Current issue |
Archive> Home
November 4, 2002
The following news about distributed computing is from the Grid
Research, Integration, Deployment and Support Center (GRIDS), part
of the National Science Foundation Middleware Initiative (NMI).
Subscribe to the GRIDS Center Newsletter
by sending e-mail to majordomo@grids-center.org
with "subscribe news" in the body of the message.
1.
Hot Off the Grid
GRIDS CENTER SOFTWARE SUITE
ADDS COMPONENTS FOR NMI-R2.
New software tools have been added to
the GRIDS suite in NMI-R2, the second release from the National
Science Foundation Middleware Initiative (NMI), which was issued on
October 25. GSI-SSH is a Grid security-enabled version of
Open-SSH, the popular communications tool. GPT (Grid Packaging
Tool) is used to bundle GRIDS components, and GridConfig is used to
configure and fine-tune them. The latest GRIDS Center Software
Suite includes new versions of the Globus Toolkit™, Condor-G and
Network Weather Service. Watch for new GRIDS releases as part
of NMI every October and April. See
http://www.nsf-middleware.org/NMIR2
to download the software. An NSF press release is at
http://www.nsf.gov/od/lpa/news/02/pr0289.htm
GLOBUS WORLD IN JANUARY 2003 WILL GIVE USERS A
VIEW "UNDER THE HOOD" OF GRID COMPUTING.
The inaugural Globus World will be held in San Diego, January
13-17. It will feature three tracks of invited talks,
interactive panels, and roundtables, with presenters including
principal GRIDS Center participants. Three tracks (Enterprise
Planning for Grids, Architecting Grids with Globus Toolkit,
Developing & Administering Globus Toolkit) will offer strategic
perspectives to facilitate discussions for enterprise planning and
executive decision-making. See
http://www.globusworld.org.
2.
Feature Story
“KERBERIZED” GRID COMPUTING.
An important NMI goal is the integration of Grid research
environments with the campus enterprise. One example is KX.509, a
client-side tool that extends the widely-used Kerberos campus
authentication mechanism for use in Grids.
KX.509 has been packaged with the GRIDS Center Software Suite in
both NMI releases (NMI-R1 and -R2). It was developed at the
University of Michigan under the auspices of a partner NMI team,
EDIT (Enterprise and Desktop Integration Technologies). The tool
provides a bridge between Kerberos and the Public Key Infrastructure
(PKI) associated with Grid security. GRIDS Center leaders like Carl
Kesselman believe KX.509 can play a crucial role in the adoption of
Grids on campuses and in other organizations where Kerberos is used.
“This is a significant development,”
said Kesselman, director of the Center for Grid Technologies at the
University of Southern California (USC) Information Sciences
Institute. “We have successfully deployed KX.509 across the USC
campus, which is a win for Grid users because it shows how their
applications can be integrated with Kerberos infrastructure, and
it’s a win for Kerberos sites because it shows they can be
hospitable to Grids.”
Interoperability is key to Grids,
whose architects are reluctant to dictate local choices for
security, authorization and authentication. Grids are designed to
give individual users and sites autonomy, while helping to ensure
that local choices can be based on a technology’s merit instead of
its popularity elsewhere.
The certificate and private key
generated by KX.509 are normally stored in the same cache alongside
the Kerberos credentials. This enables systems that already have a
mechanism for removing unused Kerberos credentials to also
automatically remove the X.509 credentials. Netscape or Internet
Explorer can then load a special library to access and use these
credentials for secure web activity.
To use KX.509, the user should be on
a system in an existing Kerberos realm and have a Kerberos login for
that domain. In other words, Kerberos client software should
already be installed, allowing KX.509 to generate a Grid certificate
and private key based on the user’s Kerberos credentials.
What is not required is the
presence of X.509 certificates, the format used for Grid Security
Infrastructure (GSI) by software such as the Globus Toolkit and
Condor-G. KX.509 is able to generate a GSI certificate that, when
used with either of those packages, can be fully recognized by any
Grid server.
According to Jim Pepin, director of
the Center for High Performance Computing and Communications (HPCC)
at the University of Southern California, "We see USC’s successful
campuswide implementation of Kerberized certificates with NMI as a
first step toward KX.509's broader use for Grid environments both at
USC and across the academic community."
Pepin pointed out that USC was
situated to capitalize quickly on KX.509 because researchers like
Kesselman have long been involved in helping to shape campus policy,
something other universities can emulate.
“This is the plumbing, and now we
need to build ‘appliances’ that use this capability across campus,”
he said. “We’re a huge university with many pedagogical and
research applications that could capitalize, including the Shoah
Visual History Foundation’s multimedia database of testimony from
Holocaust survivors, the Digital Encyclopedia of Los Angeles -- a
collaboration with UCLA to digitize motion pictures and other
artifacts -- and the Southern California Earthquake Center, part of
the Network for Earthquake Engineering and Simulation (NEES). Each
of these projects and others are now much better positioned to
deploy Grid tools thanks to our KX.509 deployment."
In non-Kerberos environments, to use
Globus Toolkit utilities on a local or remote machine, the user must
authenticate his or her identity to the machine with a Grid Security
Infrastructure certificate, also called an X.509 certificate. These
long-term certificates let the user create a short-term proxy
certificate that expires after a period generally defined by the
owner of the local or remote resource, after which a new proxy must
be generated to renew access.
KX.509 can actually be used in place
of permanent, long-term certificates. It does this by creating an
certificate and private key in X.509 format based on the user’s
existing Kerberos ticket. These credentials are then used to
generate the GSI proxy certificate in Kerberos environments just as
in the non-Kerberos example above.
See
http://www.nsf-middleware.org/NMIR2
for more information.
3.
What's Coming Up
SC02: From Terabytes
to Insights
November 16-22, 2002
Baltimore, MD
SC2002 brings together scientists,
engineers, systems administrators, programmers, and managers to
share ideas and glimpse the future of high performance networking
and computing, data analysis and management, visualization, and
computational modeling. This year, SC will highlight how we can use
our evolving cyberinfrastructure to tap into terabytes of data to
gain insight into creating a world that is safer, healthier and
better educated. The conference is sponsored by the Institute of
Electrical and Electronics Engineers Computer Society and by the Association for
Computing Machinery's Special Interest Group on Computer
Architecture. Presenters include GRIDS Center principals. See
http://www.sc2002.org.
Globus World
January 13-17, 2003
San
Diego, CA
The inaugural Globus World
will feature three tracks of invited speakers, lecturers,
interactive panels, and forward-looking roundtables. (See item
above under “Hot Off the Grid.) Details at
http://www.globusworld.org.
HPDC-12
June 22-24, 2003
Seattle, WA
Billed as "the
leading technical conference on Grids and Distributed Computing."
HPDC has issued a
call for papers
with deadline of February 2003.
4.
More about the GRIDS
Center
Part of the NSF Middleware
Initiative (NMI), GRIDS is a partnership of the Information Sciences
Institute (ISI) at the University of Southern California, the
University of Chicago, the National Center for Supercomputing
Applications (NCSA) at the University of Illinois at
Urbana-Champaign, the San Diego Supercomputer Center (SDSC) at
University of California at San Diego, and the University of
Wisconsin at Madison. For more information, see
http://www.grids-center.org. To
subscribe for GRIDS updates, send mail to
majordomo@grids-center.org with a
message body of “subscribe news” (without quotes). You will
receive a confirmation message with simple instructions on how to
authenticate your subscription.