6)andtheresultsarereturnedtotheuser(7).

Asanexample,weconsidertherdfqueryserviceofFigure18.Theimplemen-tationisrelatedtoon-demandOLAP10cubeconstructionmethodologypresentedin[NTN05a].Ouraimistosupporttheconstructionasefficientlyaspossibleundersomelimitingcircumstances,namelythat

•Thedatatobequeriedisdividedintomutuallyexclusivefiles.•ThedataineachofthefilesconformswithourRDFontology.

•Eachofthedatafilescanbequeriedindependently(aconsequenceofthepre-viousitems)andtheresultscanbecombinedmechanicallyinafilethatcanbefurtherprocessedforloadingintoanOLAPdatabase.

Thedatainquestionrepresentsworldtradeofalltypesofproductsbetweenallcountriesduringthe1980’s.OurexampleRDQLquery(inFigure24)recoverstuples󰀂valueoftrade,exportingcountry,importingcountry,product,themaingroupofproduct,year󰀃suchthattheimportingcountryisFrance,theexportingcountryisFinlandandtheproduct’smaingroupiswoodindustryrelated.WehaveimplementedthequeryfacilityusingSesameRDFengine[BKvH02].Sesame’sperformanceismostsatisfactory,butcomplexquerieswithlargeinputdataareverydemanding.Wewereunabletorunthequeryusingadatasourcethatcombinesalltheinput(about5millionRDF-lines).However,usingasourcefilerepresentingoneyearoftrade,theresultcanbecomputedinabout30minutes.11TherdfqueryoperationismainlyasimplewrapperforSesamesuchthatittransfersthequeryandinputfileintoalocal“staging

universe=javaexecutable=x.classarguments=x--queryy--datazoutput=job.outerror=job.errtransfer_input_files=x.class,y,z,..jar_files=..when_to_transfer_output=ON_EXITlog=job.logqueueFigure23:ACondorjobsubmissionfile

area”andexecutesthequerybycallingSesame.Inadditiontojustlaunchingthecommandtheservicesoftwarerunsitinalocalcluster.Condorsoftware(see[LLM88])hasbeenusedforlocaldistributedcomputinginsidethecluster.Figure23presentsthecommandfilethattheservicelaunchesforJavaprogram“x”withparameters“–queryy–dataz”.

Therdfqueryserviceisdeclaredinaserviceanddatadirectorythathasitsowninterfaceforstoringandretrievinginformation.AlltheseoperationsareWSDLservicecalls.Forcommunicationwiththedirectory,thefollowingoperationsareprovided(weomittheWSDLforbrevity):

•send_and_register_file(stringbuffer,stringfilename,intpart,intallparts,stringnickname,stringdescription):sendsapotentiallyverylargefileinmanypieces.Thenicknamemustbeunique.

•register_url(stringurl,stringnick,stringcategory,stringdescription):forregisteringanddescribingexternalfilesandservices.

•get_url_by_nick(stringnick):returnsanurlthatmatchesthenickname.•get_by_description(stringsearchstring):returnsfilesorservicesthatmatchthedescription.

•get_by_category(stringsearchstring):returnsservicesthatmatchthecategory.

•get_categories():returnsthecategoriesofservices.

Theuseruploadsthedatafiles,anddefinestheirnicknames,byusingthesend_and_register_fileoperation.Inourexample,eachofthefilesrepresentingoneyearoftradebetweenallcountrieshasbeenuploadedwithnicknames“trade1980”,“trade1981”etc.Thequeryfile,showninFigure24is,likewise,uploadedwithanickname“q6”.TheuserthenproceedstosearchtheserviceandexecutesitasinFigure25.There,theuser’sproxyfileistransferedautomaticallyanditisusedbytheservertotransferthefiles.12

select?value,?ecountry,?icountry,?product,?maingroup,?yearwhere(?productrdf:typeschema:Product)(?frrdf:typeschema:FactRow)(?productschema:hasMainGroup?maingroup)(?ecountryrdf:typeschema:Country)(?icountryrdf:typeschema:Country)(?frschema:hasExportCountry?ecountry)(?frschema:hasImportCountry?icountry)(?frschema:hasProduct?product)(?frschema:hasYear?year)(?frschema:hasValue?value)and(?ecountryeqschema:FI)and(?icountryeqschema:FR)and(?maingroupeqschema:P2)usingschemaforFigure24:Aqueryfile

perlregister.pl1-querybyadescription2-registerafile3-querybynick4-registeraservice5-runaservice6-getservicecategoriesPleaseenteranumber(1,2,3,4,5,6)andhitenter.Anythingelsetoquit.5Pleaseenterastringintheservicedescription:rdf1:service:http://grid.cs.uta.fi:8080/Services.wsdl#rdfquery(PROXY,rdf,query)description:rdfqueryPleaseenterthenumberoftheservice:1PleaseselectinputforparameterrdfPleaseenteranick:trade1982PleaseselectinputforparameterqueryPleaseenteranick:q6Ifyouwanttosavetheresponseinafile,enterfilename,otherwiseenter.trade1982res.xmlFigure25:Clientexecution

Bystartingseveralclientprograms,theusercanexecutethequeriesforeachyearinparallel.Theresultscanberecoveredandcombinedbytheuser(oranotherGridservice).

Severalimprovementsarebeingplannedinthesystem.Currently,thesystemdoesnotmakeaproperdifferencebetweenaservice(e.g.rdfquery)andaresourcethatprovides(e.g.computergrid.cs.uta.fiactingasafrontendofacluster).Implementingthiswillprovideanaturalframeworkforamoreintelligentresourcebrokerthatunifiesthetechnologiesofresourceandservicedescriptionanddiscoveryasfollows:•Theuserfindsaservicethathewantstoexecute(andhastherightstouse)asinFigure25.

•Therecanbeseveralinstancesoftheserviceprovidedbydifferentresources,ortheservicecanbe“unbound”,i.e.asetofJavaclassesthatcanbeexecutedin

21

anyresourceprovidingasuitableJavaenvironment,enoughprocessingcapacityanddiskspaceetc.

•Basedonthelocationorrequirementsoftheservice(expressedasaninstanceoftheserviceontology),theresourceinformation(expressedasinstancesoftheresourceontology)andthelocationofthedata,theresourcebrokerfindsanoptimalplacetoruntheservice.

•Theserviceisrunandtheresultsstoredforfurtherprocessingorreturnedtotheclient.

Thebrokeringmechanismshouldtakeintoaccountthatsomeservicesaredataintensiveanditisprofitabletocarryoutthecomputationasclosetothedatasourceaspossible;thisistheapproachused,forexampleinGridBlocks(see[KNWN04]).Ontheotherhand,someservicesareCPUintensiveanduseonlyminimalamountsofdata.Brokerdesignsingeneralarediscussedine.g.[YSL05,VBW05].

5Conclusionsandfuturework:Aflexibleclientforse-manticGridcomputing

InthispaperwehavediscussedGridtechnologiesincludingauthenticationandautho-risation;ontology-basedGridresourceandservicedescription;anddesignedaframe-workandaprototypeforfindingandusingservicesintheGrid.

Theframeworkdescribedhereallowsthepossibilityofcreatinguserinterfaceswheretheusercaninteractivelyselectthedataandtheservicethatoperatesthedata.Theservicesutilizeauthenticationandauthorisation(discussedinSection2.1)intwoways.Ononehand,theservicedirectorycanbecustomisedtoshowcertainservicestoauthorisedusersonly.Ontheotherhand,theserviceimplementationsthemselvesareaccessibletousersbasedontheirGrididentities(proxysubjectorvirtualorganizationmembership).

ThedesignisbasedontheclientinSection4andthedesignofGridBlockssoftwarein[KNWN04].WefindthisapproachveryuserfriendlyandeasytounderstandforGridnewcomers,too.TheGridresourcesandservicespresentthemselvestotheuserinamannerthatwouldenabletousertoignorequiteamanyofthetechnicalconceptsinconventionalcomputing.Forinstance,theuserwouldnotneedtoknowwherethedataandservicesare.Puttingitevenmoreradically,theusercanforgettheconceptof“computerprogram”;hecanoperatecompletelyonthelevelofdataandservicesthatprocessdata.

Figure26showsthebasicuserinterface,anditsvariantforamobilephone(see[Kar05b]).Thebasicuserinterface(intheprocessofdevelopment)canbeusedinthefollowingway:

•Theusercreatesaproxycertificateusingthebuttonsintheupperrow.•Theeditingareaprovidestheuserwithbasicwordprocessingcapabilitiesand“placeholders”ofGridservicesanddata.Thedataandservicesareaccessibletotheuserbypressingtherighthandsidemousebutton.

22

•Withtheclickofthemousebutton,acontextmenuofservicesisshowntotheuser.There,theclientcontactstheservicedirectoryandrecoverstheservicesthatareaccessibletotheuser.Theservicesaregroupedincategories.

•Theuserbrowsestheservicesbycategoryorsearchesthembykeywords.Oncetheuserhaslocatedaservice,hewillbepromptedforinput–thedatathattheserviceutilises.Theuserprovidesthedata.

•Theservicewiththeappropriatedataisstartedinaremoteserver.Aplaceholderiscreatedfortheresultsortheirvisualisation.

•TheusercaneitherwaitfortheprocessingofthecomputationorsavethecurrentdocumentinaGridstorageserver.Eitherway,oncetheprocessingisfinished,theresultsareshownintheplaceoftheplaceholder.

Figure26:Agentuserinterface

GridSitesoftware,thatisthebasisofourserverimplementation,alsosupportshttpscommunicationwithawebbrowser.Inordertoenablethiscommunication,theuserneedstoimporthiscertificateinthebrowser.Itshouldbenoticedthatthisisaplainusercertificate(inPKCSformat,see[RSA99])andcannotincorporateVOMSorotherproxyextensions.However,theuser’sfullproxycanbemadeavailabletotheserverusingaMyProxyserver(see[NTW01])orbytransferingtheproxytotheserverbytheclient.WehavewrittenaclientsoftwareforourserviceplatformusingMozillaextensionsandlibraries(see[BKO+02]).ThelibrariesenabletheclienttocallWSDL

23

functionsintheservers,andtoformattheoutputforthebrowser.AnexampleisshowninFigure27.

Figure27:AMozillaclient

Acknowledgements

TheauthorisgratefultoMr.MikaMustikkam¨akiandMs.XiaoWangfortheirinputinapreviousversionsofSection2.1,toDr.TapioNiemiandMr.SanttuToivonenforapreviousversionofSection3.1,toMr.JuhoKarppinenforapermissiontouseFigure26,andtoDr.SergioAndreozziforhispermissiontouseFigure12inpublication[NTN05b].

References

[A+05a]

S.Andreozzietal.GLUESchemaSpecificationVer-sion1.2,FinalSpecification3rdDec2005.Availableathttp://infnforge.cnaf.infn.it/glueinfomodel/uploads/Spec/GLUEInfoModel

2

[AU95][AvH04][B+04]

[BAFB05][BBG+05]

[BGG03]

[BHL99]

[BKO+02][BKvH02]

[BLHL01][C+04]

[Cat03][cc04][Cla99]

A.AhoandJ.Ullman.FoundationsofComputerScience,chapter10.Freeman,1995.

G.AntoniouandF.vanHarmelen.ASemanticWebPrimer(CooperativeInformationSystems).TheMITPress,2004.

S.Bechhoferetal.OWLWebOntologyLanguageReference.WorldWideWebConsortium,February2004.W3CRecommendation,avail-ableat:http://www.w3.org/TR/owl-ref/.

M.Baker,A.Apon,C.Ferner,andJ.Brown.Emerginggridstandards.IEEEComputer,April2005.

S.Banerjee,S.Basu,S.Garg,S.Garg,S.Lee,P.Mullan,andP.Sharma.ScalableGridServiceDiscoveryBasedonUDDI.In3rdInternationalWorkshoponMiddlewareforGridComputing-MGC2005,Grenoble,France,December2005.

J.Brooke,K.Garwood,andC.Goble.InteroperabilityofGridResourceDescriptions:ASemanticApproach.InTheFirstGGFSemanticGridWorkshop,2003.Availableon:http://www.semanticgrid.org/GGF/ggf9/john/.

T.Bray,D.Hollander,andA.Layman.NamespacesinXML.TheWorldWideWebConsortium,1999.Availableathttp://www.w3.org/TR/1999/REC-xml-names-19990114/xs.

D.Boswell,B.King,I.Oeschger,P.Collins,andE.Murphy.CreatingApplicationswithMozilla.O’Reilly,2002.

J.Broekstra,A.Kampman,andF.vanHarmelen.Sesame:Agenericarchitectureforstoringandqueryingrdfandrdfschema.InProceedingsofthe2002InternationalSemanticWebConference,2002.

T.Berners-Lee,J.Handler,andO.Lassila.Thesemanticweb.ScientificAmerican,May2001.

A.L.Chervenaketal.PerformanceandScalabilityofaReplicaLocationService.InProceedingsofthe13thIEEEInternationalSymposiumonHighPerformanceDistributedComputing(HPDC’04).IEEEComputerSocietyPress,2004.

C.Catlett.Chairman’sforum.GridConnections–NewsandInformationfortheGlobalGridForumCommunity,1(3),2003.cryptcomments@math.ncsu.edu.”cryptographyfaq”.Availableat

http://www.faqs.org/faqs/cryptography-faq,2004.

J.Clark.XSLTransformations(XSLT)Version1.0–W3CRecommen-dation16November1999.TheWorldWideWebConsortium,1999.Availableathttp://www.w3.org/TR/xslt.

25

[CLZ85]

[DFP+96]

[E+06][EJ05][F+97]

[F+02][FFG+04]

[FGM+99]

[FK97]

[FK98][FK03][FKNT04]

[G+94][GKL+02]

D.C.Clark,M.L.Lambert,andL.Zhang.RFC969–NETBLT:ABulkDataTransferProtocol.Technicalreport,NetworkWorkingGroup,1985.

T.DeFanti,I.Foster,M.Papka,R.Stevens,andT.Kuhfuss.OverviewoftheI-WAY:Wideareavisualsupercomputing.InternationalJournalofSupercomputerApplications,10(2),1996.

M.Ellertetal.ARCmiddlewareforlightweightcomputationalGrids.Toappear,2006.

EGEE-JRA1.Egeeuser’sguide,glitedatamanagementcatalog-cli.Technicalreport,EGEE,2005.

S.Fitzgeraldetal.ADirectoryServiceforConfiguringHigh-performanceDistributedComputations.InProc.6thIEEESymp.onHighPerformanceDistributedComputing,pages365–375.IEEECom-puterSocietyPress,1997.

J.Freyetal.Condor-G:AComputationManagementAgentforMulti-InstitutionalGrids.ClusterComputing,5(3),July2002.

I.Foster,J.Frey,S.Graham,S.Tuecke,K.Czajkowski,D.Ferguson,F.Leymann,M.Nally,I.Sedukhin,D.Snelling,W.Vanbenepe,andS.Weerawarana.Modelingstatefulresourceswithwebservices.Tech-nicalreport,IBM,2004.

R.Fielding,J.Gettys,J.Mogul,H.Frystyk,L.Masinter,P.Leach,andT.Berners-Lee.RFC2616–HypertextTransferProtocol–HTTP/1.1.Technicalreport,NetworkWorkingGroup,1999.

I.FosterandC.Kesselman.Globus:AMetacomputingInfrastruc-tureToolkit.InternationalJournalofSupercomputerApplications,11(2):115–128,1997.

I.FosterandC.Kesselman,editors.TheGrid:BlueprintforaNewComputingInfrastructure.MorganKaufmann,1998.

I.FosterandC.Kesselman,editors.TheGrid:BlueprintforaNewComputingInfrastructure.MorganKaufmann,2edition,2003.I.Foster,C.Kesselman,J.M.Nick,andS.Tuecke.Thephys-iologyoftheGrid.Draft1.0asofJuly2004,availableathttp://www.globus.org/research/papers/ogsa.pdf,2004.

A.Geistetal.PVM:ParallelVirtualMachineAUsers’GuideandTuto-rialforNetworkedParallelComputing.TheMITPress,1994.L.Guy,P.Kunszt,E.Laure,H.Stockinger,andK.Stockinger.ReplicaManagementinDataGrids.Technicalreport,EuropeanDataGrid,2002.

26

[GM95][Gon01][Gri02][GW97][HDH+04]

J.M.GalvinandS.L.Murphy.Usingpublickeytechnology–issuesofbindingandprotectio.Technicalreport,TheInternetSociety,1995.L.Gong.Projectjxta:Atechnologyoverview.Technicalreport,SunMicrosystems,2001.

A.Grimshaw.Whatisagrid?GridToday,1(26),2002.

A.S.GrimshawandW.A.Wulf.Thelegionvisionofaworldwidevirtualcomputer.CommunicationsoftheACM,40(1),1997.

A.Harth,S.Decker,Y.He,H.Tangmunarunkit,andC.Kesselman.Asemanticmatchmakerserviceonthegrid.InProceedingsofthe13thinternationalWorldWideWebconferenceonAlternatetrackpapers&posters,pages326–327.ACMPress,2004.

T.A.HowesandM.C.Smith.AScalable,DeployableDirectorySer-viceFrameworkfortheInternet.TechnicalReport95-7,CITI(CenterforInformationTechnologyIntegration),UniversityofMichigan,USA,1995.

ITU-T.Itu-trecommendationx.509.TechnicalReportISO/IEC9594-8:1997,InternationalTelecomunicationUnion,1997.Informationtech-nology-OpenSystemsInterconnection-TheDirectory:Authenticationframework.

N.Karlsson.Enablingmultiplehipidentitiesonlinux.Master’sthesis,HelsinkiUniversityofTechnology,2005.

J.Karppinen.DataIntensiveMobileGridServices.Master’sthesis,HelsinkiUniversityofTechnology,February2005.

G.Karvounarakis,S.Alexaki,M.Scholl,V.Christopides,andD.Plex-ousakis.RQL:AdeclarativequerylanguageforRDF.InProceedingsoftheWorldWideWebconference2002,May7-11,2002,Honolulu(WWW2002).IEEEPress,2002.

K.Krauter,R.Buyya,andM.Maheswaran.Ataxonomyandsurveyofgridresourcemanagementsystemsfordistributedcomputing.Software–PracticeandExperience,(32),2002.

T.Koponen,A.Gurtov,andP.Nikander.Applicationmobilitywithhostidentityprotocol.InProceedingsoftheNetworkandDistributedSystemSecuritySymposium.TheInternetSociety,2005.Availableathttp://www.isoc.org/isoc/conferences/ndss/05/workshop/koponen.pdf.

[HS95]

[IT97]

[Kar05a][Kar05b][KAS+02]

[KBM02]

[KGN05]

[KNWN04]J.Karppinen,M.Niinimaki,J.White,andT.Niemi.Gridblocks–web

portalandclientfordistributedcomputing.InProceedingsofICEIS2004,6thInternationalConferenceonEnterpriseInformationSystems,Porto-Portugal,April2004.

27

[Kon04]

B.Konya.Thenordugrid/arcinformationnicaldescriptionandreferencemanual.http://www.nordugrid.org/documents/arc

system,tech-Availableat

[OV99][PCS03]

¨M.T.OzsuandP.Valduriez.PrinciplesofDistributesDatabaseSystems.PrenticeHall,2edition,1999.

L.Pouchard,L.Cinquni,andG.Strand.TheearthsystemGriddiscov-eryandsemanticwebtechnologies.InSemanticWebTechnologiesforSearchingandRetrievingScientificData,ISWCII,2003.

A.Polleres,I.Toma,andD.Fensel.Modelingservicesfortheseman-ticgrid.Technicalreport,DigitalEnterpriseResearchInstitute(DERI),2005.DagstuhlSeminarProceedings05271SemanticGrid:TheCon-vergenceofTechnologies.

D.DeRoure,N.R.Jennings,andN.R.Shadbolt.Thesemanticgrid:past,present,andfuture.ProceedingsoftheIEEE,93(3),2005.RSALaboratories.Pkcs12v1.0:Personalinformationexchangesyntax.Technicalreport,RSA,1999.

H.Stockingeretal.FileandObjectReplicationinDataGrids.ClusterComputing,5(3),July2002.

A.Seaborne.RDQL-aquerylanguageforRDF.Tech-nicalreport,W3CMemberSubmission,2004.Availableathttp://www.w3c.org/Submission/RDQL/.

[PTF05]

[RJS05][RSA99][S+02][Sea04]

[SNWN03a]F.Siebenlist,N.Nagaratram,V.Welch,andC.Neuman.Securityfor

virtualorganizations:federatingtrustandpolicydomains.InI.FosterandC.Kesselman,editors,TheGrid:BlueprintforaNewComputingInfrastructure.MorganKaufmann,2003.[SNWN03b]F.Siebenlist,N.Nagaratram,V.Welch,andC.Neuman.Securityfor

virtualorganizations:Federatingtrustandpolicydomains.InI.FosterandC.Kesselman,editors,TheGrid:BlueprintforaNewComputingInfrastructure.MorganKaufmann,2ndedition,2003.[T+04]

S.Tueckeetal.RFC3820–InternetX.509PublicKeyInfrastruc-ture(PKI)ProxyCertificateProfile.Technicalreport,NetworkWorkingGroup,2004.

H.Tangmunarunkit,S.Decker,andC.Kesselman.Ontology-basedre-sourcematchinginthegridthegridmeetsthesemanticweb.In1stWorkshoponSemanticsinPeer-to-PeerandGridComputing,2003.TheGlobusAlliance.GSIFTPToolsfortheDataGrid.Availableat:http://www.globus.org/toolkit/docs/2.4/datagrid/deliverables/gsiftp-tools.html.

TheGlobusAlliance.”gt2.4gsi:Managingthegrid-mapfile”.Availableathttp://www.globus.org/toolkit/docs/2.4/gsi/grid-mapfile

[TDK03]

[Thea]

[Theb]

[Thec][The00]

[The03a][The03b][The04a][The04b][Tho00][VBW05]

[Vin97][W+04][W3C99]

[W3C04a][W3C04b]

[W3C04c]

[W3C04d]

TheGlobusAlliance.Gtinformationservices:Monitoring&discoverysystem(mds).Availableathttp://www.globus.org/toolkit/mds/.

TheGlobusProject.GridFTP–UniversalDataTransferfortheGrid.Whitepaper,availableat:

http://www.globus.org/toolkit/docs/2.4/datagrid/deliverables/C2WPdraft3.pdf,2000.

TheGlobusAlliance.TheWS-ResourceFramework.Availableat

http://www.globus.org/wsrf/,2003.

TheObjectManagementGroup.Unifiedmodellinglanguagespecifica-tion.Technicalreport,OMG,2003.Availableathttp://www.omg.org.TheGlobusAlliance.GT4.0:Security.Availableat

http://www.globus.org/toolkit/docs/4.0/security/,2004.

TheNordugridConsortium.Runtimeenvironmentregistry.Availableathttp://www.csc.fi/grid/rer/,2004.

S.A.Thomas.SSL&TLSEssentials:SecuringtheWeb.Wiley,2000.S.Venugopal,R.Buyya,andL.Winton.Agridservicebrokerforschedulinge-scienceapplicationsonglobaldatagrids.JournalofCon-currencyandComputation:PracticeandExperience,2005.

S.Vinoski.Corba:Integratingdiverseapplicationswithindistributedheterogeneousenvironments.IEEECommunications,Feb1997.VonWelchetal.X.509ProxyCertificatesforDynamicDelegation.InProceedingsofthe3rdAnnualPKIR&DWorkshop.NIST,April2004.W3C.XMLSchemaRequirements–W3CNote15February1999.TheWorldWideWebConsortium,1999.Availableathttp://www.w3.org/TR/NOTE-xml-schema-req.W3C.RDFPrimer.TheWorldWideWebConsortium,2004.

Availableathttp://www.w3.org/TR/rdf-primer.

W3C.RDFVocabularyDescriptionLanguage1.0:RDFSchema.TheWorldWideWebConsortium,2004.Availableathttp://www.w3.org/TR/rdf-schema.

W3C.ResourceDescriptionFramework(RDF).TheWorldWideWebConsortium,2004.Availableathttp://www.w3.org/RDF/.

W3C.Webservicesarchitecture.W3CWorkingGroupNote11Febru-ary,2004.

30

[WNN03]

J.White,M.Niinimaki,andT.Niemi.OpenGrid-awebbasedportaltoGridapplications(poster).InThe3rdIEEE/ACMInternationalSympo-siumonClusterComputingandtheGrid,(CCGrid2003),Tokyo,Japan,May2003.

C.Yang,P.Shih,andK.Li.AHigh-PerformanceComputationalRe-sourceBrokerforGridComputingEnvironments.In19thInterna-tionalConferenceonAdvancedInformationNetworkingandApplica-tions(AINA’05),2005.

[YSL05]

31