1. 9th Lecture COP 4991 Component-Based Software Development Instructor: Masoud Sadjadi http://www.cs.fiu.edu/~sadjadi/Teaching/ Developing Grid Services on LA Grid

2. 9 th LectureCOP-4991: Component-Based Software Development 2 Acknowledgement  Fernando Ferfan  Mayelin Felipe  Borja Sotomayor  Lisa Childers

3. 9 th LectureCOP-4991: Component-Based Software Development 3 OUTLINE  WEB SERVICES FUNDAMENTALS  GRID FUNDAMENTALS  OGSA, WSRF & GT4  DEVELOPING WS IN LAGRID –Unsecured Examples –Secure Examples

4. 9 th LectureCOP-4991: Component-Based Software Development 4 Web Services  Designed to support interoperable machine-to-machine interaction over a network.  Uses a previously described interface (WSDL).  Communicates using messages via HTTP enclosed in a SOAP envelope.  Allows intercommunication amongst different platform and/or programming languages.  OASIS and the W3C responsible for the standardization of web services.  WS-I established to improve interoperability.

5. 9 th LectureCOP-4991: Component-Based Software Development 5 WEB SERVICES Advantages  Web Services are platform and language independent.  Most Web Services use HTTP for transmitting messages.  Web services can be combined to provide an integrated service.

6. 9 th LectureCOP-4991: Component-Based Software Development 6 WEB SERVICES Disadvantages  Overhead – transmitting messages in XML  Lack of versatility - not as many features as other distributed computing technologies

7. 9 th LectureCOP-4991: Component-Based Software Development 7 Typical Web Service Invocation The Globus Toolkit 4 Tutorial. http://gdp.globus.org/gt4-tutorial/

8. 9 th LectureCOP-4991: Component-Based Software Development 8 Detailed Web Service Invocation The Globus Toolkit 4 Tutorial. http://gdp.globus.org/gt4-tutorial/

9. 9 th LectureCOP-4991: Component-Based Software Development 9 Server Side handles HTTP messages provides a 'living space' for applications that must be accessed by different clients handles SOAP requests and responses The Globus Toolkit 4 Tutorial. http://gdp.globus.org/gt4-tutorial/

10. 9 th LectureCOP-4991: Component-Based Software Development 10 stateless vs. stateful web service  Stateless web services don’t “remember” information from one invocation to another whereas stateful Web Services do.  When Web Services are used just to create Internet-based applications with loosely coupled clients and servers, they can be stateless. The service can be restarted without concern of previous interactions.  When Web Services are used to create Grid Applications, they are generally required to be stateful.

11. 9 th LectureCOP-4991: Component-Based Software Development 11 Stateful web services example BuyerAmazon.com login login ok, your shopping cart id is 0x800 logout login and my id is 0x800 Your shopping cart has …

12. 9 th LectureCOP-4991: Component-Based Software Development 12 Problems  No standard on how to do this  Client needs to have special code  Some protocol specific features like cookies can be used

13. 9 th LectureCOP-4991: Component-Based Software Development 13 OUTLINE  WEB SERVICES FUNDAMENTALS  GRID FUNDAMENTALS  OGSA, WSRF & GT4  DEVELOPING WS IN LAGRID –Unsecured Examples –Secure Examples

14. 9 th LectureCOP-4991: Component-Based Software Development 14 WHAT’S A GRID ANYWAYS?  GRID SYSTEM: A system that … –Coordinates resources that are not subject to centralized control. –Using standard, open, general-purpose protocols and interfaces. –To deliver nontrivial qualities of service.  GRID COMPUTING: The field of computing science which concerns with Grid Systems.  A GRID: an actual, working Grid system (i.e. LAGrid).  THE GRID: Accessible to the general public, in the same sense that The Internet is publicly accessed.

15. 9 th LectureCOP-4991: Component-Based Software Development 15 Grid Services  So, what are these grid services?  Grid services are web services that are customized to grid environment  Similar to web services they provide the glue to interact with heterogeneous systems  Why do we need them?  What do they provide?

16. 9 th LectureCOP-4991: Component-Based Software Development 16 Achieving Statefulness  The state is kept in a separate entity called a resource.  Each resource has a unique key. The Globus Toolkit 4 Tutorial. http://gdp.globus.org/gt4-tutorial/

17. 9 th LectureCOP-4991: Component-Based Software Development 17 What do you think are the tradeoffs of providing the state explicitly within the request message or maintaining the state implicitly within system components with which the web service can interact?  Web service could maintain the resource identity as static service state, thus obviating the need to pass that identity in the WS-Addressing endpoint reference.  This design choice implies a one-to-one mapping from Web service endpoints to stateful resources and thus a need for a unique Web service endpoint for each stateful resource. Achieving Statefulness

18. 9 th LectureCOP-4991: Component-Based Software Development 18 Web Services vs. Grid Services  Though web services are great, some key things that are required on the grid are missing –State management –Global Service Naming –Reference resolution –more …

19. 9 th LectureCOP-4991: Component-Based Software Development 19 Web Services vs. Grid Services  Wait a minute ! I can do all those things with web services, can’t I?  YES ! You can  But, –The standards don’t provide (yet) the required mechanisms. Work is being done to figure out the best way to do these things

20. 9 th LectureCOP-4991: Component-Based Software Development 20 OUTLINE  WEB SERVICES FUNDAMENTALS  GRID FUNDAMENTALS  OGSA, WSRF & GT4  DEVELOPING WS IN LAGRID –Unsecured Examples –Secure Examples

21. 9 th LectureCOP-4991: Component-Based Software Development 21 OGSA Introduction  Grid systems and applications aim to integrate, virtualize and manage resources and services within distributed, heterogeneous, dynamic “virtual organizations”  Items needed –Computers, application services, data, and other resources need to be accessed within different organizations –Standardization  Open Grid Services Architecture (OGSA)  Is a service-oriented architecture (SOA), that addresses the need for standardization by defining a set of core capabilities and behaviors that address key concerns in Grid systems  SOA: A perspective of software architecture that defines the use of services to support the requirements of software users. Enables the creation of applications that are built by combining loosely coupled and interoperable services  wikipedia.com

22. 9 th LectureCOP-4991: Component-Based Software Development 22 OGSA  OPEN GRID SERVICES ARCHITECTURE (OGSA) –VO Management Service. –Resource Discovery and Management Service. –Job Management Service. –… security, data management, etc.

23. 9 th LectureCOP-4991: Component-Based Software Development 23 –OGSA is the architecture, OGSI is the infrastructure. –Grid service interface standard  Methods allow access to Grid service  As well as Grid service state (SDE) –Optional factory interface –Naming and referencing of Grid services –Extends WSDL 1.1 (GWSDL) –Handle resolver –Notifications Grid Service Handle (GSH) Publish GSR Bind Service Consumer Client Service Provider Grid Service OGSI Registry Grid Service Reference (GSR) Legend request flow reply flow program boundary module boundary Reply Grid Service Reference OGSI Grid service locator: Multiple GHSs + GSRs + interface description Open Grid Service Infrastructure (OGSI) - 2001

24. 9 th LectureCOP-4991: Component-Based Software Development 24 Grid Services as seen by OGSI  Connect to the grid service  Ask the server to create an instance for you  Get a unique global pointer to it  Interact with the service

25. 9 th LectureCOP-4991: Component-Based Software Development 25 OGSI Issues  Confusion and Criticism from web services folks  Modeling stateful resource with Web services  Web service Resource Framework (WS-RF) 2004

26. 9 th LectureCOP-4991: Component-Based Software Development 26 WSRF  Stands for Web Services Resource Framework  Improves on the concept of Web Services by creating a separate view for the resource state.  Simplifies WSDL and reduces message size and complexity (XML gets heavy and complicated fast)  Modular (users decide which specification to use)

27. 9 th LectureCOP-4991: Component-Based Software Development 27 WS-Resource  Provides a means of expressing the relationship between stateful resources and web services  The WS-Resource has an XML resource property document defined using XML schema.  The requestor can determine the WS-Resource type by retrieving the portType  Web service programming paradigm is used to interact with the resource

28. 9 th LectureCOP-4991: Component-Based Software Development 28 * www.globus.org/wsrf OGSIWSRF Grid Service ReferenceWS-Addressing Endpoint Reference Grid Service HandleWS-Addressing Endpoint Reference HandleResolver portTypeWS-RenewableReferences Service data defn & accessWS-ResourceProperties GridService lifetime mgmtWS-ResourceLifeCycle Notification portTypesWS-Notification Factory portTypeTreated as a pattern ServiceGroup portTypesWS-ServiceGroup Base fault typeWS-BaseFaults OGSI to WSRF*

29. 9 th LectureCOP-4991: Component-Based Software Development 29 WSRF Specification  WSRF Resource Properties.  WSRF Resource Lifetime.  WSRF Base Faults.  WSRF Service Group.

30. 9 th LectureCOP-4991: Component-Based Software Development 30 Web Services and Grids - OGSA  OGSI problems solved by WSRF Grid Web WSRF Started far apart in apps & tech OGSI GT2 GT1 HTTP WSDL, WS-* WSDL 2, WSDM Have been converging

31. 9 th LectureCOP-4991: Component-Based Software Development 31 Programming Grid Services (GT4)  Basic steps involved in creating a grid service –Create the interface using WSDL  Specify the portTypes, messages and data encoding –Generate Stubs –Add functionality –Compile and Build the code using Globus libraries –Create a GAR (Grid Archive) –Deploy it

32. 9 th LectureCOP-4991: Component-Based Software Development 32 OGSA, WSRF & GT4 B. Sotomayor and L. Childers. Globus Toolkit 4, Programming Java Services. 2006. The Morgan Kaufmann Series in Networking.

33. 9 th LectureCOP-4991: Component-Based Software Development 33 OUTLINE  WEB SERVICES FUNDAMENTALS  GRID FUNDAMENTALS  OGSA, WSRF & GT4  DEVELOPING WS IN LAGRID –Unsecured Examples –Secure Examples

34. 9 th LectureCOP-4991: Component-Based Software Development 34 GT4 Java WS Core  Java WS Core provides APIs and tools for developing Grid services.  Includes a container based on Apache Axis to host various GT4 services implemented in Java, such as GRAM, RFT, MDS-Index, and our own custom Web Services.  Following WSRF specifications.

35. 9 th LectureCOP-4991: Component-Based Software Development 35 GT4 Services  What feature/service is most useful to you as you work with GT4 Toolkit?  The globus-build-service.sh and globus-deploy-gar scripts use Ant to create and deploy the GAR file so we don’t need to worry about:  Processing the WSDL file  Creating the stub classes from the WSDL  Compiling the stub classes  Compiling the service implementation  Organizing all the files into a very specific directory structure

36. 9 th LectureCOP-4991: Component-Based Software Development 36 Creating a Grid Service (GT4) 1. Define the WS interface with WSDL. 2. Implement the service. 3. Define the deployment parameters. 4. Compile everything and generate a GAR file. 5. Deploy the service.

37. 9 th LectureCOP-4991: Component-Based Software Development 37 OUR EXAMPLE: MathService  A simple Math web service.  Operations: Addition & Subtraction & Get Value.  Resources: Value (integer) & Last operation performed (String).

38. 9 th LectureCOP-4991: Component-Based Software Development 38 MathService: THE 5 STEPS.  Step 1: The WSDL. The Definition <definitions name="MathService" targetNamespace="http://www.globus.org/namespaces/ examples/MathService_instance“ …> … The Definition <definitions name="MathService" targetNamespace="http://www.globus.org/namespaces/ examples/MathService_instance“ …> … The Port Type <portType name="MathPortType" wsrp:ResourceProperties="tns:MathResourceProperties"> … The Port Type <portType name="MathPortType" wsrp:ResourceProperties="tns:MathResourceProperties"> … The Messages The Messages The Response and Request Types The Response and Request Types The Resource Properties <portType name="MathPortType" wsrp:ResourceProperties="tns:MathResourceProperties"> The Resource Properties <portType name="MathPortType" wsrp:ResourceProperties="tns:MathResourceProperties">

39. 9 th LectureCOP-4991: Component-Based Software Development 39 MathService: THE 5 STEPS.  Step 2: Implementing the Service in Java The Bare Bones package org.globus.examples.services.core.first.impl; import java.rmi.RemoteException; import org.globus.examples.stubs.MathService_instance.*; import org.globus.wsrf.*; import org.globus.wsrf.impl.*; public class MathService implements Resource, ResourceProperties { … } The Bare Bones package org.globus.examples.services.core.first.impl; import java.rmi.RemoteException; import org.globus.examples.stubs.MathService_instance.*; import org.globus.wsrf.*; import org.globus.wsrf.impl.*; public class MathService implements Resource, ResourceProperties { … } The Resource Properties /* Resource properties */ private int value; private String lastOp; /* Get/Setters for the RPs */ public int getValue() { return value; } public synchronized void setValue(int value) { this.value = value; } The Resource Properties /* Resource properties */ private int value; private String lastOp; /* Get/Setters for the RPs */ public int getValue() { return value; } public synchronized void setValue(int value) { this.value = value; }

40. 9 th LectureCOP-4991: Component-Based Software Development 40 MathService: THE 5 STEPS.  Step 3: Configuring the Deployment (WSDD) The Service Name <service name=“examples/core/first/MathService” provider=“Handler" use="literal" style="document”> The WSDL File share/schema/examples/MathService_instance/Math_service.wsdl Load on Startup The Common Parameters The Service Name <service name=“examples/core/first/MathService” provider=“Handler" use="literal" style="document”> The WSDL File share/schema/examples/MathService_instance/Math_service.wsdl Load on Startup The Common Parameters

41. 9 th LectureCOP-4991: Component-Based Software Development 41 MathService: THE 5 STEPS.  Step 4: Create a GAR file with Ant –Process the WSDL to add missing pieces. –Create stub classes from the WSDL. –Compile stub classes. –Compile service implementation. –Organize all files into its specific directory structure../globus-build-service.sh –d -s $./globus-build-service.sh \ -d org/globus/examples/services/core/first \ -s schema/examples/MathService_instance/Math.wsdl $./globus-build-service.sh \ -d org/globus/examples/services/core/first \ -s schema/examples/MathService_instance/Math.wsdl $./globus-build-service.sh first or

42. 9 th LectureCOP-4991: Component-Based Software Development 42 MathService: THE 5 STEPS.  Step 5: Deploy the Service into a Web Service Container –Uses Ant. –Unpacks the GAR. –Copies the WSDL, compiled stubs, compiled implementation & WSDD into the GT4 directory tree. $ sudo –u globus globus-deploy-gar \ org_globus_examples_services_core_first.gar $ sudo –u globus globus-undeploy-gar \ org_globus_examples_services_core_first $ sudo –u globus globus-deploy-gar \ org_globus_examples_services_core_first.gar $ sudo –u globus globus-undeploy-gar \ org_globus_examples_services_core_first

43. 9 th LectureCOP-4991: Component-Based Software Development 43 MathService: THE CLIENT  Tests the service invoking both the add and substract operations. $ java -cp./build/stubs/classes/:$CLASSPATH \ org.globus.examples.clients.MathService_instance.Client \ https://la-blade-01.cs.fiu.edu:8443/wsrf/services/core/first/MathService $ java -cp./build/stubs/classes/:$CLASSPATH \ org.globus.examples.clients.MathService_instance.Client \ https://la-blade-01.cs.fiu.edu:8443/wsrf/services/core/first/MathService AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException faultSubcode: faultString: java.io.IOException: No socket factory for 'https' protocol faultActor: faultNode: faultDetail:...

44. 9 th LectureCOP-4991: Component-Based Software Development 44 MAKE THE SERVICE SECURE!  Create the security-config.xml file.  Modify the deploy-server.wsdd file.  Add the following to the client. static { Util.registerTransport(); } … ((Stub)mathFactory)._setProperty( Constants.GSI_SEC_CONV, Constants.ENCRYPTION); ((Stub)mathFactory)._setProperty( Constants.AUTHORIZATION, NoAuthorization.getInstance()); Our acknowledge to Ramakrishna!

45. 9 th LectureCOP-4991: Component-Based Software Development 45 MAKE THE SERVICE SECURE!  Is it secure now? Not really… We just added the skeleton to make it secure. $ java -cp./build/stubs/classes/:$CLASSPATH \ org.globus.examples.clients.MathService_instance.Client \ https://la-blade-01.cs.fiu.edu:8443/wsrf/services/core/first/MathService Current value: 15 Current value: 10 $ java -cp./build/stubs/classes/:$CLASSPATH \ org.globus.examples.clients.MathService_instance.Client \ https://la-blade-01.cs.fiu.edu:8443/wsrf/services/core/first/MathService Current value: 15 Current value: 10  Let’s run it again…

46. 9 th LectureCOP-4991: Component-Based Software Development 46 GRID SECURITY INFRASTRUCTURE  Basis for GT4 Security layer.  Covers the three pillars of secure communication: –Privacy. –Integrity. –Authentication.  Family of components (low/high level) to offer security features to programmers.

47. 9 th LectureCOP-4991: Component-Based Software Development 47 GRID SECURITY INFRASTRUCTURE  Level security: –Transport-level –Message-level  Authentication –X.509 Digital certificates. –Username/Password  Authorization schemes: –Server-Side –Client-Side –Custom  Credential delegation and single sign-on –Proxy Certificates  Different levels of security: –Container –Service –Resource.

48. 9 th LectureCOP-4991: Component-Based Software Development 48 WRITING A SECURE MathServer  Add security to the MathService example.  Now, four operations: –add –subtract –multiply –divide  We will be able to configure each operation with a different security configuration.

49. 9 th LectureCOP-4991: Component-Based Software Development 49 SECURE MathServer 1 Modify the security-config-auth.xml No server-side authorization must be performed. 2 The add method can only be invoked using GSI Secure Conversation. 3 The subtract method can only be invoked using GSI Secure Message. 4 The multiply method can be invoked using GSI Secure Conversation or GSI Secure Message. 5 The divide method can only be invoked using GSI Transport (transport-level security). 6 The rest of the methods can be invoked with any of the authentication methods. The service

50. 9 th LectureCOP-4991: Component-Based Software Development 50 SECURE MathServer  The Client –Programatically: ((Stub)math)._setProperty(Constants. GSI_SEC_CONV,Constants.ENCRYPTION); –Security descriptor: String secDecFile = “path/to/security-descriptor.xml”; ((Stub)math)._setProperty(Constants. CLIENT_DESCRIPTOR_FILE, secDescFile);

51. 9 th LectureCOP-4991: Component-Based Software Development 51 SECURE MathServer  Client call 1: GSI Transport Client  Client call 2: GSI Secure Conversation Client [add] ERROR: GSI Secure Conversation authentication required for "{MathService_instance_4op}add" operation. [subtract] ERROR: GSI Secure Message authentication required for "{MathService_instance_4op}subtract" operation. [multiply] ERROR: GSI Secure Conversation or GSI Secure Message authentication required for "{MathService_instance_4op}multiply" operation. Division was successful Current value: 30 [add] ERROR: GSI Secure Conversation authentication required for "{MathService_instance_4op}add" operation. [subtract] ERROR: GSI Secure Message authentication required for "{MathService_instance_4op}subtract" operation. [multiply] ERROR: GSI Secure Conversation or GSI Secure Message authentication required for "{MathService_instance_4op}multiply" operation. Division was successful Current value: 30 Addition was successful [subtract] ERROR: GSI Secure Message authentication required for "{http://www.globus.org/namespaces/examples/ MathService_instance_4op}subtract" operation. Multiplication was successful Division was successful Current value: 180 Addition was successful [subtract] ERROR: GSI Secure Message authentication required for "{http://www.globus.org/namespaces/examples/ MathService_instance_4op}subtract" operation. Multiplication was successful Division was successful Current value: 180

52. 9 th LectureCOP-4991: Component-Based Software Development 52 GT4 IDE software tools  Are there any current GT4 IDE software tools? –Globus Service Build Tools http://gsbt.sourceforge.net/http://gsbt.sourceforge.net/  GT4IDE: Eclipse 3 plug-in that will allow GT4 programmers to develop WSRF Java Web Services easily.  globus-build-service: The same Ant buildfile + script included in the tutorial.

53. 9 th LectureCOP-4991: Component-Based Software Development 53 USEFUL LINKS  http://www.cs.fiu.edu/~sadjadi/Teaching/gt4website/ http://www.cs.fiu.edu/~sadjadi/Teaching/gt4website/  Globus toolkit 4 Programmer’s Tutorial http://gdp.globus.org/gt4-tutorial/ http://gdp.globus.org/gt4-tutorial/  Globus toolkit 4: Programming Java Services http://www.gt4book.com/ http://www.gt4book.com/  OASIS. http://www.oasis-open.org/ http://www.oasis-open.org/  The Globus Alliance; http://www.globus.org/ http://www.globus.org/