Day 1 - Monday Evening
Business grids workshop, 5pm
Chaired by Andrew Jackson (in lieu someone)
SAP perspective on Business Grids
Andrew Jackson, SAP
Introduced SAP - 3rd biggest provider of business software in the world
Business app.n - 4 layer approach:
- infrastricture (O/S, hardware)
- Middleware (app/n server, database server)
- business logic (business web services)
- applications (e.g. procurement process/appn) Grids are at the infrastructure layer
Would like service oriented architecture.
High level requirements may inform load, usage etc. and thus go straight to req/s on grid infrastructure
Accountability
- auditing
- billing
SAP's idea of VOs
- 2 or more businesses/orgs come together to get a particular job done
- typically have the independent administrative domains
Hosting
- may be done by an external company
- the enterprise grid may overlap (bit be largely separate from the hosting grid)
GOLD Infrastructure for Virtual Organisations
Panos Periorellis
GOLD project - http://gigamesh.ncl.ac.uk
Midd/ware to enable creation & operation of VOs
set of generic services to plan & manage VOs
Req.s eng process helped to define what is a VO.
Lots of experimentation with WS-* standards,
Has an idea of a 'trust circle federation' to assist in forming VOs
AuthZ
- Policy Entry Interface
- XACML written to be expressed to Policy Storage Point which then talks to Policy Verification Point
Used VDM modelling language and used (built?) an XACML->VDM converter
Legacy Code Support for Commercial Production Grids
Tamas Kiss
GEMLCA
Client is grid service client -> GEMLCA service -> Grid Middleware layer -> Compute Servers.
P-GRADE Portal - way of transferring input and outputs from different grid sites/nodes to other sites.
Grid monitoring Service Architecture
- - GEMLCA Monitoring Toolkit (GMT) - portal is told which resources are available and it can decide which to send the jobs to. - (already working on the NGS P-GRADE portal).
Also looking into a Grid Accounting and Charging Service (Similar model to that which I will be recommending in my talk a bit later).
Usage record and charging record - the former is defined in OGF, but the latter is not.
Meeting the Design Challenges of Nano-CMOS Electronics: An Introduction to an Upcoming EPSRC Pilot Project
Richard Sinnott
Project just about to start. Grid techs in the electronics domain.
The business partners (electronics and circuit designs) will only accept grid techologies if they work with their existing business processes.
Transistor architecture is about to change. Different designs are now appearing. Need to predict and determine the transistor's behaviour before it is manufactured.
To date, there is no agreed metadata naming scheme for diff types of chips.
Security is paramount - IPR is god in this community.
Focussing on 4 main areas:
- Workflows
- Data mgt
- Security
- Resource managmt
Challenges in the Commercial Adoption of Grid Computing Technologies
Ian Osborne Grid Computing Now! Project Manager
Good, well delivered, but very high level talk aimed at business. Didn't take notes as my battery ran out and my dislocated finger stopped me from taking written notes!
Day 2 - Tuesday
Introduction and welcome from Anne Trefethen.
Malcolm Atkinson - Keynote talk:E-Science: Achievements, Challenges and new Opportunities
Malcolm Atkinson, e-Science Envoy
Very general round up. Finished with talking about climateprediction.net, and www.mygrid.org.uk (in silico biology - Carol Goble).
also Discovery Net http://ex.doc.ic.ac.uk/new/architecture.php
and DAME http://www.cs.york.ac.uk/dame/
10 year plan for e-Science
- NGS (based at RAL but with many partners)
- JISC (mention that Prof Dave De Roure giving a presentation on e-Research the JISC way)
- OMII-UK - hardening software to make it widely available
3 new projects
- CARMEN - Neuroscience
- NanoCMOSGrid - See Richard Sinnott's talk from Monday/Day 1 above
- PMESG (Pervasive Mobile Environmental Sensor Grids) - traffic in cities
Opportunities for the future:
- Shape future e-Infrastructure
Exploit existing e-Science methods and work together to produce new ones
- Embed it in educational programmes
- work with industry
The NERC e-Science experience "Environmental e-Science: retrospect and prospect"
Professor Robert Gurney, Director, Environmental Systems Science Centre
Brought out the importance of environmental prediction.
- Assets at risk of flooding, earthquake, volcano etc.
Snow:
- In the western USA, between 70-90% of water supplyis derived from snowmelt!!!??!
- Manufacturing - largest contributer to the USA's GDP - USA's also largest surface water user and therefore most reliant on snow melt (and ironically largest threat to snow fall)
How do we make predictions?
- through computer models and hence links to computer science
Before the e-Science programme Prof Gurney couldn't find a NERC sponsorship/funding of a computer science department (apart from something isolated back in 1974)
Environmental Prediction and Ensemble forecasting
Ensembles - run a large number of models and take the average
- The mean of the ensemble gives a better forecast than a single prediction
- climateprediction.net started 2001. Very large number of models running (mostly) on computers at home.
- also outreach of CPDN has gone on to educational programmes via BBC etc.
- now moving into regional modelling (was completely global before)
- GENIEfy - grid enabled integrated earth system modelling framework for the community
- physical (earth system) models with biological models - how the biological systems can help (or not) to damp the effects of purely physical (e.g. radiation, temperature) changes
- Grid for Coupled Ensemble Prediction
- similar to CP.net but looking at old observations and running on clusters
JISC e-Framework
Organiser: Matthew Dovey
Missed the start - someone (Bill?) speaking as I came in on the general aims and scope of the e-framework.
- open standards
- consistent technical vocabulary
- a map of a complex (national) environment
Domain models
- bridge between user needs and services
- "a domain model shows how the needs of its practitioners can be met by a set of services"
How are user needs to be indentified?
- not just for a single institution, but across a section
- need to work with users as well as domain experts and practictioners
Need to map and model the domain
- to reflect current practice
- to identify problem areas and new opportunities
- to set out what is common across multiple app.ns as a basis for identifying services (See "domain engineering" idea developed in the early 1990s)
Elements of a domain model
- Stakeholders and roles WHO?
- Aims and goals WHY?
- Funcitons/high level tasks WHAT/HOW?
- Scenarios - HOW? WHERE? WHEN?
- Practices and process models HOW?
Wilbert Kraan - Technical terminology for JISC e-framework
e-framework can mean 3 different things:
- International e-framework initiative
- the web site or knowledge base that it is producing
- each partner's activity
Solution matrix in 2 dimensions:
- services
- locate appripriate service specs
- locate service reference implementations
- locate current implementations
- service usage models
- locate service workflows
- locate service use cases
- to engage directly with practitioner communities
Service Genre
- e.g. serach, alert user etc.
- groups together similar specific interfaces or service expressions
- captures as much as possible of teh abstract commonality within the genre
Service espression
- a specific service interface contract (e.g. Z39.50, IETF Atom, SMTP etc.)
- fulfils part or whole of the functional scope of the service genre it belongs to
- consists of:
- service definition (machine readable)
- service description (human readable)
Service implementation design
- blueprint
Service implementation
- portable piece of software that implements a service
- e.g. Dspace, movable type binaries
So the genre pulls together a number of Service Expressions which may refer to Service Definitions
Service Usage Models
- collection of services combined to support one or more workflows of processes
Example use case:
- A system needs to notify a human being
- E-framework service genre = 'Alert Users'
- you will find only one service expression (OASIS Common Alerting Protocol) but not enough for your need (maybe some useful semantics)
- In short: roll your own but with guidance
Security 1 session
Application of Fault Injection to Globus Grid Middleware
Nik Looker, University of Leeds - White Rose Grid
Threats
- Fault (defect in the system)
- Error (an unspecified state - discrepancy between the behaviour of the system and its specified behaviour.
- Can lead on to a
- Failure (observable behaviour)
Try to break these fault error chains. 4 main classifications:
- fault prevention
- fault removal
- fault forecasting
- fault tolerance
Faults can take an age to actually occur, so you can purposely inject faults.
e.g. network level fault injection (capture network packets and deliberately introduce a fault - corrupt the packet or change it in some way).
Grid-FIT
- - can slot it into web services or globus can even get it to inject faults into a 3rd party service even where you do not have access to the source code or the server (I didn't quite get how!!)
Future work
- CROWN
- FT-Grid
Grid Single Sign-On in CCLRC
Matthew Viljoen, standing in for Jens, I believe
SSO at RAL (enabling folks to get onto the grid if they don't actually have a grid certificate).
SSO
- traditionally means authNing once (e.g. SSH agents, Globus proxies)
- at CCLRC (DIAMOND, ISIS, SCARF), simplifying graid access by using Active Directory
User logged onto windows doesn't have a 1 year certificate but has a kerberos or
- does have a 1yr cert
Kerberos token authenticates user, short lived (<1megasecond 7 days) low LoA cert generated by !MyProxyCA Grid resource trusts the MyProxyCA
Terminal based access
- GSISSH terminal access needed
- so used SSHTools (Java SSH, VNC, SFTP)
- plus some work on GSISSH that uses CoG kit
GSISSHTerm client
- trivial to install (java)
- O/S independent
- nice VNC remote desktop using GSISSH
SSO DN is created using attributes from Active Directory.
Can roll it out everywhere but each organisation needs a SLCS CA (as part of the hierarchical NGS CA).
The new Kerberos SSO GSISSHTerm exists but is waiting for JDK 1.6 to be released (currently in beta but should be released this Autumn)
Mark Norman - Paranoid talk
Someone from Oxford then gave a tired old Shib vs PKI talk.
Day 3 - Wednesday
The NSF vision of Cyberinfrastructure supporting e-Research, e-learning and engagement
Keynote talk from Professor Dan Atkins, Director of the Office of Cyberinfrastructure, NSF
Nomenclature
We call it e-infrastructure, they call it cyberinfrastructure (CI)
So they use the term CI-enhanced or CI-enabled.
He then managed to talk about the UK's e-Science and Grid definitions or descriptors, which still seem quite confused to me (but he was being very polite and enthusiastic about it).
Advances
- computation
- data information management
- sensing, observation, activation in the world
Talked about VOs - almost any meaning attached to this from co-laboratory/collaboratory to Grid to Portal to Hub etc.!
VOs
Some attributes:
- technical performance, level of resource
- Extent of functional completeness (how far the 'reach' of the solution goes - to all of the interdisciplinary community)
- Extent of reuse of components from elsewhere
- Extent of interoperability with other VOs
- The model for sustainability and evolution
- Extent of support for multiple outcomes (research educational, societal engagement, rapid response). [Madness. I can't see what all of that has got to do with VOs!]
Talked about science drivers for CI or e-infras. (multi-disciplinary, ensemble approaches etc.)
Reports
- NSF Blue Ribbon Advisory Panel on Cyberinfrastructure
- ACLS-Mellon Cyberinfrastructure for the Humanities.
- Also the HASTAC Project Report
Now have an Office of Cyber-Infras. (OCI), a CI Council, Advisory Committee for CI
NSF CI vision for 21st centrury discovery document.
www.nsf.gov/oci/
His view of achievements of e-Science/CI:
- international movement
- vision and aspiration for computational-based services linked for use in virtual knowledge communities
- lots of promising prototypes
Challenges:
- Something he called the 'compentency trap' (old hands go to the top doing it the old way, a bit resistant to change)
- measuring and visualising the payoff of CI
- understanding and resolving the social, behavioural, economic and legal barriers for this kind of work.
Silchester Roman Town: the challenges, aspirations and experience of developing a VRE for Archaeology
Professor Michael Fulford, Archaeology, University of Reading
Project SILCH. Silchester = Roman Town in S. England. Research is part of understanding the nature of urbanism in pre-industrial societies.
3000m2 of a Roman City. Key site for investigation in late 19th, early 20th C.
In the dig - about 100 individuals, typically, all generating new data. Lots of artifacts and "ecofacts". Animal and human remains.
Integrated Archaeological Database
Around 10,000 stratographic units, each layer explicitly defined, both in free text and as a topographic plan. Rich array of images (both of layer, but also of the finds of artefacts within that layer).
Very important to be able to reconstruct the configuration of stratographic units.
All presented on-line within the VRE. Prof Fulford showed lots of screen shots of the VRE and it does look good! Also collaborative writing about artefacts and all sorts of objects/stratographic units etc. - made possible by the VRE. These can also be used to feed into the public-facing web site (www.silchester.rdg.ac.uk)
Wide range of digital resources, primary and secondary data, integrated (for collaborations etc.)
Computing issues
- Delay in digitsing resources, particularly site plans (so all records had to be paper based and then later digitised)
- External specialists not closely involved with project
- No cross-server integration (for sharing information and working together with other early-urban studies)
Tried to work on systems of direct entry of data on site.
- explore the use of hand held devices on site
- develop software for this research domain.
- IPAQ's
- Ruggedised tablet PCs
- Difficult in the hot July sun.
LEAP project - Linking Electronic Archives and publications (had a role here)
Searching other databases for common finds
Made some progress - can do searches of archives in York, Reading and UEA.
In the VRE, can visualise matrices of artifacts, layers, seeds etc. in a way that assists research. Good visualisation leading to new avenues of investigation (or facilitating existing ones).
After 10 years, they think that they are about half way through the Silchester project.
Security 2 session, Weds morning
ShibVomGSite: A Framework for Providing Username and Password Support to GridSite with Attribute based Authorization using Shibboleth and VOMS
Joseph Olufemi Dada
Similar aims to ShibGrid/SHEBANGS, except that (I think) the user has to have a 12 month certificate to begin with and it enables the person to go away from home and leave their cert. behind.
Used GridSite (funded by GridPP and PPARC). Interested in using Shibboleth for use cases to avoid users to always to have to install certificates on each machine upon which they want to do some 'grid work'.
Gave introductions to GridSite and Shibboleth. Also VOMS. User in the VO can request a short-lived credential to grid resources.
MyIdentity Service:
- Carries out AuthN of users via certificate
- issues a username and time limited password to users
- bind the username/password to users' DN and CA's DN in a database
- serves as authentication service to Shibboleth IdP
It seems that there is an assumption that the user has a long term certificate to start with.
VASGS Service
VASGS Connector Plug in talks to the VASGS VomsAttribute Web Service -> VOMS API - > talks to VOMS database
Something called GAMAS that needs to be integrated with the SP (for AuthZ decision-making).
Instance-Level Security Management in Web Service Business Processes
Dacheng Zhang, Univ. of Leeds (and Beihang in China).
Frankly, I didn't understand the main premise/use cases behind the developments.
Seems to be a kind of public key system one party sends a key to another using thee 2nd party's public key (I think),
Needed to find out whether this could be done and wasn't too computationally expensive. 'Secure conversation'.
Instance Level Security - each instance of a 3 party exchange has it's security and session set up at the outset and just for that session.
A user-friendly approach to computational grid security
Bruce Beckles
"Grid Security: we're not there yet!"
Talked about state of grids - AuthN X.509 largely
AuthZ - either simplistic (grid mapfiles) or very heavyweight that needs cross-institutional work.
AuthZ mechanisms:
- either just an "allow" list
- or complex heavy weight
- totally dependent on AuthN mechanism (and if that is flawed...)
Auditing issues:
- Who is dependent on the quality of the AuthN system
- What: executable name is often "lost in transit" (exe deleted after job completes)
- Where IP address of host submitting job (can be spoofed etc. etc.)
Why is it like this?
- current solutions too heavyweight and complex (don't get applied well)
- poor usability to end users
Grid Security currently:
HEAVYWEIGHT+poor usability -> lack of security
User friendly security:
- Keep to the domain for the application - make it fairly specific to that community.
- local issues locally (including AuthN)
- VO membership - use local identity to determine membership/AuthZ
- Distribite information across resources as necessary
- Certificates appaling, passwords better
- conform to best practice: audit data stored remotely
- don't rely on IP addresses.
User Friendly Authentication and Authorisatiom for Grid Environments Project: UCL, Manchester, Cambridge, Newcastle, South Bank. Start date 2006, EPSRC funded. Working with the RealityGrid users (and use cases will come from there).
See Bruce's 2 papers http://www.allhands.org.uk/proceedings/papers/250.pdf
Mechanisms for increasing the usability of grid security (Beckles, Von Welch and Basney) http://dx.doi.org/10.1016/j.ijhcs.2005.04.017
Some brief notes on Science towards 2020 (Microsoft Research)
Stephen Emmott, Director European Science Programme
Talked about new approaches to in silico experiments in biology and medecine.
Molecular computer - programmable finite state automaton and injected it into a cell. Watched for gene under/over expression.
Training tomorrow's scientists. More input from computer science. Tomorrow's biologists need to know as much comp. sci. as today's physicists know about mathematics.