meta data management issues underpinning grid and p2p
play

Meta-data management issues underpinning Grid and P2P development - PowerPoint PPT Presentation

Meta-data management issues underpinning Grid and P2P development Experiences from GRASP, SWAD-Europe, PELLUCID and CORAS projects at CCLRC/BITD Emphasis: trust & security policy management Emphasis: trust & security policy management


  1. Meta-data management issues underpinning Grid and P2P development Experiences from GRASP, SWAD-Europe, PELLUCID and CORAS projects at CCLRC/BITD Emphasis: trust & security policy management Emphasis: trust & security policy management Theo Dimitrakos t.dimitrakos@rl.ac.uk Theo Dimitrakos Business & IT Department

  2. CCLRC Rutherford Appleton Lab. • RAL has a staff of around 1200 - most are scientists and engineers • Supports the work of over 10000 scientists and engineers, from industry and University • Main Facilities Include: – World Data Centre for Solar-Terrestrial Physics – Molecular Spectroscopy - Infrared, visible and ultraviolet spectroscopy – The world's leading pulsed neutron and muon source • Main facilities enable research into – new materials and structures, – X-ray laser research, – space-based astronomy, – particle physics. Theo Dimitrakos Business & IT Department

  3. CCLRC Business & Information Technology – To facilitate Technology Translation and Industry Take-Up – To contribute to the emergence of new ICT paradigms for the European / UK Science and Business – Host the UK W3C Office – UK ERCIM member – To empower new CLRC IT & e-Science projects • complement the expertise of the CCLRC eScience Centre • focusing on integration of the (Semantic) Web and the Grid Services technologies • emphasis on e-government / e-business driven problems – To support the operation of CLRC facilities as a cross-sector IS department Theo Dimitrakos Business & IT Department

  4. Overview Meta-data management issues underlie a number of activities at CCLR across eScience and (core business) Information Technology – This talk: an (core business) IT R&D perspective • Examples : – GRASP: Grid-based Application Service Provision – CORAS: CASE tool & method support for Security Risk Analysis – SWAD-Europe: Semantic Web Technology Development – PELLUCID: Agent based platform supporting organisational mobility Theo Dimitrakos Business & IT Department

  5. GRASP: motivation • Being mostly used in academic environments, “best-effort” was (and is) a sufficient policy for committing resources to users performing their computational workload. • Moving into the commercial space, businesses will be bound by commitments. Security, privacy, monitoring and accountability are becoming increasingly important in networked environment. “Best effort” is no longer sufficient. From “Specifying and Monitoring Guarantees in Commercial Grids through SLA”, Sahai et. al., available at http://www.hpl.hp.com/techreports/2002/HPL-2002-324.pdf Theo Dimitrakos Business & IT Department

  6. GRASP: approach GRASP consortium GRASP consortium ASP -CCLRC (UK) -CCLRC (UK) � business concept between -CRMPA (Italy) -CRMPA (Italy) financially independent entities -CS-SI (France) -CS-SI (France) -HLRS (Germany) -HLRS (Germany) -LogicDIS (Greece) -LogicDIS (Greece) Flexible but -SchlumbergerSema (Spain) Interoperable -SchlumbergerSema (Spain) proprietary component ASP based ASP GRASP GRASP GRID Web � basic Services infrastructure for � interfaces for dynamic distributed OGSA computing remote procedure calls Theo Dimitrakos Business & IT Department

  7. “Grid User” GRID (OGSA compliant) VO participant 1 Factory ASP Legacy Service 1 Grid API System (Black Box) VO participant 2 Client Interface J2EE, .net, Registry Corba etc. Factory ASP ASP Client 1 Client 2 Service 2 Service 3 Theo Dimitrakos Business & IT Department

  8. “Grid Enabler” GRID (OGSA compliant) VO participant 1 Factory ASP Legacy Service 1 Factory System/ Service Service 4 VO participant 2 Orchestration Client Interface J2EE, .net, Registry Corba etc. Factory ASP Client 1 ASP Client 2 Service 2 Service 3 Theo Dimitrakos Business & IT Department

  9. “Grid Builder” GRID (OGSA compliant) VO participant 1 Factory Grid Service Provider (GSP) Service 1 Legacy Factory System/ VO participant 2 Service Service 4 Orchestratio J2EE, Registry n/ .net, Corba Service 5 .net/ etc. Factory J2EE Service 6 Service 2 Service 3 Client Interface Client Interface Provided by the GSP Provided by third party Theo Dimitrakos Business & IT Department GSP Client 1 GSP Client 2

  10. A scenario driven walkthrough Data + Analysis Tool ? Here are your options ! Engineer Broker Locating…. Theo Dimitrakos Business & IT Department Data-set Analysis Tool

  11. A scenario driven walkthrough Selected Data Provider, Analysis Tool Provider and Orchestrator Engineer Locate Broker Set-up Run, Control, Monitor “Deploy” Orchestrator Execution Executes on Theo Dimitrakos Data-set Compute Resources Analysis Tool Business & IT Department

  12. GRASP Architecture Theo Dimitrakos Business & IT Department

  13. GRASP Architecture: GS-Instantiation Theo Dimitrakos Business & IT Department

  14. GRASP Architecture: GS-Location Theo Dimitrakos Business & IT Department

  15. GRASP Architecture: GS-Orchestration Theo Dimitrakos Business & IT Department

  16. GRASP Architecture: Security dynamic collaboration networks Also: joint work with Ivan Djordjevic @ QMUL Theo Dimitrakos Business & IT Department

  17. GRASP Architecture: Security secure intra-/inter group communication Alice’s Sec CCT Alice Bob Mgr Manager M 1 –join request M 2 – authentication M 3 – authentication, secret key M 4 – forward join request M 5 – join response (ACK) M 6 – forward ACK M 7 – p2p session request M 8 – ACK, session key Theo Dimitrakos M 9/10 – data transfer Business & IT Department

  18. GRASP Architecture: Security enforcing dynamic service security perimeters M e m b e r(s) Checking of inputs to M onitoring of Process Execution softw are and its execution Authorization of actions: Security Policy Enforcers: • Role-based Access Control • Security Policy Enforcement Local CCT Application layer Authentication, non-repudiation, M anager-Client CCT (P2P) message integrity, role mapping Certificates Certificates Message confidentiality / M essage Encrypt/Decrypt integrity Packet monitoring for Netw ork attack signatures and Traffic M onitoring and Filtering layer protocol anomalies C C T C o m m u n ic a t io n Non-secure Internet Theo Dimitrakos Business & IT Department

  19. GRASP Architecture: SLA monitoring Hosting Environment Gateway Host 1 SLA Parser Negotiation Handler Agreement Factory Negotiator Agreement and HE Monitor Agreement Service 1 Host monitor Grid Service 1 SLA Host Host 2 Template Pool ... ... Theo Dimitrakos Business & IT Department

  20. GRASP Architecture: SLA monitoring Monitoring scheme options Centralised Devolved LSM1 & CCT Mgr LSM2 Integrated with the Security Perimeter LSM1 & CCT Mgr LSM2 Arbitrator Arbitrator / Community Management Model correlate correlate Compatible with OGSI-Agreement correlate Monitor Monitor Monitor Monitor Leverages BCA high-level concepts Monitor Monitor CCT CCT Leverages GeneSyS low level admin Locally Coordinated Hybrid LSM1 & CCT Mgr LSM2 LSM1 & CCT Mgr LSM2 Arbitrator Arbitrator Hosting Environment correlate correlate correlate correlate Gateway Host 1 correlate SLA Negotiation Handler Parser Monitor Monitor Monitor Agreement Factory Negotiator Monitor Monitor Monitor Monitor Monitor Agreement and HE Monitor Monitor Monitor Agreement Service 1 Host monitor CCT CCT Host 2 Grid Service 1 SLA Host Template Pool ... ... Theo Dimitrakos Business & IT Department

  21. GRASP Architecture: Policy Management Policy Service Policy Service Policy Service Policy Instance Policy Instance Policy Instance Enforcer Enforcer Enforcer Theo Dimitrakos Business & IT Department

  22. GRASP Architecture: Policy Management Policy Service Policy Service Policy Service Current option under consideration: Current option under consideration: -Assess an adaptation of KAoS policy framework -Assess an adaptation of KAoS policy framework Policy Instance -OWL-S policy descriptions build on four basic policy types + Policy Instance -OWL-S policy descriptions build on four basic policy types + domains for defining roles & contexts domains for defining roles & contexts Policy Instance - positive/negative authorisation allows controlling access - positive/negative authorisation allows controlling access - positive/negative obligation allows enforcing SLA clauses - positive/negative obligation allows enforcing SLA clauses -Policy services for each local group (at VHE) -Policy services for each local group (at VHE) Enforcer Enforcer Enforcer -Transient policy instances for each policy clause for each group -Transient policy instances for each policy clause for each group Theo Dimitrakos -Policy enforcer at each peer (service instance) in a group Business & IT Department -Policy enforcer at each peer (service instance) in a group

  23. Semantic Web technologies addressing the Trust Management problem Theo Dimitrakos Business & IT Department

  24. Semantic Web Vision Theo Dimitrakos Tim Berners-Lee’s Semantic Web roadmap vision (simplified overview) Business & IT Department

Recommend


More recommend