INDUSTRY
Trust on the Grid Goes Global
Users of Grid computing worldwide are a step closer to accessing computers and information in 50 countries and regions, from Canada to China, Portugal to Pakistan. The International Grid Trust Federation (IGTF), established this week during the 15th Global Grid Forum (GGF) in Boston, brings together Grid organizations representing Asia, the Americas and Europe that are working towards allowing scientific researchers to identify themselves to any Grid resource in the world with just a single online identity. IGTF's members issue electronic certificates that allow scientists to use the Grid. The Grids protected by IGTF certificates include over 40,000 computer processors and petabytes of storage - equivalent to over a million DVDs. Making sure the owners of Grids trust each other's security procedures is key to letting researchers access all these resources. “Living in the information age, access to electronic resources has never been so vital before.”, says Christos Kanellopoulos of Aristotle University of Thessaloniki, Greece, and co-chair of the GGF Certification Authorities Operations working group (CAOPS): “Already today e-scientists can use their certificates to access and use grid enabled resources in any part of the world, making the World Wide Grid a reality. IGTF is a big step towards the dream of bridging the digital divide”. The IGTF brings grid-oriented organizations around the globe much closer to realizing the promise of grids. Grids aim to harness the power of geographically dispersed computing resources, experimental facilities and research centres. Grid developers’ goal is to provide seamless access to all the resources available. However, at present there are many independently operated grids, spread throughout the world, and users able to work on one can’t necessarily gain access to the others. Fundamental to user access is user authentication – making sure that only those users who have the proper credentials are granted access to the resources. While this can be a significant challenge within a grid, achieving agreement on how to provide this level of authentication between grids has been an even bigger challenge. That’s where the IGTF takes centre stage. With the establishing of the IGTF, the foundation is laid for building a trusted basis for identity management, and a further step taken towards global interoperability for scientific grids. The IGTF is a federation of certification authorities or grid policy management authorities (grid PMAs), and the major grid infrastructure projects that together define the policies and standards for grid identity management. Comprising the three regional grid policy management bodies, the Asia Pacific Grid PMA (APGridPMA), the European Policy Management Authority for Grid Authentication in e-Science (EUGridPMA) and the Americas GridPMA (TAGPMA), the federation today has 61 members and covers 50 countries and regions. The new federation builds on the strong foundations laid in Europe by the EUGridPMA, which established the common baseline for identity providers that is considered trustworthy by an increasing number of resource centres and service providers. These same guidelines were also adopted by the APGridPMA and the TAGPMA, who at the same time enriched the federation with innovative services for quickly bootstrapping new centres in the Grid, and integration of the Grid with the scientists’ home organisations. The three EU e-Infrastructure projects Enabling Grids for e-Science (EGEE), the Distributed European Infrastructure for Supercomputing Applications (DEISA), and the South-Eastern European Grid-enabled e-Infrastructure Development (SEEGRID), as well as the Nordic European Grid (NorduGrid), were the first to join the common trust domain, and the strong support from the e-Infrastructure Reflection Group at the European policy level further accelerated the building of the federation. Also the US-based Open Science Grid (OSG) and TERAGrid projects, the ApGrid and PRAGMA projects in the Asia Pacific, and the world-wide LHC Computing Grid (LCG), base their authentication on the certificates issued by the IGTF affiliated certification authorities. Regional and national programmes that collaborate on a global scale also leverage the IGTF foundations today. “Recently, the number of organizations involved in large scale regional and international Grid projects in the Asia Pacific region has been dramatically increasing,” said Yoshio Tanaka (AIST, Tokyo, Japan), chair of the Asia Pacific Grid PMA. “There is a strong demand for establishing trust federation with production Grid projects in Europe and Americas. The IGTF accelerates the emergence of a globewide Grid infrastructure”. Leveraging both national and international support from a variety of sources, the members of the federation are able to provide high-quality credentials – called certificates – at no cost to the scientists. Key members of federation, like The DoEGrids Certificate Authority operated by the U.S. Department of Energy’s ESnet, and the Grid-FR CA operated by the French national research council CNRS, ensure that no scientists are ”left out in the rain”, and act as a catch-all for communities like the LCG and EGEE projects with a global network of agents. Tony Genovese from DOE’s Lawrence Berkeley National Laboratory, which manages ESnet for DOE, says: “By establishing IGTF, we are seeing the fruition of a the first steps ESnet and the European Grid took back in February 2002 when a researcher at Fermilab used an authenticating certificate created by ESnet to successfully transfer files to Imperial College and Lancaster University in the U.K. We did this as part of the pilot for the Particle Physics Data Grid. Once the British sites and Fermilab recognized and accepted each other’s certificates, the data transfer went smoothly”. The IGTF is closely linked to the efforts of the CA Operations Working Group in the Global Grid Forum, whose co-chair Darcy Quesnel of CANARIE is also the chair of the Americas Grid PMA. The working group provides the standard federation documents and the broad consensus between providers and relying parties. The other important element for enabling a wide trust base is the use of the TACAR repository run by TERENA, the Trans-European Research and Educational Networking Association: a single source for all relying parties to validate their trust infrastructure both for the IGTF and for many other academic identity providers. The future work of the IGTF will venture into better integration of Grid authentication with other mechanisms. “The future is going to be with integrated services. Currently grid identity management is usually a separate thing the user needs to think about,” said David Groep of NIKHEF (Amsterdam, the Netherlands) and chair of the EUGridPMA. “In the future, single sign-on should integrate grid, network and campus resources in a seamless system. Grid computing in a university classroom is currently hard to do; new services that will emerge based on the IGTF work will alleviate this barrier”.