Posted on Sep 23 2009 1:00am
Graduate student and research assistant, Technology and Social Behavior doctoral program, Northwestern University
Project develops new standards for sharing between grids
Although the Grid is all about resource sharing, the software that governs individual grids has not always been capable of interacting well. The Grid Authorization Interoperability Project has created a new standard that could change that.
Grids make their computational and storage resources available online for use by others through software known as gateway middleware. To access a grid, a user presents her credentials-certification that she has rights to access that grid's resources-to a resource gateway. The gateway in turn talks to an authorization system, local to the grid the user is accessing, in order to assign the appropriate privileges to the user.
Most grids have independently developed their own system for allowing users access. That means that their resource gateways are not compatible. To share software or computational resources, their gateway middleware will need to be rewritten. But what if two grids go through this process, and then want to talk to a third grid with yet another gateway middleware system?
The idea for the Interoperability Project began a few years ago from white board drawings during various meetings in Amsterdam. "We were all trying to figure it out. We had these tools that made resources available over the grid and made the authorization decisions," said Oscar Koeroo, a security middleware developer at Nikhef, the National Institute for Subatomic Physics in the Netherlands. "By drawing how each of the grids worked and had implemented their middleware, we saw ways to expand upon what each group could do with each others' middleware."
Around October 2007, the European Grid for E-sciencE, Open Science Grid, and Globus came together to agree on a common protocol for resource gateways to talk to authorization systems.
First, a common language to express authorization information and common sets of attributes (i.e. to express user identity) were agreed upon. Then a library implementing the protocol was developed. All this provided the fundamental blocks necessary to create an interoperable authorization infrastructure.
"By speaking the same language, we no longer needed separate implementations of libraries for authorization," said Gabriele Garzoglio, a leader in the Interoperability Project who is based at Fermi National Accelerator Laboratoy. "We could now share functionalities between Globus, OSG, and EGEE, basing our software on a common code base."
The Interoperability Project provides several benefits, including the ability to seamlessly deploy programs written for one grid on a different grid.
"In the end, you have more freedom of choice on what solution you can install," said Koeroo. "After this project, middleware isn't bound to be installed on the grid infrastructure it was initially developed for. For example, in the case of dCache, parts were made by Brookhaven and others by Fermilab, and they were adjusted to work with any grid authorization system."
Another advantage of the new standards developed by the project is the ease with which users can now deploy software out of the box on a functioning grid; out of box software will naturally interface with the authorization system. Finally, maintenance for the standard set of libraries the project group developed can be shared, reducing costs.
Earlier work with OASIS' XACML Technical Committee set the standards for the common authorization language the Grid Authorization Interoperability Project used. Frank Siebenlist, a project member who also worked on the XACML Technical Committee, said, "We should all pat ourselves on the back. It just doesn't happen too often that different entities work so well together."
What next? A number of grids are working to integrate the new standards with their authorization system, according to Garzoglio. Meanwhile, the Open Grid Forum's own working group on authorization, which includes three people who worked on the Grid Authorization Interoperability Project, is working on developing a broader standard. "We have now come up with a standard that can be reused by the authorization working group at OGF as a working example of a way to handle authorization," explained Garzoglio. The hope is that OGF will adopt or build on the Project's standard.
A version of this story originally appeared in the August Open Science Grid technology highlights.
-Jen Nahn, with files from Miriam Boon
Do you have story ideas or something to contribute? Let us know!
The full article is available here as HTML.
Press Ctrl-C to copy