COllaborative VIrtual TEams (COVITE) Project J.S. Pahwa, P. Burnap, L. Joita, W.A.Gray, O.F.Rana, John Miles Partners: Cardiff University ActivePlan Solutions Ltd

Overview Project Concept The Product Supplier Catalogue Database (PSCD) Application Security Management Collaboration Data Definition Data Search Conclusions and further work

AEC (Architecture/ Engineering/ Construction) industry projects involve many individuals and companies forming a consortium for the duration of a project Consortia members are geographically dispersed Product/Service Manufacturers and Suppliers databases (if existent!) are heterogeneous Product/Service Manufacturers’ product information is plentiful and the majority is unstructured and unreachable Project Concept

The PSCD The PSCD application – Grid-enabled data management tool that provides the data structure for storing and retrieving information across a number of product suppliers’ databases.

Collaboration occurs between: Product Suppliers and Contractors for procurement of supplies Product Specification Designers for defining and building industry standards to describe available products Members of the Consortium working on a particular construction project which require information on the products Collaborative Support Consideration

The PSCD COVITE Product Class Supplier DatabasesSpecification Designers Users/User Groups Supplier Databases managed by suppliers Poll and connect to relevant databases at runtime Specification creation and management keep Suppliers up to date Cardiff University activeplan PSCD Application PCD Master Data Security Service Cluster of GRID computers.NET Web Services Master Grid Service (MGS) GRID Services Multiple Database Search Service (MDSS)

The PSCD Software tools used:  Apache Tomcat web server, Axis, Ant  Microsoft IIS web server  GT3.0.2 core  Servlet, ASP, JSP, VBScript, C# Resources used on the server side:  2 computers in Welsh eScience, in the Grid network (bouscat, agents-comsc)  6 computers in the local network

Grid Security Infrastructure (GSI) GSI uses the Public Key Infrastructure (PKI), X.509 certificates and Secure Socket Layer (SSL) X.509 certificates provide users with a unique global identification Authorization to access a resource is controlled by a mapping between the user’s distinguished name and a local Unix/Linux ID via a grid-mapfile

Grid Security Infrastructure (GSI) X.509 Certificate: subject : C=UK,O=eScience,OU=Cardiff,L=WeSC,CN=liviu joita issuer : start date : Tue Nov 12 15:33:51 GMT 2002 end date : Wed Nov 12 15:33:51 GMT 2003 Distinguished Name: CN=liviu joita,L=WeSC,OU=Cardiff,O=eScience,C=UK Main advantages of using GSI:  Single sign-on  Users do not have username/passwords, instead they have public/private key pairs and identity certificates

Security Architecture 1.First, a user has to have a valid proxy certificate. The user submits his proxy certificate, the VO who belongs to and his role within the VO to the Tomcat Authentication Server (AS) via a web interface using JSP - servlet interface. 2.Tomcat AS authenticates the certificate and obtains the local user name for the PSCD application from the grid-mapfile. 3.Tomcat AS passes the local user name, the user role and the VO to the IIS server that runs the PSCD system (which is a.NET web application environment). IIS then matches the username, the role and the VO to its local DB and creates a session for that user. 4.User preferences are applied to the ‘index’ page of the PSCD system and the user is presented with the home page of the application. Client Side Web Browser Firewall Tomcat Authentication Server IIS Application Server 3 PSCD Application Submit user proxy certificate The PSCD Authentication Architecture using a valid proxy certificate

Security Architecture 1.First, a user has to have a valid proxy certificate on the MyProxy Server machine. 2.The user submits his username/password pair credentials, the VO who belongs to and his role within the VO to the Tomcat Authentication Server (AS) via a web interface using JSP - servlet interface. 3.Tomcat AS uses the username/password pair to authenticate and authorize the user against his proxy certificate from MyProxy server 4.Tomcat AS authenticates the proxy certificate uploaded from MyProxy server and obtains the local username for the PSCD application from the Grid-map file. 5.Tomcat AS passes the local user name the user role and the VO to the IIS server that runs the PSCD system (which is a.NET web application environment). IIS then matches the user name to its local DB and creates a session for that user. 6.User preferences are applied to the ‘index’ page of the PSCD system and the user is presented with the home page of the application. The PSCD Authentication Architecture using username/password credentials Client Side Web Browser Submit username/ password 1 Firewall Tomcat Authentication Server MyProxy Server IIS Application Server PSCD Application

The Product Class A standard product definition for providing product information. Acts as a template and provides meta information for creating actual product information. Is made up of a number of specifications conforming to different specification types. Can be used by Product Suppliers for population of product information in their databases.

The Product Class Database A tool for creating Product Classes and Product Class Specifications. Enables Product Class versioning. Releases Product Class for subscription by Product Suppliers. Provides meta information for building product search criteria.

Sub Product Class Specification Specification Group Specification Sub-Specification Group Table Spec List Specification Product Class Specification Specification Value Table Specification List of Column Specifications where each column specification has list of values relative to other column specification values. List Specification Value … Product Class The Product Class and its various specification types

Product Class Versioning New products emerge Existing products evolve and are assigned more attributes New versions created and assigned Product suppliers notified New classes downloaded

Product Class Subscription Table … … Xml Parse Service … Product Catalogue Database Transport Layer Product Supplier Database

Product Class Database Structure Product Class Product CategoryProduct Class Version Product Class DefinitionCategory Hierarchy Category SpecificationList VersionSpecification Group Version Table Version List Specification Sub Product Class Version Specification Group Table Specification Sub Product Class Definition List Definition Specification Group Definition Table Definition Sub Product Class

Data Search Information held by large number of data sources in a Wide Area Network. Access to such information held by large number of organisations. Information processing with aid of independent mechanisms, and Sharing of information with those who need it.

Objectives Searching autonomously managed data sources external to the Grid Environment. Processing, analysing and sharing information in real time. Collaborative working. Collation of searched datasets. Optimisation of data access operations. Web Services support throughout. Use of single proxy.

The Approach Does a data source really need to be “Grid Enabled” to provide data access support to the Grid Environment? - may be not. Instead, why not just Grid enable the data access process? - grid enabled data sources and grid enabled data access are two different things.

The MDSS A virtual distributed database search model. A database centric Grid service for accessing and processing information from large number of data sources. Searches supplier data sources based on a search criteria. Enables a channel for product suppliers for advertising products to a large user base. Built using Globus Toolkit (Core).

The Search What to search? - a search criteria submitted by the user. Where to search? - data sources that match user’s request. What are the available resources to propagate the search? - the available Database Search Services in the MDSS

Search Criteria Where to Search? 1 … Available GSHs …

MDSS Architecture Two major components: Master Grid Service: identify resources available, register new resources, job allocation, data parsing and data aggregation. Database Search Service: data search, data aggregation, data parsing, collaborative working.

- MDSS Architecture - WS Layer Grid DB Search Service Apache Axis Soap Server > Master Grid Service * Metadata Query *Job Allocation Grid Service * Collation of datasets Single user VO Active Plan (Search Criteria Specified here) Metadata Product Classes Grid Engine (based on the OGSA Model) Supplier databases

GSH Document Parser Supplier Document Parser Xml Converter Database Search Service Job Execution Grid Service Manager Data Aggregation Master Grid Service OGSA Container Master Grid Service Modules

MDSS Design Features Ability to register new data sources. Ability to enhance MDSS capability by adding more machines in the Grid cluster. Supplier databases free of Grid Complexities. Ability to identify data sources to be searched in real time. Distribute search equally among available GSHs. New instance of Database Search Service for each operation.

Conclusions & Further Work Product Class creation, versioning, subscription and search. Peer Review System. Multiple instances of Master Grid Services. Data Streaming. Data Caching. Memory Resident databases.

Demonstration Please visit Welsh e-Science booth for the demonstration of the grid enabled PSCD Application between today.

Questions?