Tom Scavo announces some great news:
Today, it is with great pleasure that the GridShib Project announces the immediate release of GridShib for Globus Toolkit v0.6.0. This release culminates a 20-month effort to bring SAML-based attribute push to X.509-based Grids.
GridShib for Globus Toolkit (GT) is an implementation of a Grid Service Provider, an entity much like a SAML Service Provider but for Grids. A Grid Service Provider consumes X.509-bound SAML tokens, a new type of security token that enables attributed-based authorization in X.509-based Grids.
Most everything you need to know about GridShib for GT is on this web page:
http://gridshib.globus.org/docs/gridshib-gt-0.6.0/readme.html
On this readme page, you will find more detailed information about the GridShib for GT software as well as links to downloads and documentation.
A major advance in this version of GridShib for GT is support for the TeraGrid Science Gateway use case where an intermediary makes a grid request on behalf of a browser user. The Gateway binds a SAML token to an X.509 proxy certificate and makes a request to a gridshib-enabled web service. On the service side, GridShib for GT consumes the SAML token and makes an access control decision based on the security information in the token.
As a SAML-consuming software component, GridShib for GT complements the previously released GridShib SAML Tools and GridShib Certification Authority (CA), which are SAML-producing software components. These three components together enable attribute-based authorization in X.509-based Grids. See the Quick Start for step-by-step instructions that show how to use GridShib for GT v0.6, GridShib SAML Tools v0.3, and GridShib CA v0.5.1 together on Windows and UNIX systems:
http://gridshib.globus.org/docs/gridshib/quick-start.html
For links to all GridShib software downloads and additional documentation, visit the GridShib Downloads page:
http://gridshib.globus.org/download.html
Funding for GridShib software has been provided by the NSF NMI program and the NSF TeraGrid program.
Tom Scavo
For the entire GridShib Team
Old news, but here’s an interesting website: Online Home for the TeraGrid Planning Process. In particular, the Position Papers section.
We are pleased to announce GridShib SAML Tools v0.3.0, the final release in the v0.3.0 development cycle:
http://gridshib.globus.org/docs/gridshib-saml-tools-0.3.0/readme.html
http://gridshib.globus.org/download.html#saml-tools
The GridShib SAML Tools are a suite of standalone client tools that issue SAML assertions and optionally bind these assertions to X.509 proxy certificates. To try out the software before downloading, visit our online demo:
https://computer.ncsa.uiuc.edu/gst-demo/
The GridShib SAML Tools require only Java 1.4 (or later) and Ant 1.6 (or later). Proxy certificates issued by the SAML Tools are compatible with GridShib for Globus Toolkit v0.6.0 Alpha (or later).
There have been significant changes in this version of the GridShib SAML Tools since the previous release:
http://gridshib.globus.org/docs/gridshib-saml-tools-0.3.0/CHANGES.txt
Important new features of GridShib SAML Tools v0.3.0 include:
- enhanced command-line interface
- new command-line options for the SAML Assertion Issuer Tool, including the option to output a DER-encoded ASN.1 structure
- new X.509 Binding Tool, to bind arbitrary content to a non-critical extension of an X.509 proxy certificate
- new SAML Security Info Tool, for examining the contents of X.509-bound SAML tokens
- expanded Java API, for producing and consuming SAML assertions and X.509 proxy certificates
- support for the TeraGrid Science Gateway Use Case
This development cycle was largely driven by the TeraGrid Science Gateway Use Case:
http://gridshib.globus.org/docs/gridshib-saml-tools-0.3.0/teragrid/readme.html
Science Gateways use the SAML Tools to enable auditing, incident response, and access control in Globus-based grids.
To learn more about this and other use cases, visit the “About GridShib” page:
http://gridshib.globus.org/about.html
While the GridShib SAML Tools produce X.509-bound SAML tokens, the complementary software component GridShib for Globus Toolkit consumes them. The latter is scheduled for release later this month or early next. See the roadmap on the GridShib home page for the latest updates.
Tom Scavo
For the GridShib Team
VDT 1.8.0 has been released.
http://vdt.cs.wisc.edu/releases/1.8.0/release.html
Highlights of the new features since 1.6.1:
* Red Hat Enterprise Linux 5 is now supported.
* We are now using Globus 4.0.5. This release incorporates many (but not all) of the patches that we used to apply to Globus. In particular, it incorporates nearly all of the “community branch” (for TeraGrid) changes that we used apply as a set of patches. This change will make it easier to maintain our Globus build. Also, WS-GRAM received a number of fixes to improve reliability and scalability. You can see our patches to Globus. (VDT Ticket 2721)
* Java 5 is now the default instead of Java 4, except for web applications running in Tomcat 5.0. (VDT Ticket 2718)
* VOMS nows runs on 64-bit computers.
* For OSG installations, batch job managers (Condor, PBS, SGE, and LSF) will reset GLOBUS_LOCATION for jobs based on OSG_GRID. This allows GLOBUS_LOCATION to be different for the gatekeeper and the worker nodes. This has been tested on all platforms, but it might not be working on LSF — the current behavior on LSF seems to simply not change GLOBUS_LOCATION, so it is no worse than it used to be.
* There is now an RPM for installing the CA certificates. It has been lightly tested. If you want to use it, it’s best to tell the VDT not to install the CA certificates at all, and then just use the RPM.
* There is now a program, vdt-update-certs, for automatically updating the CA Certificates. It is a cron job that is optionally enabled.
* The way in which web applications are installed into Tomcat 5.0 and 5.5 is now more robust and more consistent with Tomcat best practices.
* Pacman 3.20 is now the minimum supported version of Pacman. It is substantially faster than previous versions of pacman, which makes a VDT install faster.
VDT Team
It’s been busy lately, attended the first dev.Globus All Hands Meeting and TeraGrid ‘07 right here in Madison.
At TG07, Kate gave a talk which is online. The paper she presented discusses among other things contextualization, the structure and mechanisms by which an appliance/workspace is “told” what it needs in order to adapt to its deployed environment. This is not just adaptation to site specific services but also to other appliances that may be deployed with it such as in a virtual cluster deployment.
Amidst the bustle we implemented a new backend to the Workspace Service, to Amazon’s Elastic Compute Cloud (EC2). We’ve deployed it to the University of Chicago’s Teraport cluster and will currently pay for usage by selected collaborators.
Besides being somewhat fun to implement (including getting the Globus and Amazon Secure Message stacks on the same wavelength), I think it’s going to be interesting.
Because grid resources are cautiously approaching the pioneering switch to virtualizing resources [1], even in part, it is going to be interesting and educational to see what people will be able to accomplish with workspaces when a large pool of resources is actually available on tap — today.
Because the same deployment protocols can be used for both native and EC2 resources, there are of course capacity overflow use cases. In the right situations, VMs are a good mechanism for providers to dynamically reach more consumers as the need arises.
For a feature list and description, see What is the EC2 backend?
——-
[1] and some would say inevitable switch, even with the performance costs. Consider also that ‘virtualizing resources’ may mean physical node re-imaging, cf. Virtual Workspaces: Achieving Quality of Service and Quality of Life in the Grid.
The Virtual Data Toolkit 1.6.0 was released yesterday. 1.6 is the new stable series and will be used by OSG and TeraGrid.
THE ANNUAL TERAGRID CONFERENCE, TERAGRID ‘07: BROADENING PARTICIPATION IN TERAGRID, invites all interested individuals and organizations to participate. Attendees will include scientists and engineers, faculty, post docs, graduate and undergraduate students, high school teachers, representatives from federal agencies, grid computing industry representatives, and staff from TeraGrid resource providers and partners.
Submissions should address the development of grid computing capabilities and the applications of the TeraGrid to research and education, in particular:
* Scientific impacts that are the results of work on the TeraGrid and with TeraGrid partners
* Technology development, capabilities, and services
* Grid education/training and grids in support of education
* Education, outreach, and training
Full papers are due January 12, 2007.
http://www.union.wisc.edu/teragrid07/
[[ UPDATE: paper deadline has been extended to February 8th ]]
