Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identifiers, Resources, EPRs,and Missing Links OSG - Middleware Security Group Meeting Mon-Tue, June 5-6, 2006, SLAC, Stanford, CA Frank Siebenlist (Argonne.

Published byBertha Pearson Modified over 8 years ago

Similar presentations

Presentation on theme: "Identifiers, Resources, EPRs,and Missing Links OSG - Middleware Security Group Meeting Mon-Tue, June 5-6, 2006, SLAC, Stanford, CA Frank Siebenlist (Argonne."— Presentation transcript:

1 Identifiers, Resources, EPRs,and Missing Links OSG - Middleware Security Group Meeting Mon-Tue, June 5-6, 2006, SLAC, Stanford, CA Frank Siebenlist (Argonne National Laboratory / University of Chicago) franks@mcs.anl.gov - http://www.globus.org/

2 June 5, 2006OSG - Middleware Security Group Meeting2 W3C WS-Addressing’s Endpoint References (EPR) l “A Web service endpoint is a (referenceable) entity, processor, or resource to which Web service messages can be addressed.” l “Endpoint references convey the information needed to address a Web service endpoint.” l “Endpoint Reference Comparison. This specification provides no concept of endpoint identity and therefore does not provide any mechanism to determine equality or inequality of EPRs and does not specify the consequences of their equality or inequality. However, note that it is possible for other specifications to provide a comparison function that is applicable within a limited scope.”

3 June 5, 2006OSG - Middleware Security Group Meeting3 Issues? l No way to compare EPRs… u How to associate policy/audit with them u How to “know” whether two EPRs refer to same resource l Where does the EPR point to tomorrow? u Today it refers to your bank account… u Tomorrow it may refer to yours… u (one of us will be unhappy…)

4 June 5, 2006OSG - Middleware Security Group Meeting4 Resource Identifier Use Case l Resource Mobility. l Assertion Target. l Resource Attributes l Resource Reference Consistency l Resource Metadata Caching l Audit Label

5 June 5, 2006OSG - Middleware Security Group Meeting5 EPR Minter & Endpoint Identifiers

6 June 5, 2006OSG - Middleware Security Group Meeting6 EPR & Identifier Consumer

7 June 5, 2006OSG - Middleware Security Group Meeting7 EPR, EPI and Message

8 June 5, 2006OSG - Middleware Security Group Meeting8 Resource Identifier requirements u required l 1.Consistency with current tooling l 2.Unambiguous referencing l 3.Client side resource-equality testing l 4.A resource identifier in every message. l 5.EPR resolution u desirable l 6.Works with current/existing tooling l 7.Consistency with W3C architecture l 8.Unique address

9 June 5, 2006OSG - Middleware Security Group Meeting9 GGF WS-Naming l Specifications: u Web Service Endpoint Identification and Resolution: Use Cases and Requirements u Unambiguous Web Service Endpoint Profile u Web Service Endpoint Address Identifier Profile u Web Service Endpoint Name Specification u Endpoint Reference Resolution Specification

10 June 5, 2006OSG - Middleware Security Group Meeting10 EPR Resolution Svcs (all)

11 June 5, 2006OSG - Middleware Security Group Meeting11 EPR Resolution Svcs (from EPI)

12 June 5, 2006OSG - Middleware Security Group Meeting12 caBIG l Cancer Grid project by NCI/NIH  The cancer Biomedical Informatics Grid, or caBIG ェ, is a voluntary network or grid connecting individuals and institutions to enable the sharing of data and tools, creating a World Wide Web of cancer research. The goal is to speed the delivery of innovative approaches for the prevention and treatment of cancer. The infrastructure and tools created by caBIG ェ also have broad utility outside the cancer community. caBIG ェ is being developed under the leadership of the National Cancer Institute's Center for Bioinformatics.National Cancer Institute's Center for Bioinformatics  BIG project: Over 800 people from more than 80 organizations are working collaboratively on over 70 projects in a three-year pilot project. u https://cabig.nci.nih.gov/

13 June 5, 2006OSG - Middleware Security Group Meeting13 Identifier Services Framework l Identifier u “Naming” of individual Data-Objects u Globally Unique Name for each Data-Object l Services u Create/modify/delete name-object bindings u Resolve name to data-object l Framework u Provide for Trust Fabric => Binding Integrity u Policy-driven Administration => Curator Model u Fully Integrated with caGrid’s Architecture and Implementation

14 June 5, 2006OSG - Middleware Security Group Meeting14 Why (Standardized) Resource Identifiers? l Efficiency u Passing by reference vs by value (Data-Object can be many Mbytes) u Data-Object Equality test through String comparison (inequality test is no requirement…) l Consistency u Standardized way of referencing objects u Standard identifier => data-object resolution mechanism u Meta-data binding to standard object reference u Well-known primary/foreign key for (distributed) JOINs u Name for policy expression for data-object access u Name for audit entries about data-object related activities u … u Possible correlation of all of the above…

15 June 5, 2006OSG - Middleware Security Group Meeting15 Data-Object Identifier Properties l Identifier is a String l Identifier is a forever globally unique name for single Data-Object l Identifier can be (globally) resolved to associated Data-Object l Data-Objects are immutable, almost immutable or mutable… l Identifier value “meaningless” opaque string for consumer l Resolution information embedded in Identifier Name u Only meaningful for resolution service related components l Identifier is a Universal Resource Identifier (URI)

16 June 5, 2006OSG - Middleware Security Group Meeting16 Identifier Usage Model

17 June 5, 2006OSG - Middleware Security Group Meeting17 Naming Authority, Identifier Curator, Data Owner and Identifier User l Naming Authority (NA) u Guards integrity of identifier namespace & bindings u Maintains identifier to data-object’s endpoint mapping l Identifier Curator/Administrator u Understands semantics/access of data owner’s objects u Trusted by NA to administer binding for certain identifiers u Administers identifier to data-object’s endpoint binding l Data Owner u Provides access to data-objects through “endpoint-references” l Identifier User/Consumer u Trusts an NA for certain identifier bindings u Uses 2-step resolution to obtain data-object (identifier => endpoint => data-object) u (In-)Directly trusts Data Owner for data-object integrity

18 June 5, 2006OSG - Middleware Security Group Meeting18 Conclusion l Current WS-Addressing not good enough! l Need for profiles to require unambiguous use of EPRs l Need standardize identifier usage for policy/audit !!! l Need identifier services framework to provide the trust fabric for the bindings

19 June 5, 2006OSG - Middleware Security Group Meeting19 Identifier Consumer

20 June 5, 2006OSG - Middleware Security Group Meeting20 Identifier Consumer First Step

21 June 5, 2006OSG - Middleware Security Group Meeting21 Identifier & Data-Service

Download ppt "Identifiers, Resources, EPRs,and Missing Links OSG - Middleware Security Group Meeting Mon-Tue, June 5-6, 2006, SLAC, Stanford, CA Frank Siebenlist (Argonne."

Similar presentations

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
27 June 2005caBIG an initiative of the National Cancer Institute, NIH, DHHS caBIG the cancer Biomedical Informatics Grid Arumani Manisundaram caBIG - Project.

27 June 2005caBIG an initiative of the National Cancer Institute, NIH, DHHS caBIG the cancer Biomedical Informatics Grid Arumani Manisundaram caBIG - Project.
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Fujitsu Laboratories of Europe © 2004 What is a (Grid) Resource? Dr. David Snelling Fujitsu Laboratories of Europe W3C TAG - Edinburgh September 20, 2005.

Fujitsu Laboratories of Europe © 2004 What is a (Grid) Resource? Dr. David Snelling Fujitsu Laboratories of Europe W3C TAG - Edinburgh September 20, 2005.
CVRG Presenter Disclosure Information Tahsin Kurc, PhD Center for Comprehensive Informatics Emory University CardioVascular Research Grid Core Infrastructure.

CVRG Presenter Disclosure Information Tahsin Kurc, PhD Center for Comprehensive Informatics Emory University CardioVascular Research Grid Core Infrastructure.
A Unified Approach to Combat Counterfeiting: Use of the Digital Object Architecture and ITU-T Recommendation X.1255 Robert E. Kahn President & CEO CNRI,

A Unified Approach to Combat Counterfeiting: Use of the Digital Object Architecture and ITU-T Recommendation X.1255 Robert E. Kahn President & CEO CNRI,
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.

SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
CaGrid Service Metadata Scott Oster - Ohio State

CaGrid Service Metadata Scott Oster - Ohio State
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
NSF Middleware Initiative: GridShib Tom Barton University of Chicago.

NSF Middleware Initiative: GridShib Tom Barton University of Chicago.
Measurable Interoperability for Archival Data Lewis J. Frey, PhD

Measurable Interoperability for Archival Data Lewis J. Frey, PhD
CORDRA Philip V.W. Dodds March 2004. The “Problem Space” The SCORM framework specifies how to develop and deploy content objects that can be shared and.

CORDRA Philip V.W. Dodds March The “Problem Space” The SCORM framework specifies how to develop and deploy content objects that can be shared and.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google