by Hasan, Peter Racz, Cristian Morariu, David Hausheer and Burkhard Stiller
The development of Grid technology has reached a point at which it is suitable for commercial deployment in a multi-provider environment. The EU Project Akogrimo is driving this development toward the support of mobile participants of a Virtual Organization employing Next-Generation Grid infrastructure. With the support of A4C functions developed within Akogrimo, such mobile Grids can now be commercially exploited. These A4C functions are the focus of this overview, and comprise user authentication, resource access authorization, multi-domain accounting of resource usage, auditing of compliance with SLA, and charging of resource consumption.
Grid technology is evolving from a niche market, in which it solely addressed the management of shared and distributed resources, into a framework which incorporates knowledge-related and semantics-driven Web services allowing for applications in a broad business context. This evolution has led to the so-called Next-Generation Grid (NGG). In addition to traditional Grid applications, envisioned NGG applications include e-business, e-health, e-government, and e-learning.
Until recently however, the Grid community has not so far considered the issue of mobility. Given the vast growth in the number of mobile Internet users, the EU Project Akogrimo is therefore aiming to advance the pervasiveness of Grid computing across Europe by uniting concepts and results gained in the systems beyond 3G (B3G) and the Grid community. Driven by business requirements, authentication, authorization, accounting, auditing and charging (hence the name A4C) are crucial functions for the commercial deployment of NGG technology for providers and users of mobile Internet Grid services. In order to present mobile users with a transparent view of the use of orchestrated services, A4C functions must consider interactions between providers.
Next-Generation Grid and Mobile Dynamic Virtual Organization
A Virtual Organization (VO) is understood to be a temporary or permanent coalition of geographically dispersed individuals, groups, organizational units or entire organizations that pool resources, capabilities, and information to achieve common objectives. A VO can provide services, including high-level resources such as knowledge (eg user and device context information and state information of VO components), and it may comprise various types of service providers, such as Grid service providers, content providers, network service providers, and even other VOs. A Mobile Dynamic VO (MDVO) is composed of potentially mobile participants where contracts are dynamically established. An NGG allows for the formation of MDVOs to solve complex problems across different network technologies and provider domains. Figure 1 depicts the NGG organization model in which various resources and actors are brought into relation. The base VO comprises pools of potential resources, services and providers that are combined into an instantiation of the VO for one user or customer. This is termed an operational VO.
A4C Integration into Next-Generation Grid Infrastructures
The integration of A4C into an NGG infrastructure is the key to commercializing Grid resources, services and knowledge that are distributed across multiple domains. Figure 2 depicts the Akogrimo NGG architecture whose components are grouped into three layers: Grid Application Support Services (GASS), Grid Infrastructure Services (GIS), and Network Middleware (NM). GASS components are responsible for Service Level Agreement (SLA) negotiations, establishment of VOs including operational VOs, and creation of workflows. GIS components manage and monitor the execution of tasks as specified by GASS components, measure resource usage and service performance, and monitor compliance with the respective SLA. Finally, NM components provide for network QoS support, functionality to support user-, device- and session-mobility, management of contexts and service discovery, and A4C functionality to allow for a controlled access to and an accounted usage of resources.
Two key concepts form the basis of authentication in Akogrimo: Single Sign-On (SSO) and Anonymity. SSO is achieved by integrating the Secure Assertion Markup Language (SAML) into the A4C infrastructure. Anonymity is supported at two different levels: pseudo and full anonymity. Under pseudo-anonymity a user retains the same virtual identity (a pseudonym) for each service request and access. Under full anonymity a new virtual user identity is created each time a user requests a service from a service provider.
With respect to authorization, two levels are distinguished within Akogrimo. At the first level, network access authorization is performed by the access router and the QoS broker. After a successful authentication, users may only use service bundles to which they have subscribed. Service bundles are stored by the A4C server and are provided to the QoS broker upon request. The second level of authorization lies in Grid service-related layers. The authorization at this level enables access to Grid services to be controlled according to existing policies in the operational VO as well as in the administrative domain of participating service providers.
The A4C infrastructure supports accounting for resource and service usage in a mobile, multi-domain service-provisioning environment. Accounting data related to network and Grid resource usage are gathered on the various network components that provide the service, and then collected and stored by the A4C server in the form of accounting records. To correlate accounting records originating from different components, accounting sessions are defined. Accounting sessions are related to the service usage of a user and bind accounting records together. The session model enables a hierarchical session structure in which services might use other services: this is highly probable in a Grid environment. The A4C server also receives and stores auditing events that express the degree of SLA compliance during service consumption.
Furthermore, the A4C server performs charging by applying a charging scheme to collected accounting records and auditing events. The charging scheme describes the charge calculation rules and tariffs to be applied and is specified by an XML-based representation. According to auditing events a provider can apply penalties or discounts to the final charge. Finally, the users home provider prepares a single bill for all accessed services.
Interested readers can obtain more detailed information from documents of the Akogrimo project as given on the links. Finally, we would like to thank Martin Waldburger for his contribution in technical discussions.
Akogrimo Project: http://www.akogrimo.org/
Final Integrated Services Design and Implementation Report:
Building Grids for Europe: http://ec.europa.eu/information_society/policy/nextweb/grid/index_en.htm
University of Zurich, CSG@IFI, Switzerland
Tel: +41 44 635 75 86