• Subscribe

At Science Node, we need your help. We have ALMOST reached our fund-raising goal. In order to maintain our independence as a source of unbiased news and information, we don’t take money from big tech corporations. That’s why we’re asking our readers to help us raise the final $10,000 we need to meet our budget for the year. Donate now to Science Node's Gofundme campaign. Thank you!

Science Node

Feature - Project develops new standards for sharing between grids

Project develops new standards for sharing between grids Authorization Interoperability Project members , left to right, Oscar Koeroo (NIKHEF), Gabriele Garzoglio (Fermi National Accelerator Lab), and Frank Siebenlist (Argonne National Laboratory). Photo courtesy Open Science Grid. Although the Grid is all about resource sharing, the software that governs individual grids has not always been capable of interacting well. The Grid Authorization Interoperability Project has created a new standard that could change that. Grids make their computational and storage resources available online for use by others through software known as gateway middleware. To access a grid, a user presents her credentials—certification that she has rights to access that grid's resources—to a resource gateway. The gateway in turn talks to an authorization system, local to the grid the user is accessing, in order to assign the appropriate privileges to the user. Most grids have independently d

Project develops new standards for sharing between grids
Authorization Interoperability Project members , left to right, Oscar Koeroo (NIKHEF), Gabriele Garzoglio (Fermi National Accelerator Lab), and Frank Siebenlist (Argonne National Laboratory). Photo courtesy Open Science Grid.

Although the Grid is all about resource sharing, the software that governs individual grids has not always been capable of interacting well. The Grid Authorization Interoperability Project has created a new standard that could change that.

Grids make their computational and storage resources available online for use by others through software known as gateway middleware. To access a grid, a user presents her credentials-certification that she has rights to access that grid's resources-to a resource gateway. The gateway in turn talks to an authorization system, local to the grid the user is accessing, in order to assign the appropriate privileges to the user.

Most grids have independently developed their own system for allowing users access. That means that their resource gateways are not compatible. To share software or computational resources, their gateway middleware will need to be rewritten. But what if two grids go through this process, and then want to talk to a third grid with yet another gateway middleware system?

The idea for the Interoperability Project began a few years ago from white board drawings during various meetings in Amsterdam. "We were all trying to figure it out. We had these tools that made resources available over the grid and made the authorization decisions," said Oscar Koeroo, a security middleware developer at Nikhef, the National Institute for Subatomic Physics in the Netherlands. "By drawing how each of the grids worked and had implemented their middleware, we saw ways to expand upon what each group could do with each others' middleware."

Around October 2007, the European Grid for E-sciencE, Open Science Grid, and Globus came together to agree on a common protocol for resource gateways to talk to authorization systems.

First, a common language to express authorization information and common sets of attributes (i.e. to express user identity) were agreed upon. Then a library implementing the protocol was developed. All this provided the fundamental blocks necessary to create an interoperable authorization infrastructure.
Layout of the interoperable components. The combination of middleware components, libraries, and frameworks that implement the interoperabilityprotocol and are able to call-out for a an authorization decision to an authorization service. Image courtesy of Oscar Koeroo, NIKHEF. (Click for larger image).

"By speaking the same language, we no longer needed separate implementations of libraries for authorization," said Gabriele Garzoglio, a leader in the Interoperability Project who is based at Fermi National Accelerator Laboratoy. "We could now share functionalities between Globus, OSG, and EGEE, basing our software on a common code base."

The Interoperability Project provides several benefits, including the ability to seamlessly deploy programs written for one grid on a different grid.

"In the end, you have more freedom of choice on what solution you can install," said Koeroo. "After this project, middleware isn't bound to be installed on the grid infrastructure it was initially developed for. For example, in the case of dCache, parts were made by Brookhaven and others by Fermilab, and they were adjusted to work with any grid authorization system."

Another advantage of the new standards developed by the project is the ease with which users can now deploy software out of the box on a functioning grid; out of box software will naturally interface with the authorization system. Finally, maintenance for the standard set of libraries the project group developed can be shared, reducing costs.

Earlier work with OASIS' XACML Technical Committee set the standards for the common authorization language the Grid Authorization Interoperability Project used. Frank Siebenlist, a project member who also worked on the XACML Technical Committee, said, "We should all pat ourselves on the back. It just doesn't happen too often that different entities work so well together."

What next? A number of grids are working to integrate the new standards with their authorization system, according to Garzoglio. Meanwhile, the Open Grid Forum's own working group on authorization, which includes three people who worked on the Grid Authorization Interoperability Project, is working on developing a broader standard. "We have now come up with a standard that can be reused by the authorization working group at OGF as a working example of a way to handle authorization," explained Garzoglio. The hope is that OGF will adopt or build on the Project's standard.

A version of this story originally appeared in the August Open Science Grid technology highlights.

-Jen Nahn, with files from Miriam Boon
Posted on Sep 23 2009 1:00am
  • Miriam Boon

    Graduate student and research assistant, Technology and Social Behavior doctoral program, Northwestern University

Share this story

Republish

Tags

Join the conversation

Do you have story ideas or something to contribute? Let us know!

Our sponsors

Thank to you our sponsors, who have supported us since the transition from International Science Grid This Week (iSGTW) into Science Node in 2015. We are incredibly grateful.

Categories

Contact

Science Node

Copyright © 2019 Science Node ™  |  Privacy Notice  |  Sitemap

Disclaimer: While Science Node ™ does its best to provide complete and up-to-date information, it does not warrant that the information is error-free and disclaims all liability with respect to results from the use of the information.

Republish

We encourage you to republish this article online and in print, it’s free under our creative commons attribution license, but please follow some simple guidelines:
  1. You have to credit our authors.
  2. You have to credit ScienceNode.org — where possible include our logo with a link back to the original article.
  3. You can simply run the first few lines of the article and then add: “Read the full article on ScienceNode.org” containing a link back to the original article.
  4. The easiest way to get the article on your site is to embed the code below.

The full article is available here as HTML.

Press Ctrl-C to copy