iSGTW Opinion - Securing the multiplatform grid

Opinion - Securing the multi-platform grid

There's secure, and then there's making things really secure. OMII project member and photographer Sergio Andreozzi shot this image in Florence. He said: "Each lock is attached by a couple who just got married, as a symbol of a strong union."
Image courtesy of Sergio Andreozzi, Istituto Nazionale di Fisica Nucleare (INFN), CNAF

All locked up tight

One of the biggest challenges facing scientists who wish to make use of multi-platform grid infrastructures today is reconciling the different security systems inherent in the various platforms.

For the last two years, the Open Middleware Infrastructure Institute for Europe (OMII-Europe) has been developing a flexible framework for integrating the three dominant platforms in use in Europe: UNICORE, gLite and Globus. (OMII-Europe is a separate initiative from OMII-UK, which is often referred to as OMII for historical reasons.)

A major part of this work has been "unpicking" the different security elements of these platforms and defining a common security profile. Such a profile would enable scientists to unlock the potential of multi-platform grid solutions in a secure environment for future research.

OMII-Europe has been able to achieve this breakthrough by means of a triangulation process that involved active coordination between the relevant security standards working groups of the Open Grid Forum and the Middleware Security Group , along with an embedded investigative process within challenging e-Science projects such as WISDOM . This was combined with a solution-driven investigation by experts from all three platforms working within OMII-Europe.

New users of UNICORE, gLite and Globus all have to go through a similar process. Most of the steps relate to becoming recognized by the X.509 structure; additional steps are middleware-specific and are needed to ensure that the user is recognized by the middleware.

The main difference between the platforms-the barrier to secure interoperability-is that UNICORE, unlike the other two, does not use proxy certificates. Previously, this did not matter but scientists are increasingly demanding the benefits of multi-platform resources.

Some of the many members of the OMII-Europe team, taken at their face-to-face, all-hands meeting in Stockholm at the Kungliga Tekniska Hogskolan.
Image courtesy of Sergio Andreozzi, Istituto Nazionale di Fisica Nucleare (INFN), CNAF


The EGEE-based WISDOM project is promoting the use of grid resources for drug-discovery against neglected or emerging diseases such as malaria. Virtual screening is a complex process that can benefit from both massively parallel computational tasks as well as brute force non-parallel number crunching. In order to separate the bioinformatics applications that require expensive supercomputing grids from those that can be executed more cheaply on distributed clusters, a common security profile is required.

The key to the OMII-Europe solution is the harmonization of a core set of open standards to allow the secure transmission of user credentials among Web services on the different middleware systems.

- Steve Brewer, OMII-Europe deputy project manager