Global Grid Forum: Moving to Open Grid Services Architecture (OGSA)
Overview of GGF4 and follow-on developments

Version 1.0, 17 May, 2002

Yuri Demchenko, TERENA <>


This report is based on materials presented at GGF4 and recent developments that happened in Grid and related areas after the meeting. The major development that was presented and discussed at the GGF4 meeting was an Open Grid Services Architecture (OGSA) proposed as further development of the Globus Toolkits (GTK). OGSA is based on XML Web Services recently having been actively developed by industry. OGSA defines Grid services in WSDL terms and allows separation between Grid application level and underlying middleware. OGSA is defined as an application level interface between Grid applications and network/middleware infrastructure. As a consequence it leads to another abstraction level in describing underlying network infrastructure functionality in terms of QoS provisioning and monitoring. Introducing OGSA will require refactoring existing Grid middleware components and GTK architecture. There is a clear interest from industry in adopting Grid technologies and OGSA as further development of Web services to better serve new industry computing paradigm and satisfy e-business requirements in building distributed virtual enterprises.


1. GGF4 overview
2. Plenary sessions

a) Opening plenary: Paul Messina, California Institute of Technology - GFAC Chair
b) Keynote: Advancing e-business into the Future - Irwin Wladawsky-Berger, Vice President, Technology and Strategy, IBM Server Group
3. An Open Grid Services Architecture Panel and Grid Services BOF
3.1. An Open Grid Services Architecture Panel
a) OGSA and industry perspective
b) Globus Toolkits and OGSA
c) Open Grid Services Architecture
3.2 BoF on Grid Services
3.3. XML Web Services and Global XML Web Services Architecture as a foundation for OGSA
3.4 Summary of GGF4 presentations on OGSA
4. Grid Project Updates
5. Vendor Updates: Industry and GRID
6. Summary
7. References

Appendix A. Global Grid Forum (GGF) overview
Appendix B. An Open Grid Services Architecture - Overview
B.1 Background: Web Services (WS) and Global XML Web Services Architecture (GXA)

a) Web services basics
b) Future Global XML Web Services Architecture
c) GXA Security
d) GXA Routing
e) Future GXA development
f) Web Services limitations and future development
B4.2 The OGSA basics
a) Service Orientation and Virtualization
b) The Grid Service definition
c) The OGSA Service Model
d) Creating Transient Services: Factories
e) Using OGSA Mechanisms to Build VO Structures
B.3 Grid Security Infrastructure as a component of OGSA transport layer
1. GGF4 overview

GGF4 took place from February 18-20, 2002 in Toronto and was attended by more than 400 participants; significant increase was in industry participation. The GGF4 Programme involved approximately 50 WG sessions, 19 BOFs, an Update Track on new developments and trends that conveyed 7 sessions. The Opening plenary session consisted of presentations on GGF organisation and activity by Charlie Catlett, GGF Chair and View on Grid relation to other past and current developments and technologies by Paul Messina, GFAC Chair. The detailed Programme and major presentations can be found at

To address the international context of the GGF activity GFSG (GGF Steering Group) was extended with international representatives, in particular Cees de Laat, University of Amsterdam and Peter Clark became new European members of the GFSG (one more European representative is Jarek Nabrzyski, PSNC). GGF external Advisory Committee (GFAC) added two European representatives Tony Hey (UK) and Kyriakos Baxevanidis (EU/CEC). Also GFSG was extended with other new members Ken Klingenstein (Internet2), Jeff Nick (IBM), Ian Baird (NPI/Platform Computing), Bill Nitzberg (Veridian) what actually indicates general trends to tighter/closer cooperation with the industry and traditional Internet community as Grid (computing) technologies are becoming ready for industry implementations and wider use. GGF Overview and GFSG and GFAC members list is given in the Appendix A.

The Update Track had the following sessions:

Some presentations of interest from the Update track are referenced below.

WG and RG meetings and BoF's were mostly focussed on particular problems and developments. Grid community is facing a wide range of technical problems and possible solutions. Some areas/issues need just establishing common conventions, but others obviously need to be started from describing the problem and requirements and making taxonomy of (reviewing) existing solutions. More information about WG and RG meetings and BoF's can found from the GGF4 Programme ( and GGF WG and RG web page at

One of the specific topics at GGF4 was a Grid Open Source software initiative that is intended to created an open source software for wider involvement of user community into development and adoption of new technologies. It is intended also to create alternative in development tools and building platforms for the Grid services when they move to OGSA based on Web Services, which is initially industry originated initiave currently implemented in two major platforms Microsoft .NET and SunONE/J2EE.

There are areas which are quite specific for the Grid computing, but much more problems can be identified as common for the traditional Internet infrastructure and Grid computing infrastructure. Using words of Ken Klingenstein in his presentation at the BoF on Middleware for Grid aware networks in Amsterdam: there are much more gaps than inconsistencies between Grids and traditional/campus Internet. GGF4 became this cornerstone that started/indicated increasing interest in cooperation between two communities.

2. Plenary sessions

a) Opening plenary: Paul Messina, California Institute of Technology - GFAC Chair

The presenter stressed on industry involvement via New productivity Initiative (NPI). Movement to the Web services as a key concept for accessing the Grid services will separate application/platform specific issues from underlying middleware/network infrastructure. The rationale in moving to WS will be in benefiting from the advantages of mass market support of WS, which already have been implemented in two major industry platforms Microsoft .NET and SunONE/J2EE.

Till recent time Grid was an example of application driven technology that was merely based on ad-hoc solutions for single projects or some limited community. This was resulted in insufficient standardization activity. Recently situation has changed from both sides: Grid development is facing need to standardize many things and use existing production technologies/systems; and industry is experiencing need to build dynamic virtual organizations with distributed resources, which technologies are being developed in Grids.

b) Keynote: Advancing e-business into the Future

Irwin Wladawsky-Berger, Vice President, Technology and Strategy, IBM Server Group

In his keynote presentation Irwin Wladawsky-Berger, IBM's Vice President made insight into further development of Internet and computer technologies: "Where is the Internet going and what is the next big thing that will emerge from it?" Gird is considered now as not a hypothetical technology but as a technological reality that is to change the current Internet functionality.

Today the Internet is a collection of capabilities that evolved from basic networking and communication to WWW based information infrastructure and e-business. These are two major drivers: customers and marketplace, and technology itself.

Some of the main things important to customers:

1) more efficient use IT resources: computing, storage, applications, data - considered as a prime requirement;
2) industrial strength infrastructure: continuous availability, security, etc.;
3) flexible integration: new technologies, applications, people;
4) and finally, one of the most important things people want is "freedom of deployment": distributed, centralized, outsourced. For example, if you're running an in-house application and decide you are better off outsourcing it, you should be able to call up a firm and, in a matter of a few weeks, have them running it for you.

The key for this is culture of standards which is widely recognized by industry and acts as a huge driver of innovation. This is especially important for Grid that target cross-domain, cross-boundary and cross-platform integration of resources, applications and people into Virtual Organisations.

IBM's view of the Internet as a Computing Platform brings the following key challenges/initiatives:

The speaker gave a few examples of IBM's engagements into the Grid related projects for research applications, data sharing and application integration: Now, Grid capabilities are actually also emerging in the commercial world. But in the commercial world the different terminology has been used - it's called Web services.

A lot of the capabilities that a number of companies like IBM, Microsoft, Oracle and others have been bringing to the table to integrate Web services applications are very much in the spirit of the Grid initiative, both technologies/initiatives are focused on sharing resources over the Internet, especially applications.

IBM also sees another related concept called Autonomic Computing - the effort to bring about a world of self-managing systems and a self-managing infrastructure. The technology that is becoming more and more complex needs to manage itself. And Grid computing is making this target closer.

Autonomic computing will lead to increasing "infrastructure intelligence" and will include self-optimising, self-configuring, self-healing, self-protecting. Infrastructure management will require the following:

Another major aspect of Grid computing stressed by the speaker is its impact on the world of "utility" computing seeing as a technological basis for utility/services outsourcing. Utility computing needs standard way of connecting the computing resources and applications that you're outsourcing.

Benefits in creating and accessing the infrastructure with "Utility" computing:

- access new capacity and add capacity quickly
- better performance
- reduce upfront investment
- gain expertise not available internally.

Essential issue here is to develop common protocol to link all resource together that will enable the paradigm - own vs buy resource(s). New technology will allow to buy more detailed "pieces" of the infrastructure.

One of usual challenges for technology vendors in such new and actually expensive area as Grid computing is how to encourage small companies to use and invest into Grid/WS technologies, and this will depend on size of the market of new technologies.

The speaker summarized that there is an incredible amount of potential in this technology of Grid computing. The Grid is opening up a whole set of really important capabilities we have all been after for a long while. And now of course starts the hard work.

3. An Open Grid Services Architecture Panel and Grid Services BOF

There were two sessions devoted to the proposed Open Grid Services Architecture: the first session was in a form of Panel on an Open Grid Services Architecture with invited speakers I. Foster, ANL and UC, S. Graham, IBM, C. Kesselman, USC/ISI, J. Nick, IBM, S. Tuecke, ANL; the second session was in a form of BoF on Grid Services intended to establish new Working Group on Open Grid Services Infrastructure.

Two documents summarizing preliminary ideas had been developed, and presented at the Panel and further discussed at the BoF:

In an earlier article "Anatomy of Grid"(, Grid technologies and infrastructures are defined as supporting the sharing and coordinated use of diverse resources in dynamic, distributed "virtual organizations" (VOs). The article defined essential properties of Grids and introduced key requirements for protocols and services, distinguishing among connectivity protocols concerned with communication and authentication, resource protocols concerned with negotiating access to individual resources, and collective protocols and services concerned with the coordinated use of multiple resources.

3.1. An Open Grid Services Architecture Panel

a) OGSA and industry perspective

Jeff Nick from IBM updated on IBM server solutions and e-business initiative and their relation to more general concept of XML Web Services and proposed OGSA.

Enterprise implementation of e-business technology leads to decomposition of monolithic enterprise information system. e-business require from computer and information technologies integration of distributed corporate resources with QoS reservation. QoS must be delivered via vertical integration of:

The continuing decentralization and distribution of software, hardware, and human resources make it essential that we achieve desired qualities of service (QoS). New abstractions and concepts are required that allow applications to access and share resources and services across distributed, wide area networks. The aggregate effect is that qualities of service traditionally associated with mainframe host-centric computing are now essential to the effective conduct of e-business across distributed compute resources, inside as well as outside the enterprise.

Another key trend is the emergence of service providers (SPs) of various types, such as web-hosting SPs, content distribution SPs, applications SPs, and storage SPs. Such emerging "eUtilities" (a term used to refer to service providers offering continuous, on-demand access) are beginning to offer a model for carrier-grade IT resource delivery through metered usage and subscription services.

IBM is working on toolkits that will allow AIX and Linux users to "grid-enable" their applications. Jeff Nick took IBM's Project eLiza as an example of IBM adherence to developing open self-managing systems (computer platforms) for e-business. IBM's Project eLiza is an ongoing effort to create servers that respond to unexpected capacity demands and system glitches without human intervention. eLiza's major features: e2e automation and e2e management, security and disaster recovery.

Open Systems Adapter (OSA) used in eLiza supports distributed resources management, seamless QoS provisioning, common infrastructure building blocks, openly published interface. eLiza OSA infrastructure provides resource discovery and management, common resource instrumentation, profile based policy, metadata mapping, authentication, access control, credential delegation, context and context propagation.

They further develop the Service model based on separation of interface from access and implementation. The interface for the Service model is considered WSDL (Web Services Description Language) which describes the service independently from local/remote transport. At this point two initially independent initiatives - Grid computing for science and Web Services for B2B, are coming close and ready for adopting common technological platform. This is the motivation for introducing OGSA which is based on Web Services. It is foreseen that commercial Grids will evolve via OGSA.

However, OGSA introducing new abstraction level in describing interface to the service on particular platform applies new requirements to underlying middleware and network infrastructures: QoS provisioning across horizontal and vertical system integration, distributed security, traceability, monitoring.

From a business perspective, OGSA will allow the creation of composite Web Services that integrate resources and utilities across different administrative domains or companies. Targeting business applications include on-demand computing, multisite data analysis, collaborative engineering, real-time supply chain integration, that will allow companies to outsource both services and expertise/knowledge - access and use services without initial investment (both in utility and knowledge) and without building necessary infrastructure.

The key difference of Web Service refactoring of current enterprise infrastructure based on VPN technologies (that works inside of firewall) is in extending secure interoperability behind firewall. Therefore, the next major WS challenge is seen in WS-Security concept recently announced by IBM and Microsoft (

Many industry research and consulting firms predict that 2002 will be a year to learn rather than implement WS for general industry. It is expected that companies will first try to implement WS and OGSA for internal resources integration. However, some larger data/computing intensive applications are already involved in research and pilot implementations of Grid applications (see for examples Vendor Update and Grid Projects section of this report).

b) Globus Toolkits and OGSA

Steve Tuecke from ANL and Globus Team made presentation on OGSA as Globus Toolkit Futures.

The Globus Toolkit (GTK) is a community-based, open-architecture, open-source set of services and software libraries that support Grids and Grid applications. The toolkit addresses issues of security, information discovery, resource management, data management, communication, fault detection, and portability. GTK is a standard de-facto in Grid computing.

The toolkit components that are most relevant to OGSA are

The GRAM protocol provides for the reliable, secure remote creation and management of arbitrary computations termed as a transient service instances [2]. GSI mechanisms are used for authentication, authorization, and credential delegation to remote computations. Service creation is handled by a small, trusted "gatekeeper" process (termed a factory in the article), while a GRAM reporter monitors and publishes information about the identity and state of local computations (registry).

New version of GTK 2.0 released recently differs substantially from the previous release GTK 1.1.3 and provides good technical solutions for authentication and authorisation, resource discovery and monitoring, reliable remote service invocation, high performance remote data access ( Major improvements are in

1) new Data Grid components;
2) improved MDS (Monitoring and Discovery Service) information services components;
3) improved GRAM (Globus Resource Allocation Manager) resource management components
4) new packaging technology;
5) improved Security components (GSI configuration files changed to allow modular modification, complete security/encryption codes are provided, security error messaging made better, restricted delegation and community authentication services are added to GSI, numerous memory leaks in the GSSAPI and GAA code were eliminated, possibility to use OpenSSL).

GTK 3.0 as announced will implement OGSA with related refactoring of all Globus Grid services. Alpha release of GTK 3.0 will be available late 2002 - early 2003 and will implement new core Grid Services: MDS, GRAM and GridFTP based on OGSA. There is a high interest from industry in it. IBM has special team of (10) specialists that work together with the Globus team to create production/market ready open source software.

Based on OGSA the resource management, data transfer, and information service protocols used within the current Globus Toolkit will be re-engineered to be built on (OGSA and GSI) common mechanisms (see Figure 1). Refactoring the design of those protocols will allow to extract similar elements and exploit commonalities. In the process, this will be resulted in enhancing the capabilities of the current protocols and creating a common service infrastructure. Globus Toolkit 3.0 will be the basic OGSA implementation.
Grid Services Abstraction
Other Transports

Figure 1: On the left, some current Globus Toolkit protocols; on the right, a potential refactoring to exploit OGSA mechanisms.

c) Open Grid Services Architecture

Proposed OGSA is based on Web Services - increasingly popular standard-based framework for accessing network applications. Current XML Web Services (WS) are based on WSDL (Web Services Description Language), SOAP (Simple Object Access Protocol), WS-Inspection, UDDI (Universal Description, Discovery and Integration). Web Services address discovery and invocation of persistent services providing interface to persistent state of entire enterprise. WS provide relevant basis/tool for management of transient service instances in Grids, i.e. interface to the states of distributed activities. OGSA's service orientation allows virtualisation of resources. OGSA service model includes persistent services (typically few for a system) and transient services (potentially many) which are dynamically created/destroyed.

OGSA extends WS concept/architecture with new Grid Service with specified interfaces: Factory, Registry, Discovery, Authorisation, Notification. A Grid service interface is a WSDL portType, a Grid service definition is a WSDL serviceType extension. A Grid Service instance has a set of service data elements: Grid Service Handle (GSH), Grid Service reference (GSR). GSH is a stable name for a Grid Service (typically an URL), GSR is a WSDL document that describes how to communicate with the Grid Service including protocol binding, network address, etc. OGSA defines mapping and binding to allow mapping between GSH and GSR. Important element of OGSA is a Lifetime Management that allows creation and destroying Gird Service via soft state. The Registry interface may be used to discover a set of Grid service instances and returns a WS-Inspection document containing GSHs of a set of Grid services and policy associated with the set. Using Registry handle as the unique name for the virtual organisation allows to construct Grid services (instances) in different hosting environment - simple, virtual and compound.

Discussion at both the Panel and BoF revealed that moving to OGSA concept will also affect interface(s) and definition(s) of underlying middleware and network infrastructure. The concept of service provisioning (in sense of QoS and resource/utility access interfaces) and monitoring was named as an approach to integrate OGSA with underlying infrastructures. OGSA/WS provide common interface for integration of distributed resources over different domains and platforms. They target interoperability rather than portability.

Recent announcement of WS-Security architecture by Microsoft and IBM may also affect the GSI (Grid Security Infrastructure) - the major component of OGSA and GTK.

3.2. BoF on Grid Services

BOF on Grid Services finished a day of the Update Track devoted to OGSA, Web Services and related industry initiatives and products. The purpose of the BOF was to discuss a proposed GGF work plan aimed at developing technical specifications for elements of Open Grid Services Architecture.

New Working Group on Open Grid Services Infrastructure (OGSI WG) to develop OGSA was proposed at GGF4. The Charter for the new GGF Working Group was discussed at the BoF. The objective of the OGSI WG is to review and refine the Grid Service Specification and other documents that derive from this specification, including Open Grid Service Architecture (OGSA) infrastructure-related technical specifications and supporting informational documents.

Technical specifications for elements of an Open Grid Services Architecture to be developed by OGSI WG will include the following major documents:

a) Grid Service Specification
b) OGSA Security Architecture Specification
c) Grid Service Protocol Binding Specification: SOAP over HTTP and GSI
d) J2EE OGSA Binding Specification
e) Grid Service C/C++ Client API Specification
f) Grid Service Java Client API Specification
g) Resource Discovery and Management Services Specification

OGSI WG webpage is available at
General Discussion mail list -

3.3. XML Web Services and Global XML Web Services Architecture as a foundation for OGSA

The major presentation on XML Web Services as a platform for distributed dynamic applications was given by Microsoft's David Turner, Senior Program Manager Web Services. He explained basics of the Web Services as it seen by industry and business.

Web Services came to life because of business demand: distributed business needs distributed computing. Current XML WS are evolving into architecture for all distributed applications. XML Web services integrate resources and utilities across different administrative domains or companies.

Recently Microsoft proposed extension of the XML WS concept with the Global XML Architecture (GXA). GXA provides principles, specifications and guidelines for advancing the protocols of today's XML Web Sservices standards to address more complex and sophisticated tasks in standard ways, allowing XML Web Services to continue to meet customer needs as the fabric of application internetworking.

GXA is based on four design tenets:

The Global XML Web Services Architecture is the framework for the future of XML Web services.

The architecture is divided into three conceptual layers: SOAP, SOAP modules, and infrastructure protocols.

Global XML Web Services Architecture includes four specifications: WS-Security (and related specifications WS-Policy, WS-Trust, WS-Privacy, WS-SecureConversation, WS-Federation, WS-Authorization), WS-Routing and WS-Referral build on the SOAP family of XML interoperability technologies. For the specifications themselves and more extensive technical background, please see Some additional information about WS and GXA is provided below.

GXA provides core building blocks (common XML headers, format, protocol, etc.) that increase interoperability and productivity by creating tools and OS that hide complexity from applications (and applications developers). Modular construction of GXA components allows scaling down, in, up, out, away. In business terms performance wins from competition, and reliability wins from broader vendors/users involvement.

Future GXA development will include reliable messaging and transactions.

IBM is a major partner of Microsoft in GXA/XWS, UDDI, WS-Security development. WS interoperability issues are the major focus of WS Interoperability Consortium (

More information about GXA/XWS is available from Microsoft's MSDN website and from IBM's developerWorks web site

3.4. Summary of GGF4 presentations on OGSA

One of the key issues at the last GGF4 in Toronto was announcement of an Open Grid Service Architecture (OGSA) that supports, via standard interfaces and conventions, the creation, termination, management, and invocation of stateful, transient services as named, managed entities with dynamic, managed lifetime.

The development of OGSA represents a natural evolution of the Globus Toolkit 2.0, in which the key concepts of factory, registry, reliable and secure invocation, etc., exist, but in a less general and flexible form than proposed in OGSA, and without the benefits of a uniform interface definition language. In effect, OGSA refactors key design elements so that, for example, common notification mechanisms are used for service registration and service state. OSGA also further abstracts these elements so that they can be applied at any level to virtualize VO resources. The Globus Toolkit will provide the basis for an open source OGSA implementation,

Within OGSA, everything is represented as a Grid service, that is, a (potentially transient) service that conforms to a set of conventions (expressed using WSDL) for such purposes as lifetime management, discovery of characteristics, notification, and so on. Grid service implementations can target native platform facilities for integration with, and of, existing IT infrastructures. Standard interfaces for creating, registering, and discovering Grid services can be configured to create various forms of VO structure.

Moving to XML Web Services definition of Grid services will allow to separate the application layer of Grid services/applications from the underlying middleware although specific for Grid and better define interface and requirements to network (infrastructure) services (in terms of provisioning).

4. Grid Project Updates

Two sessions were devoted to present updates on Grid projects from over the world.

Asia-Pacific Grid activities were presented at this Forum by a number of projects and initiatives. Common message from many presenters was that Grid activities in the regions are finally taking off since Autumn last year. There is some regional specifics that should be addressed in global Grid activity and standards. Below are links and some descriptions of the projects.

Korea Grid Forum (including APEC/TEL Asia Pacific Grid Implementation Initiatives) - Dr. Sangsan Lee, KISTI Supercomputing Centre

Japanese Grid Initiatives - Prof. Satoshi Matsuoka, Tokyo Institute of Technology

Information Technology Based Laboratory (ITBL) - Dr. Ryutaro Himeno, Riken

Thai Grid Efforts - Dr. Putchong Uthayopas, Kasetsart University

Asia Pacific Grid Update - Dr. Yoshio Tanaka, AIST

ApGrid is a partnership for Grid computing in the Asia Pacific region. ApGrid focuses on (1) sharing resources (2) developing Grid technologies (3) helping the use of our technologies in create new applications (4) building on each other work, etc., and ApGrid is not restricted to just a few developed countries, neither to a specific network nor its related group of researchers.

Access Grid - B. Olson, ANL

The Access Grid (AG) is the ensemble of resources that can be used to support human interaction across the grid. It consists of multimedia display, presentation and interactions environments, interfaces to grid middleware, interfaces to visualization environments. The Access Grid complements the computational grid, the Access Grid node concept is specifically targeted to provide "group" access to the Grid. This access may be used for remote visualization or interactive applications, or for utilizing the high-bandwidth environment for virtual meetings and events.

NPACInet - M. Humphrey, UVA

The mission of the National Partnership for Advanced Computational Infrastructure (NPACI) is to advance science by creating a ubiquitous, continuous, and pervasive national computational infrastructure: the Grid. Funded by the National Science Foundation and led by Fran Berman of UC San Diego (UCSD) and the San Diego Supercomputer Center (SDSC).

GridCanada and CANARIE - B. St. Arnaud, CANARIE

GridCanada is based on and developed together with Canet4 - Object Oriented Network (CA*net 4 design principles - CA*net 4 is defined as integrated with grid software and web service architecture.

NSF Middleware Initiative (NMI). Alan Blatecky from NSF updated on NSF Middleware Initiative (NMI - This activity is well known for TERENA community. TERENA has liaison with the MACE activity in Internet2/US, and NMI projects are part of MACE.

The presenter specially stressed on importance of tight cooperation between Grid community and Universities'/campus networks in solving common problems and benefiting from combined/common experience.

The purpose of the NSF Middleware Initiative (NMI) is to design, develop, deploy and support a set of reusable, expandable middleware functions and services that benefit many applications in a networked environment to enable advanced networks and particularly emerging Grid computing.

Two major teams - the new GRIDS (Grids Research Integration Deployment and Support) Center ( and NMI-EDIT Consortium formed by the Internet2, EDUCAUSE and SURA ( - will lead the NMI effort.

The initial software release from the NSF Middleware Initiative (NMI) will be issued in May 2002. To be known as NMI-R1, the package will include new versions of popular Grid computing services like the Globus Toolkit, Condor-G and Network Weather Services, KX.509 and KCA (Kerberized Certificate Authority) software for providing a bridge between a Kerberos and PKI, CPM Certificate Profile Maker for making a certificate profile in XML format, WEBISO (Web Initial Sign-on ) Pubcookie.

NMI-EDIT Consortium will contribute for a number of deliverables, in particular, preparing a number of White Papers, Conventions and Best Practices and Policies. The WP specifically related to bridging (and removing gaps) between campuses and Grid community will be titled "Plumbing Campuses for Grids". Developed in collaboration with the GRIDS Center, this paper will discuss the architectural and policy implications of implementing a directory-enabled inter-realm authentication and authorization structure, while at the same time being able to support collaborative computing applications. Underlying concepts can extend to various Grid technologies.

Note. For more details about the WP "Plumbing Campuses for Grids" please refer to Ken Klingenstein's presentation at the BoF on Middleware for Grid Aware Networks organised by TERENA on March 13, 2002 (

UK e-Science (GRID) Programme - T. Hey

National e-Science Centre -

The UK DTI and the Research Councils are committing £118M (and approx. £20M of matching funds from industry) to a government-industry programme on e-Science. The reason for this investment is that GRID technology is seen as the natural successor to the world wide web and the UK wants to take a leading role in order to develop solutions for its scientists and developing opportunities for its industry. IBM and HP are deeply involved into UK Grid Programme. The difference of UK e-Science (GRID) Programme that it extends its future development beyond Computer Grids which are considered as a first stage of emerging technologies and will develop into Information Grid and Knowledge Grids which concept is seen close to Semantic Web.

There is a strong and extending support for Grid related activities/projects in UK (e-Science Programme) in a form of the UK Grid Support Centre ( which is led by the CLRC e-Science Centre in partnership with the National e-Science Centre at the University of Edinburgh and Regional e-Science Centre at the University of Manchester. Technical activity is coordinated by the Grid Engineering Task Force ( formed in October 2001 to guide the construction, testing and demonstration of a prototype UK e-Science Grid. It contains members from each of the ten UK e-Science Centres.

The Grid Engineering Task Force operates through several Working Groups. Responding to GGF;s move to OGSA and XML Web Services industry initiative, ETF formed the new Web and Grid Services Working Group ( It will investigate Web Services can play a practical role in the academic e-Science programme. Web Services are widely used in industry for business-to-business integration and will also underpin the Open Grid Services Architecture which was announced recently. Globus will move to the OGSA model in its next release.

A UK roadmap document ( for developing middleware in an OGSA has been prepared by the Grid Architecture Task Force ( There is also document available from ETF on Writing GSI enabled Web Services (

List of projects funded by e-Science can be found at

EUROGRID Project: Application Testbed for European GRID computing - V. Alessandrini, IDRIS

The project workplan for EUROGRID consists of four application-specific Grids: Bio Grid, Meteo Grid, CAE Grid, HPC Research Grid, - and workpackage to develop common middleware for all application packages. The EUROGRID software will initially be based on the UNICORE system developed and used by the leading German HPC centers. The extensions will be developed for efficient data transfer, resource brokerage, ASP services, application coupling and interactive access.

GridLab - J. Nabrzyski, PRC

GridLab: Grid Application Toolkit Architecture project has started recently. It is application and testbed oriented. The main goal is to use Grids for real every day production work. The project also aims to make it easier for applications to use resources available to virtual organizations. In many aspects Grid Application Toolkit (GAT) will rely on the Globus software.

[To be added:
- French Grid Initiatives - M. Cosnard, INRIA
- Italian Grid projects]

5. Vendor Updates: Industry and GRID

Industry or vendor update track consisted of presentations from companies involved into existing Grid projects and developing technologies related to distributed computing and correspondent infrastructure (underlying technologies, middleware). The most interesting presentations were from Platform Computing, Avaki Corporation, Compaq and Microsoft).

Platform Computing

Platform Computing (, distributed computing startup gave extended presentation on Grid related technologies/developments that they are doing in distributed computing infrastructure. They adhere to the current definition of Grid as transparent secure and coordinated computing resource sharing across geographically disperse sites. The major driver in this development is trend/need to optimise capabilities to enable new types of organisation Virtual Organisation (VO). Based on distributed and collaborative computing VO will benefit from optimisation of computer resources use by utilisation of spare cycles, cost sharing and improving management model.

Ian Baird, presenter from Platform and GFSG member, pointed out on widening commercial acceptance of the Globus Toolkit as emerging standard in Grid computing. Platform is providing installation, configuration and technical support for Globus Toolkit. They are not writing code but providing feedback to Globus team.

Kenichi Miura from Fujitsu Ltd presented about Fujitsu involvement into Super-SINET project in Japan as a vendor for 10 Gbps photonic network for science. Super-SINET project among other specific scientific applications for HEP, Astronomy, Bioinformatics/Genome, Nanotechnology also target general issues in Grid computing. Fujitsu is porting Globus Toolkit to different platforms. He also gave message that global Grid computing strategy needs to address international aspects and particularly Japan HPC infrastructure. NetLaboratory project -


AVAKI ( according to David Fish is more focussed on comprehensive software that brings together computing, data, and application resources from multiple locations, administrative domains, and computing platforms in an environment that is secure and easy to administer.

AVAKI 2.1 Grid Software enables wide-area access to processing power, data, and applications in a single, uniform operating environment. The software provides platform for building

Other features include policy-based configuration and administration, fine-grained security, automatic failure detection and recovery.

They are looking forward to using Web Services for Grid application integration.

Grid application transport network (as in model of National Laboratory Center to University laboratory or corporate Data Center) requires wide geographical reach, high bandwidth, broad service mix and fast provisioning and reliability. New Optical Network technology has a benefit to be built for the Grid.

New Productivity Initiative (NPi)

Ty Rabe, Director High Performance Computing Solutions at Compaq reported to the meeting about customers feedback what they need in HPC:

These problems/tasks are targeted by industry's New Productivity initiative (NPi) which goal is to specify a set of standards for effective interoperability across the Distributed Resource Management (DRM) space.

Compaq Intra-Grid is based on Globus, it runs within Compaq firewall and allows using Globus together with native Cactus tools. Compaq has alliance with Platform Computing and will utilise Platform's GT and Grid Suite.

Compaq participate as vendor in EC funded GridLab Project (, they are also involved into Pittsburgh SCC based project on Terascale computing.

They are exploring a new grid based solution for industry - Computer-Integrated Enterprise.

He mentioned key issues for successful development of Grids: vendor neutral standards and robust stable platform. And as a potential danger were mentioned mission creep, multiple overlapping between standards and plethora of unsupported incompatible solutions and products.

ONI Systems

Another interesting presentation in Industry/Vendors track was from ONI Systems ( about new possibilities provided by optical networking for building communication infrastructure for HPC and Grid applications.

ONI Systems will provide the critical linkage to extend the distance of distributed supercomputer applications and will drive the testing of a prototype TeraGrid distributed facility, which utilizes high-bandwidth connections (such as 10 Gigabit Ethernet, Gigabit Ethernet and OC-192 services) between high-performance computing applications-offering researchers an opportunity to collaborate and push the envelope of networking. The deliver the ONLINE(tm) transport platform that serves as the intelligent metro DWDM backbone.

6. Summary

Proposed an Open Grid Service Architecture (OGSA) supports, via standard interfaces and conventions and using uniform interface definition language, the creation, termination, management, and invocation of stateful, transient services as named, managed entities with dynamic, managed lifetime.

The development of OGSA represents a natural evolution of the Globus Toolkit 2.0. The Globus Toolkit will provide the basis for an open source OGSA implementation.

Moving to XML Web Services definition of Grid services will allow to separate the application layer of Grid services/applications from
the underlying middleware although specific for Grid and better define interface and requirements to network (infrastructure) services
(in terms of provisioning).

Recently proposed Web Services Security architecture will extend and deepen refactoring applications security and generic middleware related to AA(AA) (Authentication, Authorisation and further Accounting and Auditing) by proposing SOAP-message based model of the security context exchange between applications/services as alternative to network/connection dependent SSL/TLS. On other side Web Services Security Architecture will benefits from the Grid Security Architecture (GSI) that provides solutions for cross-domain security by introducing specific SSL/TLS solutions like Proxy Certificates, Impersonations Certificates and others.

WS/OGSA impact on network infrastructure architecture will require and facilitate end-to-end and vertical crosss-layer QoS provisioning. Needs for reliable and consistent transient stateful Grid/Web services management will also cast new requirements to network monitoring (and auditing) infrastructure, and in particular, common network metrics.

Merging the technologies of transient cross-domain services creation and operation, developed in Grids, with the standard uniform interface definition used in Web Services will provide natural/generic basis for further compatibility between currently numerous application oriented Grids by introducing new abstraction layer for the description of the particular Grid service(s) and binding to the specific underlying protocols and processes. Introduction of the uniform interface language for Grid services will facilitate further definition of the OGSA.

Web Services will allow to extend information technologies emergence into wider applications areas, non-IT traditional like medicine, pharmaceutics, machinery, etc., and extend application services offering for inter-enterprise utilities and expertise exchange and integration.

Currently development and runtime environment for Web Services applications is provided by two industry platforms MS Visual Studio .NET and SunOne/J2EE. However, following the successful story of Internet development, it is anticipated that creation and availability of OGSA Open Source software will be an important factor of wide community acceptance and contribution to the Grids development.

7. References

1. Anatomy of Grids -

2. The Physiology of the Grid: An Open Grid Services Architecture for Distributed Systems Integration -

3. Grid Service Specification -

4. Web Services Description Language (WSDL) 1.1. 3C Note 15 March 2001 -

5. Simple Object Access Protocol (SOAP) 1.1. W3C Note 08 May 2000 -

6. Grid Security Infrastructure (GSI) -

7. Overview of the Grid Security Infrastructure -

8. WS-Security specification -

9. Web Services Inspection Language (WS-Inspection) 1.0 -

10. WS-Inspection -

11. UDDI Technical White Paper -

12. Towards Globus Toolkit 3.0: Open Grid Services Architecture -

13. The Globus Toolkits -

14. W3C Web Services activity -

15. Web Services Description Working Group -

16. XML Web Services webpage at Microsoft's MSDN website -

17. IBM's developerWorks web site

18. Global XML Web Services Architecture -

19. XML Web Services Basics -

20. WS-Inspection specification index -

21. Security in a Web Services World: A Proposed Architecture and Roadmap -

22. Web Services Security (WS-Security). Version 1.0, April 5, 2002 -

23. Press Release -

24. WS-Routing specification -

25. WS-Referral specification -

26. Web Service Experience Language (WSXL) Version 2. IBM Note 10 April 2002 -

27. UDDI Specifications -

28. Using WSDL in a UDDI Registry 1.05 -

29. OGSI WG webpage -

30. WS Interoperability Consortium -

31. WSUI - Web Services User Interface -

32. Writing GSI enabled Web Services -

33. Overview of the Grid Security Infrastructure -

34. Internet X.509 Public Key Infrastructure Proxy Certificate Profile -

35. PERMIS project (Privilege and Role Management Infrastructure Standards Validation) -

Appendix A. Global Grid Forum (GGF) overview

The GGF has been created out of a merger of the US based Grid Forum and the European Grid Forum (

The GGF roles are:

The GGF goals/objectives: The GGF activity is conducted via Working Groups (WG) and Research Groups (RG) which are organised into Areas. GGF has 6 areas that contain 19 WGs and 9 RGs. External liaisons include official liaisons with IETF/IRTF, Internet2, NPI, and PtPWG
Area Working Groups Research Groups
Grid Information Services Grid Object Specification (GOS)
Grid Notification Framework (GNF)
Metacomputing Directory Services (MDS)
Relational Database Information Services (RDIS)
Security Grid Security Infrastructure (GSI)
Grid Certificate Policy (GCP)
Scheduling and Resource Management Advanced Reservation
Scheduling Dictionary
Scheduler Attributes
Performance Grid Monitoring Architecture
Network Monitoring
Architecture JINI
Grid Protocol Architecture (GPA)
Accounting Models (ACCT)
Data GridFTP Data Replication
Persistent Archives
Applications, Programming Models & Environments   Applications & Test beds (APPS)
Grid User Services (GUS)
Grid Computing Environments (GCE)
Advanced Programming Models (APM)
Advanced Collaborative Environments (ACE)

GGF WG and RG organisation is modelled after IETF and IRTF (RFC 2418 and RFC 2014).

Each of these working groups has its own web pages and email distribution list for discussion. The instructions for self-subscription (via majordomo) can be found by following the links under Getting Involved, Discussion Groups from the Grid Forum home page.

GFSG: Steering Group Members:
Charlie Catlett (ANL) [Chair] European representatives
  Peter Clarke (UCL/UK) 
US members Cees de Laat (UVA/NL)
Ian Foster (ANL/UC) Jarek Nabrzyski (PSNC)
Marty Humphrey (UVa)  
Bill Johnston (LBL)  Industry
Domenico LaForenza (CNUCE) Ian Baird (NPI) 
Satoshi Matsuoka (TIT) Andrew Chien (Entropia)
Jenny Schopf (ANL) Andrew Grimshaw (Avaki)
Steve Tuecke (ANL) Jeff Nick (IBM)
Satoshi Sekiguchi (ETL) Bill Nitzberg (Veridian)
Ken Klingenstein (Internet2)   

GFAC Members
Paul Messina (Caltech) [chair] European representatives
  Tony Hey (UK) 
US representatives Kyriakos Baxevanidis (EU/CEC) 
Frederica Darema (US NSF) Fabrizio Gagliardi (CERN)
Bill Feiereisen (LANL) Alexander Reinefeld (ZIB)
John Hurley (CAU) International
Mary Anne Scott (US DOE) Sangsan Lee (KISTI)
Rick Stevens (ANL) Yoichi Muraoka (Waseda Univ)
  Irving Wladawsky-Berger (IBM)


Appendix B. An Open Grid Services Architecture - Overview

B.1 Background: Web Services (WS) and Global XML Web Services Architecture (GXA)

a) Web services basics

XML Web services provide basic technology for OGSA. Grid technologies can capitalize on desirable Web services properties, such as service description and discovery; automatic generation of client and server code from service descriptions; binding of service descriptions to interoperable network protocols; compatibility with emerging higher-level open standards, services and tools; and broad commercial support.

The term Web services describes an important emerging distributed computing paradigm that differs from other approaches such as DCE, CORBA, and Java RMI in its focus on simple, Internet-based standards (e.g., XML, SOAP, etc.) to address heterogeneous distributed computing. Web services define a technique for describing software components to be accessed, methods for accessing these components, and discovery methods that enable the identification of relevant service providers. Web services are programming language-, programming model-, and system software-neutral.

Web services standards are being defined within the W3C and other standards bodies and form the basis for major new industry initiatives such as Microsoft (.NET), IBM (Dynamic e-Business), and Sun (SunONE/J2EE). Thee standards: SOAP, WSDL, and WS-Inspection, - are creating initial basis for the Web services.

The Simple Object Access Protocol (SOAP) [5] provides a means of messaging between a service provider and a service requestor. SOAP is a simple enveloping mechanism for XML payloads that defines a remote procedure call (RPC) convention and a messaging convention. SOAP is independent of the underlying transport protocol; SOAP payloads can be carried on HTTP, FTP, Java Messaging Service (JMS), and some others.

The Web Services Description Language (WSDL) [4] is an XML based language for describing Web services as a set of endpoints operating on messages containing either document-oriented (messaging) or RPC payloads. Service interfaces are defined abstractly in terms of message structures and sequences of simple message exchanges (or operations, in WSDL terminology) and then bound to a concrete network protocol and data-encoding format to define an endpoint. Related concrete endpoints are bundled to define abstract endpoints (services). WSDL is extensible to allow description of endpoints and the concrete representation of their messages for a variety of different message formats and network protocols. Several standardized binding conventions are defined describing how to use WSDL in conjunction with SOAP 1.1, HTTP GET/POST, and MIME.

WS/GXA use WSDL to achieve self-describing, discoverable services and interoperable protocols, with extensions to support multiple coordinated interfaces and change management.

WS-Inspection [10] comprises a simple XML language and related conventions for locating service descriptions published by a service provider. A WS-Inspection language (WSIL) document can contain a collection of service descriptions and links to other sources of service descriptions. A service description is usually a URL to a WSDL document; occasionally, a service description can be a reference to an entry within a Universal Description, Discovery, and Integration (UDDI) [11] registry. A link is usually a URL to another WS-Inspection document; occasionally, a link is a reference to a UDDI entry.

b) Future Global XML Web Services Architecture

The Global XML Web Services Architecture is the framework for the future of XML Web services.

The architecture is divided into three conceptual layers: SOAP, SOAP modules, and infrastructure protocols.

SOAP is a lightweight, extensible, XML-based protocol for information exchange in a decentralized, distributed environment. Primarily, SOAP defines a framework for message structure and a message processing model. SOAP also defines a set of encoding rules for serializing data and a convention for making remote procedure calls. The SOAP extensibility model provides the foundation for a wide range of composable modules and protocols running over a variety of underlying protocols such as HTTP.

The functions provided by the SOAP modules are consistently available and consistently expressed. This generality, breadth and uniformity allow a wide range of services to take advantage of XML Web services-enabled network infrastructure such as routers, switches, proxies, caches, and firewalls.

Infrastructure protocols build on SOAP modules to provide end-to-end functionality. Protocols at this layer tend to have semantically-rich finite state machines as part of their definition. They maintain state across a sequence of messages and may aggregate the effect of many messages to achieve a higher-level result. Example infrastructure protocols include reliable messaging and transactions.

Global XML Web Services Architecture includes the four specifications: WS-Security (and related specifications WS-Policy, WS-Trust, WS-Privacy, WS-SecureConversation, WS-Federation, WS-Authorization), WS-Routing and WS-Referral build on the SOAP family of XML interoperability technologies.

Note. Before publishing new WS- Security roadmap and specifications, Microsoft's GXA comprised of two specifications WS-Security and WS-License, which are currently superseded by new WS-Security specification and related specifications as described below.

c) GXA Security

Organizations building and managing secure XML Web services need to ensure that only authorized parties are allowed to use the XML Web services and that the SOAP messages sent and received by the XML Web services can only be modified or viewed by appropriate parties. These secure XML Web services typically operate in heterogeneous environments that span multiple authentication technologies and trust domains; consequently the underlying XML Web service security protocols must be very flexible.

Two recently published documents provide roadmap and basics for the WS-Security:

1) Security in a Web Services World: A Proposed Architecture and Roadmap -

This document presents a broad set of specifications that cover security technologies including authentication, authorization, privacy, trust, integrity, confidentiality, secure communications channels, federation, delegation and auditing across a wide spectrum of application and business topologies. These specifications provide a framework that is extensible, flexible, and maximizes existing investments in security infrastructure.

Initial set of specifications will include a message security model (WS-Security) that provides the basis for the other security specifications. Layered on this, a policy layer includes a Web service endpoint policy (WS-Policy), a trust model (WS-Trust), and a privacy model (WS-Privacy). Together these initial specifications provide the foundation upon which we can work to establish secure interoperable Web services across trust domains.

Follow-on specifications for federated security that will include: The specifications build upon foundational technologies such as SOAP, WSDL, XML Digital Signatures, XML Encryption and SSL/TLS.

The document describes a number of scenarios that illustrate which it intends to solve and how the architecture and specifications will evolve. Some scenarios of interest describe solutions for the purposes of Authentication, Authorisation, establishing and maintaining Trust relations, enabling Federations, Delegation, Access control, etc.

2) WS-Security specification -

WS-Security describes how to use the existing W3C security specifications, XML Signature and XML Encryption, to ensure the integrity and confidentiality of SOAP messages, and how to use different types of credentials (e.g., X.509 Certificates or Kerberos tickets) for single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies.

WS-Security also provides a general-purpose mechanism for associating security tokens with messages. Additionally, WS-Security describes how to encode binary security tokens. Specifically, the specification describes how to encode X.509 certificates and Kerberos tickets as well as how to include opaque encrypted keys. It also includes extensibility mechanisms that can be used to further describe the characteristics of the credentials that are included with a message.

The Web Services Security Language must support a wide variety of security models. The following list identifies the key driving requirements for the specification:

Message Security Model is specified in terms of security tokens combined with digital signatures as proof of possession of the security token (key).

Security tokens assert claims and signatures provide a mechanism for proving the sender's knowledge of the key. As well, the signature can be used to "bind" or "associate" the signature with the claims in the security token (assuming the token is trusted). A claim can be either endorsed or unendorsed by a trusted authority.

One special type of unendorsed claim is Proof-of-Possession. Such a claim proves that the sender has a particular piece of knowledge that is verifiable by, appropriate actors. For example, a username/password is a security token with this type of claim. A Proof-of-Possession claim is sometimes combined with other security tokens to prove the claims of the sender. Note that a digital signature used for message integrity can also be used as a Proof-of-Possession claim.

Protecting the message content from being intercepted (confidentiality) or illegally modified (integrity) are primary security concerns. This specification provides a means to protect a message by encrypting and/or digitally signing a body, a header, an attachment, or any combination of them (or parts of them).

d) GXA Routing

As SOAP messaging evolves into a general-purpose Global XML Web Services Architecture there must be a means of addressing and transmitting SOAP messages over various types of communications systems. This enables a wide range of communication patterns such as peer-to-peer or store-and-forward networking. It also allows messages to be efficiently vectored to distributed processing nodes.

These features are supported by the following specifications:

Because WS-Security, WS-License, WS-Routing, and WS-Referral are modular, they can be used together. For example, WS-Security describes how to digitally sign SOAP messages that use a WS-Routing header. Each of these specifications provides extension and composition mechanisms that enable future Global XML Web Services Architecture specifications to be incorporated into a complete solution.

e) Future GXA development

Interactions across organizations have many opportunities for failure ranging from transmission errors to incompatible or unavailable business processes. Reliable Messaging and Transactions allow the builders of XML Web services to manage the scope and effect of failures.

Reliable Messaging must provide the following basic functionality in delivering messages: e2e messaging, two party sessions, delivery exactly one message.

XML Web services need to operate reliably over intranets and the public Internet, over transport protocols that are not completely reliable. Reliable messaging addresses issues arising from transmission errors. This SOAP-level reliable messaging protocol provides delivery guarantees isolating application processes from the detailed handling of transmission failure and its recovery, allowing a developer to concentrate on automating a process with a much-simplified error handling model. In the exchange of messages, individually or as part of a long-running process, communicating parties will be able to obtain end-to-end delivery guarantees so that messages will not be lost, duplicated or delivered in the wrong order.

Transactions must provide functionality for enabling transient services and processes running for hours and days and capable to redefine resources and utility services.

Transactions address the possibility of business-level inability to complete a process. Transactions allow multiple parties involved in a process to arrive at a consistent final outcome (or discover that this is not possible). Existing two-phase commit protocols are appropriate in some circumstances. Also needed are more loosely-coupled techniques, such as exceptions and compensation, which enable a broader range of transactions to be automated across trust boundaries. Developers will have powerful process-modelling languages to express the patterns of messages exchanged between XML Web services, the interactions of those messages, and the business processes they reflect, including both normal and exceptional conditions.

Reliable messaging and transactions represent important challenges that companies face today when developing advanced XML Web services across trust boundaries. The Global XML Web Services Architecture provides the flexibility to develop such additional capabilities and the structure to implement and deploy them.

f) Web Services limitations and future development

Major Web services limitation is seen in the initial orientation of WS technology on single domain distributed architecture based on enterprise VPN running behind firewalls. Another limitation of current WS platforms is not allowing dynamic resources subscription, as in case of Utility computing.

Overcome of these limitations is seen in adopting necessary functionality and concept recently having been developed in Grid computing. This is the point of "god-blessed marriage" of Web services and Grids in an Open Grid Services Architecture.

B.2 The OGSA basics

a) Service Orientation and Virtualization

In OGSA all Grid network resources and services (e.g., computational resources, storage resources, networks, programs, databases, etc.) are represented as services.

A service-oriented view allows addressing the need for standard interface definition mechanisms, local/remote transparency, adaptation to local OS services, and uniform service semantics. A service-oriented view also simplifies virtualization - that is, the encapsulation behind a common interface of diverse implementations.

Virtualization allows for consistent resource access across multiple heterogeneous platforms with local or remote location transparency, and enables mapping of multiple logical resource instances onto the same physical resource and management of resources within a VO based on composition from lower-level resources. Virtualization allows the composition of services to form more sophisticated services - without regarding for how the services being composed are implemented. Virtualization of Grid services also underpins the ability to map common service semantic behavior seamlessly onto native platform facilities.

Virtualization is easier if service functions can be expressed in a standard form like WSDL, so that any implementation of a service is invoked in the same manner. WSDL allows for multiple bindings for a single interface, including distributed communication protocol(s ).

b) The OGSA GridService definition

OGSA extends WS/GXA with new Grid service that provides a set of well-defined interfaces and that follows specific conventions. The interfaces address discovery, dynamic service creation, lifetime management, notification, and manageability; the conventions address naming and upgradeability. Other issues to be addressed as OGSA evolves include authorization and concurrency control. Two other important issues, authentication and reliable invocation, are viewed as service protocol bindings and are thus external to the core OGSA definition. This separation of concerns increases the generality of the architecture without compromising functionality.

The interfaces and conventions that define a Grid service are concerned, in particular, with behaviors related to the management of transient service instances. VO participants typically maintain not merely a static set of persistent services that handle complex activity requests from clients. They often need to instantiate new transient service instances dynamically, which then handle the management and interactions associated with the state of particular requested activities. When the activity's state is no longer needed, the service can be destroyed.

The interfaces (in WSDL terms, portTypes) that define a Grid service are listed in Table 1, detailed description can be found in [2, 3]. Note that while OGSA defines a variety of behaviors and associated interfaces, all but one of these interfaces GridService are optional.

Table 1. Proposed OGSA Grid service interfaces (defined as PortType in Web services)
PortType  Operation  Description
GridService FindServiceData  Query a variety of information about the Grid service instance, including basic introspection information (handle, reference, primary key, home handleMap: terms to be defined), richer per-interface information, and service-specific information (e.g., service instances known to a registry). Extensible support for various query languages.
SetTerminationTime  Set (and get) termination time for Grid service instance
Destroy  Terminate Grid service instance
Notification-Source SubscribeTo-NotificationTopic  Subscribe to notifications of service-related events, based on message type and interest statement. Allows for delivery via third party messaging services.
UnSubscribeTo-NotificationTopic  Unsubscribe
Notification-Sink  DeliverNotification  Carry out asynchronous delivery of notification messages
Registry RegisterService  Conduct soft-state registration of Grid service handles 
UnregisterService  Deregister a Grid service handle
Factory  CreateService  Create new Grid service instance
PrimaryKey FindByPrimaryKey  Return a Grid Service Handle for the Grid service instance created with the specified key
DestroyByPrimary- Key Destroy the Grid service instance created with the specified key
HandleMap  FindByHandle  Return Grid Service Reference currently associated with supplied Grid Service Handle

Note. Interfaces for authorization, policy management, manageability, and likely other purposes remain to be defined.

c) The OGSA Service Model

A basic premise of OGSA is that everything is represented by a service: a network enabled entity that provides some capability through the exchange of messages. This adoption of a uniform service-oriented model means that all components of the environment are virtual.

Grid services are characterized (typed) by the capabilities that they offer. A Grid service implements one or more interfaces, where each interface defines a set of operations that are invoked by exchanging a defined sequence of messages. Grid service interfaces correspond to portTypes in WSDL. The set of portTypes supported by a Grid service, along with some additional information relating to versioning, are specified in the Grid service's serviceType, a WSDL extensibility element defined by OGSA.

Grid services can maintain internal state for the lifetime of the service. The existence of state distinguishes one instance of a service from another that provides the same interface. The term Grid service instance is used to refer to a particular instantiation of a Grid service.

The protocol binding associated with a service interface can define a delivery semantics that addresses, for example, reliability. Services interact with one another by the exchange of messages. In distributed systems prone to component failure, however, one can never guarantee that a message that is sent has been delivered. The existence of internal state can make it important to be able to guarantee that a service has received a message once or not at all, even if failure recovery mechanisms such as retry are in use. In such situations, the protocol that guarantees exactly-once delivery or some similar semantics is necessary. Another frequently desirable protocol binding behavior is mutual authentication during communication.

OGSA services can be created and destroyed dynamically. Services may be destroyed explicitly, or may be destroyed or become inaccessible as a result of some system failure such as operating system crash or network partition. Interfaces are defined for managing service lifetime.

Because Grid services are dynamic and stateful, dynamically created service instances must be distinguished one from another. For this purpose, every Grid service instance is assigned a globally unique name, the Grid service handle (GSH), that distinguishes a specific Grid service instance from all other Grid service instances that have existed, exist now, or will exist in the future. (If a Grid service fails and is restarted in such a way that it preserves its state, then it is essentially the same instance, and the same GSH can be used.)

Grid services may be upgraded during their lifetime, for example to support new protocol versions or to add alternative protocols. Thus, the GSH carries no protocol- or instance-specific information such as network address and supported protocol bindings. Instead, this information is encapsulated, along with all other instance-specific information required to interact with a specific service instance, into a single abstraction called a Grid service reference (GSR). Unlike a GSH, which is invariant, the GSR(s) for a Grid service instance can change over that service's lifetime. Each GSR has an explicit expiration time, and OGSA defines mapping mechanisms for obtaining an updated GSR. Mapping is provided by Mapper invocating HandleMap GridService interface.

d) Creating Transient Services: Factories

OGSA defines a class of Grid services that implement an interface that creates new Grid service instances. It is called the Factory interface and a service that implements this interface a factory. The Factory interface's CreateService operation creates a requested Grid service and returns the GSH and initial GSR for the new service instance.

The Factory interface does not specify how the service instance is created. The hosting environment may define how services are implemented (e.g., language), but this is transparent to service requestors in OGSA, which see only the factory interface. Alternatively, one can construct "higher-level" factories that create services by delegating the request to other factory services.

e) Using OGSA Mechanisms to Build VO Structures

Applications and users must be able to create transient services and to discover and determine the properties of available services. The OGSA Factory, Registry, GridService, and HandleMap interfaces support the creation of transient service instances and the discovery and characterization of the service instances associated with a VO.

These interfaces can be used to construct a variety of VO service structures:

B.3 Grid Security Infrastructure (GSI) as a component of OGSA transport layer

At current stage of OGSA and XML Web Services development, WS-Security cannot provide full functionality in securing (transient) Grid services.

Grid Security Infrastructure that is generically was built for providing multidomain and dynamic security relations for (computational) tasks/processes can provide workable solutions [32]. It is the most probable that in the near future WS-Security will incorporate all necessary functionality from GSI.

The PKI-based Grid Security Infrastructure (GSI) protocol provides single sign-on authentication, communication protection, and some initial support for restricted delegation [33]. In brief, single sign-on allows a user to authenticate once and thus create a proxy credential that a program can use to authenticate with any remote service on the user's behalf. Delegation allows for the creation and communication to a remote service of delegated proxy credentials that the remote service can use to act on the user's behalf, perhaps with various restrictions; this capability is important for nested operations.

GSI uses X.509 certificates, a widely employed standard for PKI certificates, as the basis for user authentication. GSI defines an X.509 proxy certificate to leverage X.509 for support of single sign-on and delegation [34]. (This proxy certificate is similar in concept to a Kerberos forwardable ticket but is based purely on public key cryptographic techniques.) GSI typically uses the Transport Layer Security (TLS) protocol (the follow-on to SSL) for authentication, although other public key-based authentication protocols could be used with X.509 proxy certificates. A remote delegation protocol of X.509 proxy certificates is layered on top of TLS.

Rich support for restricted delegation has been demonstrated in prototypes and is a critical part of the proposed X.509 Proxy Certificate Profile. Restricted delegation allows one entity to delegate just a subset of its total privileges to another entity. Such restriction is important to reduce the adverse effects of either intentional or accidental misuse of the delegated credential.

Another workable solution that have chance to be adopted by Grid community is use of X.509 Attribute Certificates for role-based authorization and access management. This solution is being developed in the frame of PERMIS project (Privilege and Role Management Infrastructure Standards Validation - [35].