Consulting (in Writing) to the Corporation: Principles and Pragmatics

Provenance information provides a useful basis to verify whether a particular application behavior has been adhered to. This is particularly useful to evaluate the basis for a particular outcome, as a result of a process, and to verify if the process involved in making the decision conforms to some pre-defined set of rules. This is significant in a healthcare scenario, where it is necessary to demonstrate that patient data has been processed in a particular way. Understanding how provenance information may be recorded, stored, and subsequently analyzed by a decision maker is therefore significant in a service oriented architecture, which involves the use of third party services over which the decision maker does not have control. The aggregation of data from multiple sources of patient information plays an important part in subsequent treatments that are proposed for a patient. A tool to navigate through and analyze such provenance information is proposed, based on the use of a portal framework that allows different views on provenance information to co-exist. The portal enables users to add custom portlets enabling application specific views that would facilitate particular decision making

Trust Assessment Using Provenance in Service Oriented Applications

Workflow forms a key part of many existing Service Oriented applications, involving the integration of services that may be made available at distributed sites. It is possible to distinguish between an "abstract" workflow description outlining which services must be involved in a workflow execution and a "physical" workflow description outlining the particular instances of services that were used in a particular enactment. Provenance information provides a useful way to capture the physical workflow description automatically especially if this information is captured in a standard format. Subsequent analysis on this provenance information may be used to evaluate whether the abstract workflow description has been adhered to, and to enable a user executing a workflow-based application to establish "trust" in the outcome

Programming, Composing, Deploying for the Grid

Grids raise new challenges in the following way: heterogeneity of underlying machines/networks and runtime environments (types and performance characteristics), not a single administrative domain, versatility. So the need to have appropriate programming and runtime solutions in order to write, deploy then execute applications on such heterogeneous distributed hardware in an effective and efficient manner. We propose in this article a solution to those challenges which takes the form of a programming and deployment framework featuring parallel, mobile, secure and distributed objects and components

Une architecture de sécurité hiérarchique, adaptable et dynamique pour la grille

Whereas security is a key notion in the world of distributed applications, its numerous concepts are a difficult step to overcome when constructing such applications. Current middlewares provide all major security-related technologies. However developers still have to select the more accurate one and handle all its underlying processes which is particurally difficult with dynamic, grid-enabled applications. To facilitate the use of security concepts in such application, this thesis presents a decentralised security model which takes care of security requirements expressed by all actors (resource providers, administrators, users) involved in a computation. The model is implemented outside the application source code. Its configuration is read from external policy files allowing the adaptation of the application's security according to its deployment. It has been conceived to handle specific behaviors which could happen during a distributed application life-cycle (use of newly discovered resources, remote object creation). Moreover, the implentation within the ProActive library has valided the approach and had demonstrated its advantages. Indeed, thanks to its transparency, it has been seamlessly integrated with the other features of the library (migration, group communications, components, peer-topeer). Benchmarks have consolidated the validity of the approach.Si la sécurité est une notion essentielle aux applications, particulièrement aux applications distribuées, ses nombreux concepts représentent une étape difficile de leur développement. Les intergiciels actuels intègrent un grand nombre de technologies relatives aux concepts de sécurité. Cependant, ils laissent aux développeurs la tâche de choisir la technologie la plus adaptée ainsi que la gestion des processus sous-jacents. Cet exercice se révèle d'autant plus difficile lorsque l'application évolue dans un environnement dynamique tel que celui des grilles de calcul. Afin de faciliter le déploiement d'applications distribuées et sécurisées, cette thèse présente un modèle de sécurité décentralisé permettant aux divers acteurs (administrateurs, fournisseurs de ressources, utilisateur) d'exprimer leurs politiques de sécurité. Son utilisation se veut totalement transparente au code métier des applications. La configuration de la politique de sécurité d'une application est exprimée dans des fichiers externes en dehors du code source de cette dernière. Il est ainsi possible d'adapter la sécurité de l'application en fonction de son déploiement. Notre mécanisme de sécurité est conçu pour s'adapter dynamiquement aux situations survenant dans le cycle de vie d'une application distribuée, notamment l'acquisition de nouvelles ressources et la création de nouveaux objets. L'implantation du modèle au sein d'une bibliothèque pour le calcul distribué a permis de démontrer la faisabilité de l'approche et ses avantages. En effet, son implantation transparente a permis son intégration immédiate avec les autres modules de la bibliothèque (communications de groupe, mobilité, composants, pair-à-pair). Les tests de performance réalisés afin d'évaluer son surcoût ont confirmé la validité de l'approche

Une architecture de sécurité hiérarchique, adaptable et dynamique pour la Grille

Les intergiciels actuels intègrent un grand nombre de technologies relatives aux concepts de sécurité. Cependant, ils laissent aux développeurs la tâche de choisir la technologie la plus adaptée ainsi que la gestion des processus sous-jacents. Cet exercice se révèle d autant plus difficile lorsque l application évolue dans un environnement dynamique tel que celui des grilles de calcul. Afin de faciliter le déploiement d applications distribuées et sécurisées, cette thèse présente un modèle de sécurité décentralisé permettant aux divers acteurs (administrateurs, fournisseurs de ressources, utilisateur) d exprimer leurs politiques de sécurité. Son utilisation se veut totalement transparente au code métier des applications. La configuration de la politique de sécurité d une application est exprimée dans es fichiers externes en dehors du code source de cette dernière. Il est ainsi possible d adapter la sécurité de l application en fonction de son déploiement. Notre mécanisme de sécurité est conçu pour s adapter dynamiquement aux situations survenant dans le cycle de vie d une application distribuée, notamment l acquisition de nouvelles ressources et la création de nouveaux objets. L implantation du modèle au sein d une bibliothèque pour le calcule distribué a permis de démontrer la faisabilité de l approche et ses avantages. En effet, son implantation transparente a permis son intégration immédiate avec les autres modules de la bibliothèque (communications de groupe, mobilité, composants, pair-à-pair). Les tests de performance réalisés afin d évaluer son surcoût ont confirmé la validité de l approche.Whereas security is a key notion in the world of distributed applications, its numerous concepts are a difficult step to overcome when constructing such applications. Current middlewares provide all major security-related technologies. However developers still have to select the more accurate one and handle all its underlying processes which is particularly difficult with dynamic, grid-enabled applications. To facilitate the use of security concepts in such applications, tis thesis presents a decentralised security model which takes care of security requirements expressed by all actors (resource provides, administrators, users) involved in a computation. The model is implemented outside the application source code. Its configuration is read from external policy files allowing the adaptation of the application s security according to its deployments. It has been conceived to handle specific behaviors which could happen during a distributed application life-cycle (use of newly discovered resources, remote object creation).NICE-BU Sciences (060882101) / SudocSOPHIA ANTIPOLIS-INRIA I3S (061522305) / SudocSudocFranceF

Establishing Workflow Trust Using Provenance Information

Abstract. Workflow forms a key part of many existing Service Oriented applications, involving the integration of services that may be made available at distributed sites. It is possible to distinguish between an “abstract” workflow description outlining which services must be involved in a workflow execution and a “physical ” workflow description outlining the instances of services that were used in a particular enactment. Provenance information provides a useful way to capture the physical workflow description automatically- especially if this information is captured in a standard format. Subsequent analysis on this provenance information may be used to evaluate whether the abstract workflow description has been adhered to, and to enable a user executing a workflow-based application to establish “trust ” in the outcome. An analysis tool that makes use of provenance information to assist in evaluating trust in the outcome of a workflow execution is presented. The analysis tool makes use of a rule-based engine, supporting a range of queries on the recorded information by one or more workflow enactors. The results of the analysis tool on a particular workflow scenario are presented, along with an experiment demonstrating how the analysis tool would scale as the granularity of the recorded provenance information was increased.

Establishing workflow trust using provenance information

Workflow forms a key part of many existing Service Oriented applications, involving the integration of services that may be made available at distributed sites. It is possible to distinguish between an \abstract" workflow description outlining which services must be involved in a workflow execution and a \physical" workflow description outlining the instances of services that were used in a particular enactment. Provenance information provides a useful way to capture the physical workflow description automatically - especially if this information is captured in a standard format. Subsequent analysis on this provenance information may be used to evaluate whether the abstract workflow description has been adhered to, and to enable a user executing a work°ow-based application to establish \trust" in the outcome. An analysis tool that makes use of provenance information to assist in evaluating trust in the outcome of a workflow execution is presented. The analysis tool makes use of a rule-based engine, supporting a range of queries on the recorded information by one or more workflow enactors. The results of the analysis tool on a particular workflow scenario are presented, along with an experiment demonstrating how the analysis tool would scale as the granularity of the recorded provenance information was increased

Quilici R.: Programming, Composing, Deploying for the Grid

Abstract. Grids raise new challenges in the following way: heterogeneity of underlying machines/networks and runtime environments (types and performance characteristics), not a single administrative domain, versatility. So the need to have appropriate programming and runtime solutions in order to write, deploy then execute applications on such heterogeneous distributed hardware in an effective and efficient manner. We propose in this article a solution to those challenges which takes the form of a programming and deployment framework featuring parallel, mobile, secure and distributed objects and components