Negotiating Trust on the Grid

Grids support dynamically evolving collections of resources and users, usually spanning multiple administrative domains. The dynamic and crossorganizational aspects of Grids introduce challenging management and policy issues for controlling access to Grid resources. In this paper we show how to extend the Grid Security Infrastructure to provide better support for the dynamic and cross-organizational aspects of Grid activities, by adding facilities for dynamic establishment of trust between parties. We present the PeerTrust language for access control policies, which is based on guarded distributed logic programs, and show how to use PeerTrust to model common Grid trust needs

Implementing a genomic data management system using iRODS in the Wellcome Trust Sanger Institute

<p>Abstract</p> <p>Background</p> <p>Increasingly large amounts of DNA sequencing data are being generated within the Wellcome Trust Sanger Institute (WTSI). The traditional file system struggles to handle these increasing amounts of sequence data. A good data management system therefore needs to be implemented and integrated into the current WTSI infrastructure. Such a system enables good management of the IT infrastructure of the sequencing pipeline and allows biologists to track their data.</p> <p>Results</p> <p>We have chosen a data grid system, iRODS (Rule-Oriented Data management systems), to act as the data management system for the WTSI. iRODS provides a rule-based system management approach which makes data replication much easier and provides extra data protection. Unlike the metadata provided by traditional file systems, the metadata system of iRODS is comprehensive and allows users to customize their own application level metadata. Users and IT experts in the WTSI can then query the metadata to find and track data.</p> <p>The aim of this paper is to describe how we designed and used (from both system and user viewpoints) iRODS as a data management system. Details are given about the problems faced and the solutions found when iRODS was implemented. A simple use case describing how users within the WTSI use iRODS is also introduced.</p> <p>Conclusions</p> <p>iRODS has been implemented and works as the production system for the sequencing pipeline of the WTSI. Both biologists and IT experts can now track and manage data, which could not previously be achieved. This novel approach allows biologists to define their own metadata and query the genomic data using those metadata.</p

Harnessing the Capacity of Computational Grids for High Energy Physics

By harnessing available computing resources on the network, computational grids can deliver large amounts of computing capacity to the high energy physics (HEP) community. Supporting HEP applications, which typically make heavy memory and I/O demands, requires careful co-allocation of network, storage, and computing resources. The grid manager must ensure that applications have the necessary resources to run efficiently while respecting the usage policies imposed by the owners of those resources. The Condor research group is engaged in an effort to develop effective co-allocation mechanisms for computational grids. We present two of these mechanisms, checkpoint domains and file system domains, which attack the wide-area network bottleneck by providing local access to checkpoint and data storage. Keywords: grid computing, network scheduling, high throughput computing 1 Introduction Computational grids [1] have the potential to deliver large amounts of computing capacity to t..

Traust: A trust negotiation based authorization service

In this demonstration, we present Traust, a flexible authorization service for open systems. Traust uses the technique of trust negotiation to map globally meaningful assertions regarding a previously unknown client into security tokens that are meaningful to resources deployed in the Traust service's security domain. This system helps preserve the privacy of both users and the service, while at the same time automating interactions between security domains that would previously have required human intervention (e.g., the establishment of local accounts). We will demonstrate how the Traust service enables the use of trust negotiation to broker access to resources in open systems without requiring changes to protocol standards or applications software. © Springer-Verlag Berlin Heidelberg 2006