GridCertLib: a Single Sign-on Solution for Grid Web Applications and Portals

This paper describes the design and implementation of GridCertLib, a Java library leveraging a Shibboleth-based authentication infrastructure and the SLCS online certificate signing service, to provide short-lived X.509 certificates and Grid proxies. The main use case envisioned for GridCertLib, is to provide seamless and secure access to Grid/X.509 certificates and proxies in web applications and portals: when a user logs in to the portal using Shibboleth authentication, GridCertLib can automatically obtain a Grid/X.509 certificate from the SLCS service and generate a VOMS proxy from it. We give an overview of the architecture of GridCertLib and briefly describe its programming model. Its application to some deployment scenarios is outlined, as well as a report on practical experience integrating GridCertLib into portals for Bioinformatics and Computational Chemistry applications, based on the popular P-GRADE and Django softwares.Comment: 18 pages, 1 figure; final manuscript accepted for publication by the "Journal of Grid Computing

On-Demand Big Data Integration: A Hybrid ETL Approach for Reproducible Scientific Research

Scientific research requires access, analysis, and sharing of data that is distributed across various heterogeneous data sources at the scale of the Internet. An eager ETL process constructs an integrated data repository as its first step, integrating and loading data in its entirety from the data sources. The bootstrapping of this process is not efficient for scientific research that requires access to data from very large and typically numerous distributed data sources. a lazy ETL process loads only the metadata, but still eagerly. Lazy ETL is faster in bootstrapping. However, queries on the integrated data repository of eager ETL perform faster, due to the availability of the entire data beforehand. In this paper, we propose a novel ETL approach for scientific data integration, as a hybrid of eager and lazy ETL approaches, and applied both to data as well as metadata. This way, Hybrid ETL supports incremental integration and loading of metadata and data from the data sources. We incorporate a human-in-the-loop approach, to enhance the hybrid ETL, with selective data integration driven by the user queries and sharing of integrated data between users. We implement our hybrid ETL approach in a prototype platform, Obidos, and evaluate it in the context of data sharing for medical research. Obidos outperforms both the eager ETL and lazy ETL approaches, for scientific research data integration and sharing, through its selective loading of data and metadata, while storing the integrated data in a scalable integrated data repository.Comment: Pre-print Submitted to the DMAH Special Issue of the Springer DAPD Journa

Towards an aspect weaving BPEL engine

This position paper proposes the use of dynamic aspects and the visitor design pattern to obtain a highly configurable and extensible BPEL engine. Using these two techniques, the core of this infrastructural software can be customised to meet new requirements and add features such as debugging, execution monitoring, or changing to another Web Service selection policy. Additionally, it can easily be extended to cope with customer-specific BPEL extensions. We propose the use of dynamic aspects not only on the engine itself but also on the workflow in order to tackle the problems of Web Service hot deployment and hot fixes to long running processes. In this way, composing aWeb Service "on-the-fly" means weaving its choreography interface into the workflow

Integrated Support for Handoff Management and Context-Awareness in Heterogeneous Wireless Networks

The overwhelming success of mobile devices and wireless communications is stressing the need for the development of mobility-aware services. Device mobility requires services adapting their behavior to sudden context changes and being aware of handoffs, which introduce unpredictable delays and intermittent discontinuities. Heterogeneity of wireless technologies (Wi-Fi, Bluetooth, 3G) complicates the situation, since a different treatment of context-awareness and handoffs is required for each solution. This paper presents a middleware architecture designed to ease mobility-aware service development. The architecture hides technology-specific mechanisms and offers a set of facilities for context awareness and handoff management. The architecture prototype works with Bluetooth and Wi-Fi, which today represent two of the most widespread wireless technologies. In addition, the paper discusses motivations and design details in the challenging context of mobile multimedia streaming applications

System Resource Sharing for Synchronous Collaboration

We describe problems associated with accessing data resources external to the application, which we term externalities, in replicated synchronous collaborative applications (e.g., a multiuser text editor). Accessing externalities such as les, databases, network connections, environment variables and the system clock is not as straightforward in replicated collaborative software as in single-user applications and centralized collaborative systems. We describe ad hoc solutions that have been used previously. Our primary objection to the ad hoc solutions is that the developer must program dierent behavior into the dierent replicas of a multi-user application, which increases the cost and complexity of development. We introduce a novel general approach to accessing externalities uniformly in a replicated collaborative system. The approach uses a semi-replicated architecture where the actual externality resides at a single location and is accessed via replicated proxies. The proxies multiplex input to and output from the single instance of the externality. This approach facilitates the creation of replicated synchronous groupware in two ways: (1) developers use the same mechanisms as in traditional single-user applications (2) developers program all replicas to execute the same behavior. We describe a general design for proxied access to read{only, write{only and read{write externalities. We discuss the tradeos of this semi- replicated approach over full, literal replication and the class of applications to which this approach can be successfully applied. We also describe details of a prototype implementation of this approach within a replicated collaboration-transparency system, called Flexible JAMM (Java Applets Made Multi-user)

Ghost: A uniform and general-purpose proxy implementation

International audienceA proxy object is a surrogate or placeholder that controls access to another target object. Proxy objects are a widely used solution for different scenarios such as remote method invocation, future objects, behavioral reflection, object databases, inter-languages communications and bindings, access control, lazy or parallel evaluation, security, among others. Most proxy implementations support proxies for regular objects but are unable to create proxies for objects with an important role in the runtime infrastructure such as classes or methods. Proxies can be complex to install, they can have a significant overhead, they can be limited to certain kind of classes, etc. Moreover, proxy implementations are often not stratified and they do not have a clear separation between proxies (the objects intercepting messages) and handlers (the objects handling interceptions). In this paper, we present Ghost: a uniform and general-purpose proxy implementation for the Pharo programming language. Ghost provides low memory consuming proxies for regular objects as well as for classes and methods. When a proxy takes the place of a class, it intercepts both the messages received by the class and the lookup of methods for messages received by its instances. Similarly, if a proxy takes the place of a method, then the method execution is intercepted too

Efficient Proxies in Smalltalk

International audienceA proxy object is a surrogate or placeholder that controls access to another target object. Proxy objects are a widely used solution for different scenarios such as remote method invocation, future objects, behavioral reflection, object databases, inter-languages communications and bindings, access control, lazy or parallel evaluation, security, among others. Most proxy implementations support proxies for regular objects but they are unable to create proxies for classes or methods. Proxies can be complex to install, have a significant overhead, be limited to certain type of classes, etc. Moreover, most proxy implementations are not stratified at all and there is no separation between proxies and handlers. In this paper, we present Ghost, a uniform, light-weight and stratified general purpose proxy model and its Smalltalk implementation.Ghost supports proxies for classes or methods. When a proxy takes the place of a class it intercepts both, messages received by the class and lookup of methods for messages received by instances. Similarly, if a proxy takes the place of a method, then the method execution is intercepted too