Symphony A Java-Based Composition and Manipulation Framework for Computational Grids Dennis Kafura Markus Lorch This work is supported by the Virginia Commonwealth Information Security Center (CISC)
The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech Organization Motivation The Symphony Framework Security Requirements Security Architecture
The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech Motivation Different grid user categories - component developer - grid (meta) program composer/developer - end user Existing grid middleware expose command-line interfaces and proprietary APIs and use scripts to define meta programs Grid portals are build for specific applications (PSEs) and use specific grid middleware
The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech Motivation (contd.) Need for a grid abstraction layer, that: allows grid applications to be quickly composed, customized, executed and monitored provides a unified API for grid portal and application developers, independent of the underlying grid middleware provides for grid applications that run accross several grid middleware systems
The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech The Symphony Framework A component-based framework for creating, sharing, composing, and executing (elements of) grid applications Components abstract local and remotely accessible data and software resources through customizable JavaBeans (programs, data files, and data streams) Grid applications defined by linking components through data and control flow relationships Beans are instantiated and customized (equipped with knowledge on the object this bean will be a surrogate for)
The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech The Symphony Framework Symphony beans can be customized and interconnected either interactively by a user or through programmatic means Standard composition environment is Sun‘s BeanBox. A container supporting collaborative work (shared workspace) is Sieve Symphony can currently incorporate Globus resources (using the Java COG Kit), Symphony resouces (RMI) and local resources into a single meta program
The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech Sample Meta Program
The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech Sample Bean Customization
The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech Resource Browser
The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech
The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech Security Requirements Support for group collaboration - delegation of fine grained privileges - combination of privileges from sep. sources Fine grained enforcement with support for legacy applications required Support for multiple credentials Low overhead setup mechanisms for ad-hoc collaborative groups Support for short-term temporary users (without OS user accounts)
The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech Proposed Security Mechanisms Use proxy certificates as intended for authentication Convey fine grained rights through attribute certificates to enable user collaboration Interface grid middleware with POSIX OS extentions for portable enforcement of fine grained access policies
The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech Symphony Security Mechanism
The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech Symphony Security Summary Can employ any combination of proxy certificates and attribute certificates Enables ad-hoc group collaboration through user-to-user delegation Based on widespread GSI, can incorporate CAS Supports legacy applications even for fine- grained access policies
The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech Current and Future Work Refining and evaluation of our security mechanisms and integration in existing grid security architectures. Support for additional grid middleware (Legion, Unicore) Improvement of GUI and transformation into a three tier architecture
The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech Conclusion Evaluation version available at Contact Markus Lorch Dennis Kafura