C. de Laat

VLAM-G: A Grid-based virtual laboratory

The Grid-based Virtual Laboratory AMsterdam (VLAM-G), provides a science portal for distributed analysis in applied scientific research. It offers scientists remote experiment control, data management facilities and access to distributed resources by providing cross-institutional integration of information and resources in a familiar environment. The main goal is to provide a unique integration of existing standards and software packages. This paper describes the design and prototype implementation of the VLAM-G platform. In this testbed we applied several recent technologies such as the Globus toolkit, enhanced federated database systems, and visualization and simulation techniques. Several domain specific case studies are described in some detail. Information management will be discussed separately in a forthcoming paper.

Web services and grid security vulnerabilities and threats analysis and model

The paper provides an overview of available Web services security vulnerability models and proposes a classification of the potential grid and Web services attacks and vulnerabilities. This is further used to introduce a security model for interacting grid and Web services that illustrates how basic security services should interact to provide an attack-resilient multilayer protection in a typical service-oriented architecture. The analysis and the model can be used as a basis for developing countermeasures against known vulnerabilities and security services design recommendations. The paper refers to the ongoing work on middleware and operational security in the framework of the European grid infrastructure deployment project EGEE and related coordination groups.

Intercloud Architecture Framework for Heterogeneous Cloud Based Infrastructure Services Provisioning On-Demand

This paper presents on-going research to develop the Intercloud Architecture Framework (ICAF) that addresses problems in multi-provider multi-domain heterogeneous cloud based infrastructure services and applications integration and interoperability, to allow their on-demand provisioning. The paper refers to existing standards and ongoing standardisation activity in Cloud Computing, in particular, recently published NIST Cloud Computing Reference Architecture (CCRA) and ITU-T JCA-Cloud activity. The proposed ICAF defines four complementary components addressing Intercloud integration and interoperability: multi-layer Cloud Services Model that combines commonly adopted cloud service models, such as IaaS, PaaS, SaaS, in one multilayer model with corresponding inter-layer interfaces, Intercloud Control and Management Plane that supports cloud based applications interaction, Intercloud Federation Framework, and Intercloud Operations Framework. The paper briefly describes the Service delivery and lifecycle management as an important ICAF component that provides a basis for consistent management and security of the provisioned on-demand complex cloud based services. The paper describes an implementation of the Intercloud Control and Management Plane in the GEYSERS project to allow optimal provisioning of the combined Network+IT resources in the inter-cloud environment. The proposed architecture is intended to provide an architectural model for developing Intercloud middleware and in this way will facilitate clouds interoperability and integration.

VO-based Dynamic Security Associations in Collaborative Grid Environment

This paper discusses how the Virtual Organisation (VO) concept can be used for managing dynamic security associations in collaborative Grid applications and for complex resource provisioning. The paper contains both research part and discusses further development of the popular VO management software the VO Membership Service (VOMS). The paper provides an overview of current practices in VO management in major Grid projects including operational procedures and the supporting security middleware. The paper identifies open issues and basic requirements to the VO security functionality and services and suggests possible directions of further research and development. The proposed conceptual VO model and VO management framework provide a basis for consistent VO services definition and development to support different VO operational models. The paper intends to provide a framework for common understanding of the VO concept among Grid community and collaborative community and industry. The paper is based on experiences gained from the major Grid based and Grid oriented projects in collaborative applications and complex resource provisioning.

Distributed Computing on an Ensemble of Browsers

In this article, the authors propose a new approach to distributed computing with Web browsers and introduce the WeevilScout prototype framework. The proliferation of Web browsers and the performance gains being achieved by current JavaScript virtual machines raises the question whether Internet browsers can become yet another middleware for distributed computing. With 2 billion users online, computing through Internet browsers has the potential to amass immense resources, thus transforming the Internet into a distributed computer ideal for common classes of distributed scientific applications such as parametric studies. As a proof of concept, the authors demonstrate how a cluster of globally distributed Internet browsers is used to compute thousands of bio-informatics tasks.

Authorisation infrastructure for on-demand network resource provisioning

High performance Grid applications require high speed network infrastructure that should be capable to provide network connectivity service on-demand. This paper presents results of the development of the Authorisation (AuthZ) infrastructure for on-demand multidomain network resource provisioning (NRP). We propose a general Complex Resource Provisioning (CRP) model that can be used as a basis for AuthZ infrastructure development providing a common abstraction for provisioning both network and Grid resources. This model allows common policy expressions, using single user sign-on credentials when requesting and accessing complex Grid-Network resources. The implementation described is based on the generic AAA Authorisation Framework (GAAA-AuthZ) and suggests a number of security mechanisms and components that extends GAAA-AuthZ to achieve consistent policy enforcement and security context management: Token Validation Service (TVS), AuthZ ticket used for AuthZ session management, a special XACML profile for NRP, reference model for policy obligations handling (OHRM). The proposed infrastructure and solutions are being implemented in the framework of the EU project Phosphorus and use authors experiences gained from the major Grid based and Grid oriented projects.

Energy efficiency considerations in integrated IT and optical network resilient infrastructures

The European Integrated Project GEYSERS - Generalised Architecture for Dynamic Infrastructure Services - is concentrating on infrastructures incorporating integrated optical network and IT resources in support of the Future Internet with special emphasis on cloud computing. More specifically GEYSERS proposes the concept of Virtual Infrastructures over one or more interconnected Physical Infrastructures comprising both network and IT resources. Taking into consideration the energy consumption levels associated with the ICT today and the expansion of the Internet in size and complexity, that incurring increased energy consumption of both IT and network resources, energy efficient infrastructure design becomes critical. To address this need, in the framework of GEYSERS, we propose energy efficient design of infrastructures incorporating integrated optical network and IT resources, supporting resilient end-to-end services. Our modeling results quantify significant energy savings of the proposed solution by jointly optimizing the allocation of both network and IT resources.

Using Jade agent framework to prototype an e-Science workflow bus

Most of the existing scientific workflow management systems (SWMS) are driven by applications from specific domains and are developed in academic projects. It is challenging to introduce an existing SWMS to a new domain; not only the workflow model and description language do not easily fit in new problem domains, but also the unstable development state of existing systems does not provide all functionality required by the new applications and thus gives high risk for the development. Aggregating different workflow systems as one generic environment enables the sharing on both components and processes between experiments, and promotes the knowledge transfer between domains. A workflow bus approach is to integrate different e-science workflow engines via a software bus. In this paper, we present the basic idea of workflow bus, and discuss how Jade agent framework can be used to prototype the runtime infrastructure of a workflow bus.

Using SAML and XACML for Complex Resource Provisioning in Grid Based Applications

This paper presents ongoing research and current results on the development of flexible access control infrastructure for complex resource provisioning (CRP) in Grid-based applications. The paper proposes a general CRP model and specifies major requirements to the Authorisation (AuthZ) service infrastructure to support multidomain CRP, focusing on two main issues - policy expression for complex resource models and AuthZ session support. The paper provides suggestions about using XACML and its special profiles to describe access control policies to complex resources and briefly describes proposed XML based AuthZ ticket format to support extended AuthZ session context. Additionally, the paper discusses what specific functionality can be added to the gLite Java Authorisation Framework (gJAF), to handle dynamic security context including AuthZ session support. The paper is based on experiences gained from major Grid based and Grid oriented projects such as EGEE, Phosphorus and GigaPort Research on Network.

Distributed execution of aggregated multi domain workflows using an agent framework

In e-Science, meaningful experiment processes and workflow engines emerge as important scientific resources. A complex experiment often involves services and processes developed in different scientific domains. Aggregating different workflows into one meta workflow avoids unnecessary rewriting of experiment processes and thus improves the reuse efficiency. Remote workflow engines explore the computing power of distributed environment. However, the diversity of workflow description and execution models makes the integration between engines difficult. An agent framework uses ontology based communication language and makes the integration to semantic information of resources seamless, it is thus suitable for coupling distributed engines. In this paper, we present our work in the context of Dutch Virtual Laboratory for e-Science (VL-e) project. A semantic registry for describing workflow engines is implemented, and mobile agents are used to manage distributed workflow coordination.