Service Oriented Grid Architecture Hui Li ICT in Business Colloquium, LIACS Mar 1 st, 2006 Note: Part of this presentation is based on Dr. Ian Foster’s talks ( )

Outline Service Oriented Architecture (SOA) Stateful Grid Services - WSRF Grid Dynamics –Security –Resource Management ScienceSystem Level Science BusinessBusiness on Demand, Adaptive Enterprises Discussions, Assignments

Service Oriented Architecture A service-oriented architecture is essentially a collection of services. These services communicate with each other. The communication can involve either simple data passing or it could involve two or more services coordinating some activity. Some means of connecting services to each other is needed. Distributed Computing Technology: DCOM, CORBA Web Services (SOAP, UDDI, WSDL, XML, XACML, etc)

An Enterprise View

Grid and SOA – A Brief History `95-`02: I-Way, Globus, NASA IPG `02- : Globus 2 Toolkit, EDG (EGEE, LCG), Grid3/OSG, Scientific Communities `03- : Globus 3, OGSA, Web Services, Industry Sponsors, GGF `04- : Globus 4, WSRF, Grid Services, Virtual Organizations, Communities, Social Dynamics, GGF

Reality -> Vision Heterogeneity -> Virtualization Diversity -> Standards Isolated -> Interoperable Tightly-coupled -> Loosely-coupled Manual -> Automated … Toolkit based? Service Oriented!

Why Grid? Leveraging existing web services standards and fabric WSRF – building stateful Grid services Other standards contributions Grid services for distributed resource sharing –Resource Management, Security, Information Services, Data Management, Programming Environments, etc

WSRF – Stateful Services Standard Web Services are stateless Without state, how does client: –Determine what happened (success/failure)? –Find out how many files completed? –Receive updates when interesting events arise? –Terminate a request? Client FileTransfer Service move (A to B) move

WSRF in a Nutshell Service State representation –Resource –Resource Property State identification –Endpoint Reference State Interfaces –GetRP, QueryRPs, GetMultipleRPs, SetRP Lifetime Interfaces –SetTerminationTime –ImmediateDestruction Notification Interfaces –Subscribe –Notify ServiceGroups RPs Resource Service GetRP GetMultRPs SetRP QueryRPs Subscribe SetTermTime Destroy EPR

Retro… Service Oriented Architecture Grid adopts SOA Grid uses Web Services as a platform Stateful Grid Services –

What the Grid looks like in 5 years? Panel discussion in Grid’05, Seattle, WA Fran Berman (SDSC): Data -> Social DynamicsFran Berman (SDSC): Data -> Social Dynamics

Grid Dynamics Grid = dynamic behaviors & environments –Dynamic communities (VOs) & activities –Decoupling of service consumption from service production –Dynamic provisioning of services Tools to realize dynamic scenarios –Uniform state representation & access –Flexible security & policy framework –Virtual machines, dynamic services, & other building blocks

A Two-Dimensional Problem Decompose across network Clients integrate dynamically –Select & compose services –Select “best of breed” providers –Publish result as new services Decouple resource & service providers Function Resource Data Archives Analysis tools Discovery tools Users Fig: S. G. Djorgovski

Provisioning Service-Oriented Systems: The Role of Grid Infrastructure Service-oriented Grid infrastructure –Provision physical resources to support application workloads Appln Service Users Workflows Composition Invocation Service-oriented applications –Wrap applications as services –Compose applications into workflows “The Many Faces of IT as Service”, ACM Queue, Foster, Tuecke, 2005

Forming & Operating Communities Define membership & roles; enforce laws & community standards –I.e., policy for service-oriented architecture –Addressing dynamic membership & policy Build, buy, operate, & share infrastructure –Decouple consumer & provider –For data, programs, services, computing, storage, instruments –Address dynamics of community demand

Defining Community: Membership and Laws Identify VO participants and roles –For people and services Specify and control actions of members –Empower members  delegation –Enforce restrictions  federate policy A 12 B 12 A B Access granted by community to user Site admission- control policies Effective Access Policy of site to community

Evolution of Grid Security & Policy 1) Grid security infrastructure –Public key authentication & delegation –Access control lists (“gridmap” files) –  Limited set of policies can be expressed 2) Utilities to simplify operational use, e.g. –MyProxy: online credential repository –VOMS, ACL/gridmap management –  Broader set of policies, but still ad-hoc 3) General, standards-based framework for authorization & attribute management

Security Services for VO Policy Attribute Authority (ATA) –Issue signed attribute assertions (incl. identity, delegation & mapping) Authorization Authority (AZA) –Decisions based on assertions & policy VO A Service VO ATA VO AZA Mapping ATA VO B Service VO User A Delegation Assertion User B can use Service A VO-A Attr  VO-B Attr VO User B Resource Admin Attribute VO Member Attribute VO Member Attribute

Trust in VOs Do I “believe” an attribute assertion? –Used to evaluate cost vs. benefit of performing an operation –E.g., perform untrusted operation with extra auditing Look at attributes of assertion signer Rooting trust –Externally recognized source, e.g., CA –Dynamically via VO structure  delegation –Dynamically via alternative sources, e.g., reputation

Retro… Dynamic communities Users and Virtual Organizations Security (Authentication, Authorization) Trust, CA, Federation

Build, buy, operate, & share infrastructure Community Services Provider Content Services Capacity 1) Integrate services from other sources –Virtualize external services as VO services 2) Coordinate & compose –Create new services from existing ones Capacity Provider “Service-Oriented Science”, Foster, 2005

VO User Embedded Resource Management: E.g., EGEE & OSG Cluster Resource Manager GRAM Cluster Resource Manager GRAM VO admin delegates credentials to be used by downstream VO services. VO admin starts the required services. VO jobs comes in directly from the upstream VO Users VO job gets forwarded to the appropriate resource using the VO credentials Computational job started for VO Client-side VO Scheduler Other Services VO Admin... Monitoring and control Headnode Resource Manager GRAM Deleg VO User VO Job

System-Level Science Problems too large &/or complex to tackle alone …

Business on Demand The Big Blue’s Vision for next generation computing –Power architecture, Cell processor –Carbon Nanotubes –Services, Utilities, and Grids

Case Study: IBM WS On-Demand

Oceano (1)

Oceano (2)

Retro… Virtualization Decomposition Integration SLA

Assignments Programming Java Web Services Writing a Report in the following topics: –Resource Management –Security –Information Services –Data Management –OGSA and Web Services

Discussions Questions? More –