iSGTW - International Science Grid This Week
iSGTW - International Science Grid This Week

Home > iSGTW 23 September 2009 > Feature - Project develops new standards for sharing between grids

Project develops new standards for sharing between grids

Authorization Interoperability Project members , left to right, Oscar Koeroo (NIKHEF), Gabriele Garzoglio (Fermi National Accelerator Lab), and Frank Siebenlist (Argonne National Laboratory). Photo courtesy Open Science Grid.

Although the Grid is all about resource sharing, the software that governs individual grids has not always been capable of interacting well. The Grid Authorization Interoperability Project has created a new standard that could change that.

Grids make their computational and storage resources available online for use by others through software known as gateway middleware. To access a grid, a user presents her credentials—certification that she has rights to access that grid’s resources—to a resource gateway. The gateway in turn talks to an authorization system, local to the grid the user is accessing, in order to assign the appropriate privileges to the user.

Most grids have independently developed their own system for allowing users access. That means that their resource gateways are not compatible. To share software or computational resources, their gateway middleware will need to be rewritten. But what if two grids go through this process, and then want to talk to a third grid with yet another gateway middleware system?

The idea for the Interoperability Project began a few years ago from white board drawings during various meetings in Amsterdam. “We were all trying to figure it out. We had these tools that made resources available over the grid and made the authorization decisions,” said Oscar Koeroo, a security middleware developer at Nikhef, the National Institute for Subatomic Physics in the Netherlands. “By drawing how each of the grids worked and had implemented their middleware, we saw ways to expand upon what each group could do with each others’ middleware.”

Around October 2007, the European Grid for E-sciencE, Open Science Grid, and Globus came together to agree on a common protocol for resource gateways to talk to authorization systems.

First, a common language to express authorization information and common sets of attributes (i.e. to express user identity) were agreed upon. Then a library implementing the protocol was developed. All this provided the fundamental blocks necessary to create an interoperable authorization infrastructure.

Layout of the interoperable components. The combination of middleware components, libraries, and frameworks that implement the interoperabilityprotocol and are able to call-out for a an authorization decision to an authorization service. Image courtesy of Oscar Koeroo, NIKHEF. (Click for larger image).

"By speaking the same language, we no longer needed separate implementations of libraries for authorization,” said Gabriele Garzoglio, a leader in the Interoperability Project who is based at Fermi National Accelerator Laboratoy. “We could now share functionalities between Globus, OSG, and EGEE, basing our software on a common code base.”

The Interoperability Project provides several benefits, including the ability to seamlessly deploy programs written for one grid on a different grid.

“In the end, you have more freedom of choice on what solution you can install,” said Koeroo. “After this project, middleware isn’t bound to be installed on the grid infrastructure it was initially developed for. For example, in the case of dCache, parts were made by Brookhaven and others by Fermilab, and they were adjusted to work with any grid authorization system.”

Another advantage of the new standards developed by the project is the ease with which users can now deploy software out of the box on a functioning grid; out of box software will naturally interface with the authorization system. Finally, maintenance for the standard set of libraries the project group developed can be shared, reducing costs.

Earlier work with OASIS’ XACML Technical Committee set the standards for the common authorization language the Grid Authorization Interoperability Project used. Frank Siebenlist, a project member who also worked on the XACML Technical Committee, said, “We should all pat ourselves on the back. It just doesn’t happen too often that different entities work so well together.”

What next? A number of grids are working to integrate the new standards with their authorization system, according to Garzoglio. Meanwhile, the Open Grid Forum’s own working group on authorization, which includes three people who worked on the Grid Authorization Interoperability Project, is working on developing a broader standard. “We have now come up with a standard that can be reused by the authorization working group at OGF as a working example of a way to handle authorization,” explained Garzoglio. The hope is that OGF will adopt or build on the Project’s standard.

A version of this story originally appeared in the August Open Science Grid technology highlights.

Jen Nahn, with files from Miriam Boon


 iSGTW 22 December 2010

Feature – Army of Women allies with CaBIG for online longitudinal studies

Special Announcement - iSGTW on Holiday

Video of the Week - Learn about LiDAR


NeHC launches social media

PRACE announces third Tier-0 machine

iRODS 2011 User Group Meeting

Jobs in distributed computing


Enter your email address to subscribe to iSGTW.


 iSGTW Blog Watch

Keep up with the grid’s blogosphere

 Mark your calendar

December 2010

13-18, AGU Fall Meeting

14-16, UCC 2010

17, ICETI 2011 and ICSIT 2011

24, Abstract Submission deadline, EGI User Forum


January 2011

11, HPCS 2011 Submission Deadline

11, SPCloud 2011

22, ALENEX11

30 Jan – 3 Feb, ESCC/Internet2


February 2011

1 - 4, GlobusWorld '11

2, Lift 11

15 - 16, Cloudscape III

More calendar items . . .


FooterINFSOMEuropean CommissionDepartment of EnergyNational¬†Science¬†Foundation RSSHeadlines | Site Map