[rm-wg] Multi-institutional Infrastructures for e-Science
Laurence.Field at cern.ch
Thu Jul 12 05:19:24 CDT 2007
As input into the discussion on Friday, I have tried to give a
description of the main problem domain which we are trying to address.
After this description, I have tried to define what we understand by
site, service, VO and resource based on our experience within this
Universities and research institutes are real organizations that have
computing centers. Each organization is autonomous and have their own,
security infrastructure, policies, systems etc. and are ultimately
responsible for their resources.
Scientists from different institutions collaborate on specific research
topics and they would like to use the resources available to them. The
difficulties faced by the collaboration is that each organization where
the resources are located have different, security infrastructures,
policies, systems etc.
To solve this problem the security infrastructures, policies, systems
need to be generalized. A common security model is adopted where usage
of resources at an organization is dependent on the collaboration to
which the user is participating. Types of systems are also generalized
so that the user does not have to understand the details of different
implementations that organizations have. An interface is required at
the organizational boundary that maps the generalized system to the
organizational specific security model and the local system.
A site represents the real organization, eg Universities and Research
Institutes which are administrative domains. It is usually a physical
location where the resource and system administration team can be found.
They have their own polices and identity and exist independently of
A virtual organization represents the collaboration, a group of
scientist working together for a specific topic. Within this virtual
organization there may be sub groups and different roles. Virtual
organizations also have there own policies and exist independently.
Members of the VO do not have to belong to any organization which
The service is the interface at the site boundary that maps from a
generic grid interface to the local system. As the service provides the
interface between the grid and a local system, there is a relationship
between the service and the site. In addition there is also a
relationship between the service and the virtual organization. Services
also have to ensure the adherence to agreed common polices, eg access
logs, accounting and auditing etc.
A resource is the functionality that the user would like to use. As the
resource is local to the site, there is a relationship between the
resource and the site. As the service gives access to the resource
there is also a relationship between a resource and a service.
More information about the rm-wg