[phpwiki]
The Internet2 2006 Fall Member Meeting was held in Chicago, Illinois from Monday December 4th through Thursday December 7th. I attended the meeting to participate in a SURAgrid presentation and demonstration of applications running on SURAgrid, including the UABgrid BLAST application which leverages DynamicBLAST to distribute gene sequence queries across grid resources. I also participated in a meeting to discuss next steps for the continuing myVocs and GridShib integration efforts and project updates.
SURAgrid is a collaborative effort to build a production grid computing environment leveraging existing infrastructure and applications.
myVocs is a project to build an integrated collection of middleware components to simplify the exploration and construction of federated systems. myVocs emerged as a result of [NSF ANI-0330543|http://www.nsf.gov/awardsearch/showAward.do?AwardNumber=0330543] and continues as community supported project.
GridShib is an on-going effort of NCSA and the University of Chicago to build interconnects between Shibboleth and Globus-based grid authentication and authorization systems.
I attended the meeting with Enis Afgan a PhD candidate in the department of Computer and Information Sciences. Enis is the developer of DynamicBLAST and participated in the SURAgrid demonstration of this meta-scheduler for BLAST and its operation on UABgrid and SURAgrid resources.
This meeting lead to specific progress points for UABgrid by: solidifying our deployment of BLAST on SURAgrid; providing an opportunity for in-person discussions and share application deployment goals with SURAgrid collaborators; and providing a development platform for UABgrid applications. It was also generally useful for maintaining contact with the developers and development direction of Shibboleth, Grouper, Signet and other key Internet2 middleware initiatives. As usual, the sessions provided valuable insights into the IT initiatives of institutions around the country and globe.
This summary covers my participation and experiences. The following sections address specific areas:
* The SURAgrid presentation and demo
* The myVocs and GridShib meeting
* The sessions and topics of interest
SURAgrid Application Demo
-------------------------
We participated in a demo at Internet2 in conjunction with other SURAgrid collaborators from UNC/Renci, NCSU, ODU and GSU.
http://events.internet2.edu/2006/fall-mm/demos.html#sura
The demonstrations were well received and offered an ideal opportunity for all of us to learn more about the applications being deployed on SURAgrid and how we can continue leverage each others experiences moving applications to a grid environment.
I spent time talking with Howard Lander from Renci about the user interface and job management for ADCIRC. They leverage GridSphere (a web-based grid application framework) as a UI foundation. They have also developed an nice set of status and performance monitoring data sets to collect data on the job submit performance of resources that run their job, ie. actual and estimated times to accept connections, stage data, and run jobs. They are interested in compiling reports to help application and
resource owners gauge performance of the systems but haven't done so yet. We discussed the potential to use Jasper Reports for this step.
Sarat Sreepathi (NCSU) and Howard (Renci) also expressed interest in Enis's use of GridWay to distribute BLAST jobs in DynamicBLAST and saw potential advantages for using this approach within their own applications.
The overall impression from our demo experience was that we are entering a new phase of SURAgrid maturation. Having established a simple framework for application and resource discovery and providing introductions between collaborators, we are now starting to see the benefits of collaborating at the application hosting level. We don't need to go through the pain of distributing applications across a grid environment in isolation. We can and should benefit from each others experiences. Additionaly, by moving applications onto SURAgrid we not only gain access to additional computational resources but also increase the reliability and reach of our applications.
In many ways, this reflects the general collaboration experience of SURAgrid and is where SURAgrid provides the greatest value. Building a grid environment doesn't happen overnight, but by consistent effort around a central theme of collaboration, the infrastructure emerges and matures.
The second component of our SURAgrid Application Demo was a presentation on Wednesday morning. Mary Fran Yafchek gave an overview of the SURAgrid effort and the current funding and organizational status. Art Vandenberg discussed GSU's Genome Alignment application and the efficiencies they have observed leveraging grid technologies. Mahantesh Halappanavar gave an overview BioSim a Bio-electric Simulator application developed at ODU and the potential gains of grid computing to provide computational resource. I gave an overview of the work we have done to leverage grid computing resources and UAB Identity Management to run BLAST searches, the operation of DynamicBLAST, and our continued development plans. The slides for this presentation as well as a netcast are available from the program summary page.
http://events.internet2.edu/2006/fall-mm/sessionDetails.cfm?session=2899&event=258
myVocs and GridShib Next Steps
------------------------------
In collaboration with Von Welch and Tom Scavo from NCSA, I hosted a special interest group meeting to discuss next steps for myVocs and GridShib and further integration efforts of these projects. The slides from this sessions are available from:
http://events.internet2.edu/2006/fall-mm/sessionDetails.cfm?session=2979&event=258
During this meeting I announced the availability of myVocs-box, a virtual machine based platform of integrated application and middleware components. myVocs-box includes a working, stand-alone
Shibboleth identity provider and service provider and a set of popular collaboration applications integrated into a consistent identity and authorization framework. This is a follow-on effort to an NSF funded project to explore integration of open-source tools and emerging middleware
infrastructure for building federated systems environments. myVocs-box is intended to provide a downloadable environment to explore and construct federated systems. Most of my presentation involved demonstrating the features and operation of myVocs-box.
Von Welch and Tom Scavo then presented an overview of on-going requirements analysis and software development efforts to address a variety of grid portal scenarios. Many of these scenarios included solutions for how established portal environments can leverage GridShib components (current and emerging) to export SAML assertions to Globus-based grid resources. There are many on-line research communities and efforts that have an established identity infrastructure that do not use a Shibboleth-based federated identity management framework. The GridShib project is developing software components that can be integrated with these portals to enable the use of Shibboleth software components outside browser-based interfaces, eg. issuing SAML assertions from the from the back-end of existing portal platforms. These are very interesting tools and merit continued attention and exploration, as they have the potential to extend SAML dialogs to many environments. Their presentation included updates on their development roadmap, with many of these components expected in the March.
From a systems perspective, these portals can be viewed as stand-alone system environments. The goal of the GridShib components is to allow their system attribute store (eg. identity and groups) to be shared with 3rd-party systems like Globus computation platforms. Leveraging SAML and other components from Shibboleth will support constructing larger, federated systems on an integration foundation that enforces the trust policies of the underlying systems.
Sessions of Interest
--------------------
In addition to my participation, I attended several sessions on a variety of topics. The main down side of the meeting was that there were many sessions I couldn't attend due to conflicts with other sessions and participation requirements. What follows is is a brief summary of some of these
sessions and links to presentation materials.
Monday 12/4:
* Grid-Campus Integraton BoF
This was an interesting dialog on the major requirements for leveraging campus identity management infrastructure for the TeraGrid and Open Science Grid. This BoF helped identity the major requirements and laid the ground work for a testbed implementation of this approach. This work will be important for us to monitor and comment on as we continue the development of UABgrid and extend access to TeraGrid and OSG resource leveraging campus identities. Ensuring that our grid infrastructure remains compatible with these approaches will be key to facilitating research collaborations by simplifying access for the UAB community to this computational resource networks.
http://events.internet2.edu/2006/fall-mm/sessionDetails.cfm?session=2966&event=258
Tuesday 12/5:
* MACE and Internet2 Middlware: How We Work and Where We Are Going
This looks like a very interesting presentation based on the participants, specifically Kim Cameron who is the architect of Metadirectory and Active Directory at Microsoft. Kim maintains an Blog at
http://www.identityblog.com/ that covers many aspects of the "Identity 2.0" movement and Microsoft's involvement in various efforts. Eve Maler's is an XML Standards Architect as SUN and heavily involved in the SAML space. Bob Morgan is an leader of MACE and leading figure of the Internet2 middleware activities. While the session presentations are not yet posted (as of 12/26), you can check the session link for updates.
http://events.internet2.edu/2006/fall-mm/sessionDetails.cfm?session=2868&event=258
I'm also very interested in any blogs that occurred from this session and I'll happily include links here as I come across them.
* New Internet2 Network Presentation
Steve Cotter, the Director of the Internet2 network gave an overview of it's new operation. There are several interesting developments in light of the failed merger between NLR and Internet2 this past summer. This presentation covers the subsequent update in direction for Internet2. The basic thrust of the new network design is to support a hybrid configuration that supports end-to-end provisioning of connections for both research an production needs. It seems to be influenced by the existing service
offerings of regional optical networks. This presentation doesn't directly answer the question of why one should choose Internet2's new network offering over other regional optical networks. The implication might be that their network is on a national rather than regional scale. It's also not
clear how you would connect to the network. It seems reasonable that one might use regional networks to access the national network. Their level one diagram on slide 12 offers some suggestion that this is the thinking, since it displays the Atlanta-Birmingham-Nashville SLR link. It's my understanding the Level3 provides this infrastructure for SLR and from the presentation is also a supplier for Internet2. This presentation is available as a netcast archive and would be well worth reviewing to understand Internet2's service offering.
http://events.internet2.edu/2006/fall-mm/sessionDetails.cfm?session=2884&event=258
There is a related session that discussions connecting to the network and may help to answer some questions regarding the roles and services offered.
http://events.internet2.edu/2006/fall-mm/sessionDetails.cfm?session=2988&event=258
* RADIUS and SAML Integration
An interesting presentation was given on current efforts to leverage SAML for network access control. The efforts of several European initiatives for roaming access were presented. These efforts are well worth learning about as SAML is leveraged more and more to bridge the gaps between systems and their authentication and authorization infrastructure.
http://events.internet2.edu/2006/fall-mm/sessionDetails.cfm?session=2906&event=258
* Middleware Support for Virtual Organizations
In the context of grid systems, middleware is the key that ties distinct systems together. This session covered requirements and solutions for these environments. An overview of caBIG was given by Steve
Langella. This is a good presentation to review for a high level introduction for this expansive project. Neil Witheridge, also discussed the IAM suite from MAMs
http://events.internet2.edu/2006/fall-mm/sessionDetails.cfm?session=2866&event=258
Neil also had a seperate presentation, Wednesday 12/6, on the IAM suite which is simlar to myVocs. I'm trying to get a hold of his presentation materials as they haven't been posted to the session page
http://events.internet2.edu/2006/fall-mm/sessionDetails.cfm?session=2873&event=258
For now an overview of the MAMS deliverables including the IAM Suite from GGF18 will be helpful:
[https://mams.melcoe.mq.edu.au/zope/mams/kb/all/20061009 Erik Vullings - IDEA presentation.ppt|https://mams.melcoe.mq.edu.au/zope/mams/kb/all/20061009 Erik Vullings - IDEA presentation.ppt]
Wednesday 12/6:
The presentations of interest on Wednesday were listed as follow-on's to Tuesday's presentations above.
Thursday 12/7:
* Federations 101: A Case Study in Implementing Federations
This was a very good overview on what it takes to implement a federation. One of the key aspects of federation building is to understand the desired end-goal of the federation. Is it to facilitate peer-to-peer trusts, similar to the approach of InCommon, or is it designed to define a strict relationships between participants. A key aspect of federations and Shibboleth was highlighted: Shibboleth is a
technological solution for enforcing information policies. This is a key aspect of any deployment. One needn't concentrate on the Shibboleth elements. The real concern is that the data trust policies are enforced. Shibboleth is a powerful tool for enforcing these policies. All presentations in this session are worth review.
http://events.internet2.edu/2006/fall-mm/sessionDetails.cfm?session=2900&event=258
It's worth appreciating that federations are a way of defining distinct system boundaries based on policy requirements. As we further develop information sharing policies at UAB we can leverage the concept of federation as a tool for defining a variety of "system types" the reflect the level of access different types of applications have to central data. The analogy of layers of an onion to the system security layers is helpful. Our policies can define which layer of the security onion services occupy.
