Gillian Law
April 2006

The InteliGrid project was set up in September 2004 to develop a grid-based integration and interoperability open source platform for industries such as construction, automotive and aerospace, looking at current and likely future business models for networked Virtual Organisations (VOs).

The platform aims to provide pay-as-you-go access to information, communication and processing resources, allowing small to medium enterprise (SME) companies to access grid infrastructure.

The hypothesis of this project is that the collaboration platform - the semantic Grid itself - must be aware of the business concepts (e.g. car, aeroplane, skyscraper) that the VO is addressing. The Grid itself needs to commit to the product's and business process's ontology, thereby evolving into an ontology-committed semantic Grid.

The overarching technology aim, says Krzysztof Kurowski, a research analyst with Poznan Supercomputing and Networking Centre in Poland and Technical Board leader in InteliGrid, was to allow different companies from the AEC sector to build VOs based on semantic and grid technologies.

It was an enormous project to take on, he says. "To deal with this, we didn't want to develop everything from scratch, and we decided to adapt existing technologies as far as we could based on our experiences. We would add new extensions and new services, and then put those together in a way that would help people to establish dynamic control of a networked VO."

One of the main technologies chosen for the project was OGSA-DAI. "We decided to use it to deal with data management issues. Moreover, OGSA-DAI is used as a secure fašade to business service providers which are part of the VO," says Kurowski.

However, once the team started working with OGSA-DAI, they found that security issues were going to cause them problems.

"The project involved a lot of commercial partners," Kurowski said. "And they don't want to expose databases or services to the Internet when they're not 200 per cent sure that all connections to this service are protected, and that all the consumers that are trying to get access to the services are people they can trust. And you can understand that.

"So one of the first steps for us was to evaluate and analyse all the existing technologies, taking into account all the security requirements. So we started with OGSA-DAI, and started looking at the security side of things."

The security issues with OGSA-DAI were solved by using an external authorisation service, Kurowski said. "All virtual organisation services in InteliGrid have to talk to our authorisation service to check whether or not clients or consumers have appropriate rights to get access to the service or can perform certain actions on it.

"Because we have a centralised point for controlling and managing all security rules in the VO, we can simply remove or change policies, and automatically enforce business decisions on all services, including OGSA-DAI, in our environment.

"That was probably one of the biggest tasks that we faced concerning OGSA-DAI, but we solved it. We basically built some extensions to the security mechanisms already in OGSA-DAI, to allow us to establish the authorisation infrastructure and also to help us to position security. We wanted to have more dynamic control, over all services involved in the VO including OGSA-DAI."

The team was able to set the real system up so that each time a consumer accesses the business service, OGSA-DAI as a secure wrapper around it has to call the authorisation service to obtain an authorisation decision. "Then all distributed OGSA-DAI services involved in the VO talk to a central entity, and therefore VO Project Manager for instance can modify the policies or security rules within the authorisation service and it all changes automatically. So you don't have to force all service providers to modify local policies - you just change the security VO policies in one place.

It's a pretty useful service, and there are other projects we're working on where it will really help," Kurowski said.

"We also have developed portal access to OGSA-DAI resources to let people use a GridSphere portlet to see business data, in a more graphically oriented web page," he said.

The OGSA-DAI team in Edinburgh were helpful throughout the development process, Kurowski said.

"We've established excellent collaboration with them, and exchanged many emails - project architect Ally Hume informs us all the time of any changes to OGSA-DAI, and we've presented InteliGrid, and our use of OGSA-DAI, at several technical meetings."

InteliGrid, says Kurowski, is based on grid, and also on semantic technologies. Now, the team is trying to take the work a step further. "We're trying to set up new services to keep different ontologies, semantics and metadata - and we would like to use these services together with OGSA-DAI in new, advanced VO scenarios defined together with our business partners.

"At the beginning, we concentrated on lower layer, basic grid middleware, because we need to have a stable grid testbed connecting distributed organisations and their resources. But now, on top of the robust layer, we are trying to add some new capabilities and interoperability services to allow service providers as well as consumers to take advantage of business processes within dynamically established VOs. In our new scenarios we demonstrate the VO interoperability on the data and service level based on ontologies and industry standards to exploit many business opportunities."

Krzysztof Kurowski
Krzysztof Kurowski