SourceForge : View Wiki Page: Vocabulary

Search Wiki Pages Project: pgi-wg Wiki > Vocabulary > View Wiki Page

wiki2105: Vocabulary

PGI Vocabulary and Glossary of Acronyms and Terms

The purpose of this page is to provide :
– an expansion of acronyms and
– an unambiguous definition of terms
used in the context of a Production Grid.

It is based on the OGSA® Glossary of terms and the GLUE Specification v. 2.0.

It provides a minimum background information about Grids.
In presenting these expansions and definitions, we do NOT attempt to justify them, nor present the discussions that preceded them, but we encourage the reader to follow any supplied references for a more detailed discussion.

The root terms are :
– ‘Data Processing’, which means much more than computing,
– ‘Administrative domain’, which holds a security repository for client authorization and authentication,
– ‘Trust’, which permit interoperation between different administrative domains,
– ‘Federation’, where different administrative domains agree on standardization and mutual trust.

For each official or de facto standard mentioned, the corresponding defining organization follows inside parenthesis.
For some terms (in particular those defined by GLUE), the defining document also follows the definition inside parenthesis.
Links to appropriate web pages are given inline.

A

Term	Definition
AAA	Authentication, Authorization and Accounting, as defined by RFC 2903, RFC 2904, RFC 2905, RFC 2906 (IETF). http://en.wikipedia.org/wiki/AAA_protocol
AAI	Authentication and Authorization Infrastructure. Example is X509.
AC	Attribute Certificate (RFC 3281). http://www.apps.ietf.org/rfc/rfc3281.html
AccessPolicy	AccessPolicy express authorization rules, e.g. which UserDomains MAY access a certain service Endpoint (GLUE).
Accounting	Process permitting to keep trace, and to provide targeted display of quantified usage of resources by clients. Accounting data must be persistent. Standardization of its format eases interoperability. Examples of targeted display are ‘overall usage of one resource’, and ‘client billing’.
Activity	Unit of work which is submitted to a Service via an Endpoint (GLUE). Main example of Activity is a ComputingActivity, so Activity is often a used as shorthand for ComputingActivity (Job).
AdminDomain	Collection of actors which manage a number of Services (GLUE).
Administrative domain	Service provider holding a security repository permitting to easily authenticate and authorize clients with credentials. Interoperation between different administrative domains having different security reposi¬tories, different security software or different security policies is notoriously difficult. Therefore, administrative domains wishing interoperation have to build a federation. This concept is captured by GLUE as AdminDomain.
Allocated	See allocation.
Allocation	Process of assigning a set of resources for use by a job.
Application	Program which is to be executed inside a job. In most service grids, clients are authenticated, so they can submit any application. In desktop grids, computing resources can NOT authenticate job submitters. Therefore, the application itself has to be officially validated (that is analyzed and verified as harmless) and stored inside an application repository.
Application repository	Secure repository holding validated applications. Application repositories are required by desktop grids.
ARC	Advanced Resource Connector : Grid middleware developed and supported by NorduGrid collaboration, and used by NDGF. http://www.nordugrid.org/middleware/
A-REX	ARC Resource-coupled EXecution service : BES compatible computing service of ARC middleware.
ARGUS	XACML-based authorization service developed and maintained by EGI and EMI. https://twiki.cern.ch/twiki/bin/view/EGEE/~AuthorizationFramework
AUTHN	Authentication : Process of ensuring that a credential is valid and belongs to the entity that presents it. Examples of types of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called).
AUTHZ	Authorization : Determination whether a particular entity has the rights to perform a given activity.
Automatic staging	Data staging performed automatically by the execution service in any direction between local storage for the job and a location provided by the job submitter. This requires that the job submitter provides to the execution service (potentially delegated) credentials permitting data access. For stage-in, this also requires that the data is already in the specified location before job submission. These preparation steps permit to avoid manual staging.

B

Term	Definition
Backend interface	Interface which is normally NOT seen by clients, but which permits interoperability between different implementations of functionalities using the same persistent resource. For example, standardization of the format of accounting records permits an accounting program of a grid infrastructure to correctly process accounting records generated in another grid infrastructure by jobs forwarded there for execution.
BES	Shorthand for OGSA-BES.
BOINC	Berkeley Open Infrastructure for Network Computing : Grid middleware for desktop grids. http://boinc.ssl.berkeley.edu/

C

Term	Definition
CA	Certificate Authority : Entity which issues digital certificates for use by other parties. It is an example of a trusted third party (RFC 3280). http://en.wikipedia.org/wiki/Certificate_authority
Campus grid	Data processing infrastructure which does NOT spread several administrative domains. Therefore, its security requirements are simple and are easily fulfilled by local accounts.
Capability	Ability to execute a specified course of action. http://en.wikipedia.org/wiki/Capability_(systems_engineering)
CE	Computing Element (EGI)
CIM	Common Information Model : An object-oriented model for system management, published by the Distributed Management Task Force (DMTF). http://www.dmtf.org/standards/cim/ It is mentioned here because GLUE, the OGF recommendation for the information model permitting to describe grid entities, is NOT compliant to CIM.
CIS	Credential Issuing Service (Security)
Client	In a service-oriented architecture, a client is a software component or other program unit that makes use of the capabilities offered by a service. In a grid context, a client is a holder of credentials belonging to a member of a GLUE UserDomain.
Client interface	Interface which is directly used by clients. Thus, it is a candidate for standardization.
Cloud	Data processing infrastructure providing an extensive integrated client interface permitting information discovery, data management, job management, logging, accounting and monitoring. Most clouds are enclosed inside a single administrative domain, do NOT provision communication between different administrative domains, and provide limited security.
CMMI-DEV	Capability Maturity Model Integration for Development : Process improvement approach that helps organizations improve their performance, in particular for software engineering. http://www.sei.cmu.edu/library/abstracts/reports/06tr008.cfm
Collection job	Container for a limited number of explicitly described independent simple jobs. This container receives its own job ID, permitting clients to manage the collection as a whole.
Component	An interchangeable part of a system that encapsulates its contents and defines its behavior in terms of its public interfaces.
Computing	Running a program. This is only a tiny part of data processing.
ComputingActivity	Single (but possibly multi-processor) job (GLUE).
Computing grid	Legacy shorthand for ‘Distributed data processing infrastructure’.
Contact	Contact information for different groups or expert roles responsible for aspects of the operation of Services and Domains, e.g., user support, security or sysadmin (GLUE).
Context	The conditions and circumstances under which an operation takes place. For example: • In programming languages a calling context is a set of bindings of values to variables. • A VO is a possible context for a request to a service. • A security context is a set of credentials under which execution can occur.
COPS	Common Open Policy Service. It specifies a simple client/server model for supporting policy control as defined by RFC 4261 (IETF). http://www.apps.ietf.org/rfc/rfc4261.html
CREAM	Computing Resource Execution And Management : gLite Computing Element. http://grid.pd.infn.it/cream/field.php
CSIRT	Computer Security Incident Response Team (Security). http://en.wikipedia.org/wiki/CSIRT
CVS	Credential Validation Service (Security)

D

Term	Definition
Data access	A mechanism that allows an entity to identify a subset of the data held by a data resource and to update that subset, return it to the requesting entity, or make it available for transfer elsewhere.
Data catalog	Registry which stores data descriptions of data services or of the data resources they represent. This is sometimes called a ‘metadata catalog’.
DAG	Directed Acyclic Graph : Directed graph with NO directed cycles. http://en.wikipedia.org/wiki/Directed_acyclic_graph
DAG job	DAG workflow of a limited number of explicitly described simple jobs. This DAG workflow receives its own job ID, permitting clients to manage the collection as a whole.
Data consistency	An instance of data in a resource in a distributed system is said to be ‘consistent’ with one or more other instances of that data elsewhere in the system if it is up-to-date with respect to those instances. In a given system, a policy may define the rules for determining the extent to which data is up-to-date, and for maintaining that degree of consistency.
Data federation	In OGSA, data federation refers to the logical integration of multiple data services or data resources so that they can be accessed as if they were a single service.
Data format	The encoding, structure, classification and organization of data in a data resource or message.
Data management service	In OGSA, the capability concerned with the storage, description, access, update, location, transfer and other management of data.
Data model	A mapping of the contents of an information model into a form that is specific to a particular type of repository, protocol, platform, etc. It is a rendering of an information model according to a specific set of mechanisms for representing, organizing, storing and handling data. There are typically three parts : • A collection of data structures such as lists, tables, and relations; • A collection of operations that can be applied to the structures such as retrieval, update, and summation; • A collection of integrity rules that define the legal values or changes of state (operations on values). The audience for a data model is implementers. The WBEM initiative is an example of an instantiation of CIM as a data model. For more information see RFC 3444 (IETF). http://www.apps.ietf.org/rfc/rfc3444.html
Data processing	Whole management of data, encompassing data extraction from scientific instruments, data storage, metadata management, computing, …
Data replication	Maintenance of one or more copies (replicas) of data such that the replicas are kept up-to-date with any changes in that data. See OGSA Data Architecture for more information.
Data resource	Entity (and its associated framework) which provides a data access mechanism or can act as a data source or data sink.
Data service	Service which provides interfaces to the capabilities and data of one or more data resources within a service-oriented architecture.
Data set	An encoding of data in a defined syntax suitable for externalization outside of a data service. For example, for data transfer to or from another data service. Examples include a WebRowSet encoding of an SQL query result set, a JPEG-encoded byte array, and a ZIP-encoded byte array of a set of files.
Data sink	Data resource that receives the data transferred by a data transfer mechanism from a data source.
Data source	Data resource that contains or generates data to be transferred to a data sink via a data transfer mechanism.
Data staging	Transfer of data to a specified location in preparation for an activity, e.g., running a job on an execution resource, or the transfer to another location of data resulting from an activity. PGI does NOT cover Pre-staging (occurring before the submission of a job) and Post-staging (occurring after the completion of a job), but focuses on file transfers occurring during the lifetime of the job, with a corresponding entry in the JSDL.
Data transfer	Mechanism to transfer data from a data source to a data sink.
dCache	Grid middleware for data management, now maintained by EMI. www.dcache.org/
DCI	Distributed Computing Infrastructure (wording for Computing Grid by the European Commission).
DEGISCO	Desktop Grids for International Scientific Collaboration : European project for technical dissemination and infrastructure extension : Its aim is the further extension to 'International Cooperation Partner Countries' (ICPC) of the European 'Distributed Computing Infrastructure' (DCI) which is already interconnected to desktop grids by the '3G Bridge' infrastructure.
DEISA	Distributed European Infrastructure for Supercomputing Applications : Grid infrastructure project for academic supercomputers. http://www.deisa.eu/
Delegation	Transfer of rights and privileges to another party (Security). GSI performs direct delegation of Globus proxies (which do NOT comply to RFC 3820). GridSite Delegation described at http://www.gridsite.org/wiki/Delegation_protocol is a service permitting delegation of X509 proxies, and is used by gLite as described at https://twiki.cern.ch/twiki/bin/view/EGEE/~GridSiteDelegation
Distributed data processing	Better wording for Grid computing. Data processing using distributed resources. These distributed resources may be enclosed in a single administrative domain (campus grid, cloud) or may be spread over different administrative domains (desktop grids, production grids, service grids). In this last case, the different administrative domains need to form a federation.
Distributed data processing infrastructure	Better wording for Grid, Computing Grid and DCI. Infrastructure for distributed data processing, permitting clients to submit data processing activities to (potentially) remote resources. This encompasses NOT only data and computing resources, but also security setups, information discovery, logging, accounting, monitoring, operational staff, documentation, training, … It may be enclosed in a single administrative domain, like a campus grid or a cloud. It may also be a federation of different administrative domains, like a desktop grid, a production grid or a service grid.
DG	Desktop Grid : Loose opportunistic grid using idle computing resources (often desktop computers owned by volunteers). No single desktop resource can guarantee any QoS, but a large desktop grid as a whole can provide a guaranteed QoS. Trust is based on the certification of applications. Most often, computing resources PULL jobs from desktop grid servers.
Domain	Abstract group of actors playing a role in a grid system. Examples of instantiation are AdminDomain and UserDomain (GLUE).
DoS	Denial of Service : A form of attack on a computer system that results in some part of the system being prevented from providing its normal level of service to its users (Security). http://en.wikipedia.org/wiki/Denial-of-service_attack

E

Term	Definition
EDGeS	Enabling Desktop Grids for e-Science : Now finished European project for technology, infrastructure and dissemination : Its aim was to create and operate an integrated grid infrastructure that seamlessly integrates : • a variety of desktop grids (powered in particular by BOINC and XtremWeb-HEP) on the one hand, • service grids powered by the gLite middleware (such as EGEE) on the other hand.
EDGI	European Desktop Grid Infrastructure : European project for technology and infrastructure : Its aim is to support the user communities of European Grid Initiative and National Grid Initiatives which : • are heavy users of Distributed Computing Infrastructures, • require an extremely large number of CPUs and cores. For this aim, EDGI is developing middleware which consolidates the results achieved in the EDGeS project concerning the extension of service grids with desktop grids.
EEC	End Entity Certificate, for example User or Server Certificate, as opposed to CA Certificate (Security).
EGEE	Enabling Grids for E-sciencE : European project of grid infrastructure for academic computers, now being replaced by EGI. http://www.eu-egee.org/
EGI	European Grid Infrastructure: Grid infrastructure for academic computers. EGI is a sustainable continuation of EGEE, and contains NDGF. http://www.egi.eu/
EGI-InSPIRE	European project started on 1 May 2010 and funding EGI during 4 years. http://www.egi.eu/projects/egi-inspire
EMI	European Middleware Initiative : European project of grid middleware, having to manage and make compatible ARC, gLite, Unicore and dCache, for usage by EGI and PRACE. http://www.eu-emi.eu/
Endpoint, End point	Network location that can be contacted to access certain functionalities based on a well-defined interface (GLUE).
Entity	Any nameable thing. For example, in OGSA an entity might be a resource or a service.
EPI	End Point Identifier : URI that is unique in space and time. Clients can compare the EPIs contained in two or more EPRs. If the EPIs are the same, the EPRs are said to point to the same entity (WS-Naming).
EPR	Endpoint reference : A WS-Addressing construct that identifies a message destination. In WSRF an EPR conveys the information needed to identify or reference a stateful resource. http://www.w3.org/2002/ws/addr/
e-Science	Computationally intensive science that is carried out in highly distributed network environments, or science that uses immense data sets that require grid computing. http://en.wikipedia.org/wiki/E-Science
ETSI	European Telecommunications Standards Institute. http://www.etsi.org/
Event	Anything that occurs in or to an IT system that is potentially interesting to a person, to some other part of the same system, or to an external system, may be considered to be an event. Information about an event may be expressed as a log record and stored in a log service. It may also be communicated to other interested services through a notification message.
ExecutionEnvironment	Hardware and operating system environment in which a job will run. It represents a set of homogeneous Worker Nodes, so if a computing system contains nodes with significantly different properties, there MAY be several ExecutionEnvironment instances. This implies that it should be possible to request a specific environment when a job is submitted (GLUE). See also Hosting environment.
Execution Service	Grid service publishing Endpoint(s) permitting clients to submit jobs. An execution service is responsible for the execution of the jobs which it receives. An execution service MAY perform brokering to find the most adequate computing resource (which MAY be another execution service), and forward the job to it. An execution service manages jobs, which are transient entities, but also has to write down logging and accounting records, which must be persistent.

F

Term	Definition
Failure	State in which a service or other entity is not correctly meeting its specified behavior.
Failure recovery	Restoration of a service or other entity to its specified behavior. Recovery might be effected either by correcting the failure condition or by routing subsequent requests to an alternate entity that is capable of providing the same service.
Fault	Exceptional but anticipated behavior
File path	String in some directory system that can be bound to some file (or pseudo-file)—for example, /home/mydir/data. Usually a file path on one machine is invalid or resolves to a different file on other machines (in the absence of some sort of distributed file system).
Federation	Multiple computing and/or network providers agreeing upon standards of operation in a collective fashion. http://en.wikipedia.org/wiki/Federation_(information_technology) The primary standard is mutual trust. A production grid is a federation of its administrative domains, with IGTF as trust anchor.
FQAN	Fully Qualified Attribute Name
FTP	File Transfer Protocol

G

Term	Definition
GCM	Grid Component Model (ETSI). http://www.etsi.org/~WebSite/Technologies/GRID.aspx In fact, GLUE is much more relevant.
Genesis II	Grid middleware developed by University of Virginia. http://www.cs.virginia.edu/genesis/
GIN	Grid Interoperability Now : Community Group (OGF). http://www.ogf.org/gf/group_info/view.php?group=gin-cg
gLexec	Grid security program which acts as a light-weight 'gatekeeper'. gLExec takes grid credentials as input. gLExec takes the local site policy into account to authenticate and authorize the credentials. http://www.nikhef.nl/pub/projects/grid/gridwiki/index.php/GLExec
gLite	Grid middleware developed and used by EGEE, now maintained by EMI and used by EGI. gLite currently uses an old version of GSI, which accepts Globus proxies, but does NOT accept RFC-3820-compliant X509 proxies. http://glite.web.cern.ch/glite/
Globus	Organization developing grid middleware used in US and within EGI in Europe. http://www.globus.org/ In particular, it created the Globus Toolkit, with Globus proxies and the GRAM protocol.
Globus proxy	Proxy Certificate which does NOT comply with RFC 3820 (Globus). Globus proxies are accepted ONLY by GSI libraries, which also know how to achieve direct delegation of Globus proxies.
Globus GSSAPI	Globus implementation of GSSAPI (Globus). Old versions are INCOMPATIBLE with the OpenSSL implementation. Only NEW versions (since version 4.0 approximately) also accept RFC-3820-compliant X509 proxies.
GLUE	The GLUE specification is an information model for Grid entities described using the natural language and UML Class Diagrams (OGF). http://www.ogf.org/documents/GFD.147.pdf
GRAM	Grid Resource Allocation and Management (Globus) : Protocol for job submission and management. NOT compliant to BES.
Grid	Shorthand for distributed data processing infrastructure. An OGSA grid is a system that is concerned with the integration, virtualization, and management of services and resources in a distributed, heterogeneous environment that supports collections of users and resources (virtual organizations) across traditional administrative and organizational domains (real organizations). Less formally, a grid computing environment combines distributed pools of resources onto which applications or services may be dynamically provisioned and re-provisioned, to improve economy, efficiency, agility, performance, scaling, resilience and utilization. The contributed resources are often consolidated from numerous smaller pools, where they may have been under-utilized, and as a result grids tend to be heterogeneous. Grids offer great flexibility, as resources can be re-purposed or re provisioned in line with an organization’s changing goals. They typically focus on services rather than components, and are built using architectural styles such as service-oriented architecture, which are disaggregated or distributed in nature and can leverage the properties of the available resources. Key requirements for successful grid implementa¬tion and management include standardization of the interfaces of common components, and the use of standardized information models, security models and data models.
Grid computing	Legacy shorthand for Distributed data processing. Grid computing is related to, but subtly different from, Utility computing.
Grid infrastructure	Legacy shorthand for Distributed data processing infrastructure.
GridSAM	A job management service provided by OMII-UK that implements OGSA-BES. http://omii.ac.uk/wiki/~GridSAM
GridSite	Software project focused on Grid Security for the Web, Web platforms for Grids. It provides a Delegation Service. http://www.gridsite.org/
GROMACS	Classical molecular dynamics application designed for simulations of large biomolecules. Open source. Highly popular among biophysicists. First published PGI use case. http://www.gromacs.org
GSI	Globus Security Infrastructure. It permits direct delegation of Globus proxies. Old versions of GSI do NOT accept RFC-3820-compliant X509 proxies. Only NEW versions of GSI (since version 4.0 approximately) accept RFC-3820-compliant X509 proxies.
GSI-style X509 proxy	Globus proxy.
GSS = GSSAPI	Generic Security Services Application Program Interface, as defined by RFC 5554 (IETF). http://tools.ietf.org/html/rfc5554
GT2	Globus Toolkit version 2 (Globus, non-WS)
GT4	Globus Toolkit version 4 (Globus, uses WS)
GUID	Globally Unique Identifier, which is a 128-bits implementation (often represented as 32 hexadecimal characters) of an Identifier with Global Uniqueness. http://en.wikipedia.org/wiki/Globally_Unique_Identifier

H

Term	Definition
Hosting environment	OGSA name for ExecutionEnvironment : Any environment in which a task can execute : for example a Web services execution environment, an operating system, etc.
HPC	High Performance Computing, generally involving tightly coupled parallel jobs, and mostly performed on supercomputers with low-latency interconnects. http://en.wikipedia.org/wiki/High-throughput_computing
HTC	High Throughput Computing, generally involving independent, sequential jobs, which may last several months. http://en.wikipedia.org/wiki/High-throughput_computing HTC can be performed on any large resource : Supercomputer, Service Grid (SG), Desktop Grid (DG).
HTTP	Hypertext Transfer Protocol—a text-based protocol that is commonly used for transferring information across the Internet. http://www.w3c.org/Protocols
HTTPG	HTTP secured using GSI
HTTPS	HTTP secured using SSL.

I

Term	Definition
ICE	Interface to Cream Environment (gLite)
ICT	Information and Communication Technology
Identifier with Global Uniqueness	Anything which uniquely identifies something on a global level. It MAY be implemented by GUID (128 bits), and MAY also be implemented by other means.
Identity	Attribute, such as a name, that allows one entity to be distinguished from all others.
IDGF	International Desktop Grid Federation. http://desktopgridfederation.org/
IETF	Internet Engineering Task Force. http://www.ietf.org/
IGE	Initiative for Globus in Europe : European project representing the interests of Globus users within Europe. http://www.ige-project.eu
IGTF	International Grid Trust Federation : Trust anchor for production grid security. http://www.igtf.net/
IIRM	Infrastructure Interoperability Reference Model
Information Model	Abstraction and representation of entities in a managed environment including properties, operations, and relationships. An information model is independent of implementation: that is, it is protocol-neutral, repository-independent, and platform-independent. An information model's level of specificity is varied, dependent on need. It can be described in a formal language such as UML or an informal natural language such as English. An information model is useful for designers to describe the managed environment, for administrators to understand the modeled objects, and for implementers as a guide to the functionality that can be described, limited by, and coded in the data models. CIM and GLUE are examples of object-oriented information model. For more information see RFC3444. http://www.apps.ietf.org/rfc/rfc3444.html
Interactive job	Simple job permitting or requiring direct client interaction with the computing resource.
Interface	Point of interaction between components, allowing them to function independently. http://en.wikipedia.org/wiki/Interface_(computer_science) Its specification is a precise description of the exchanged messages and of their sequence. http://en.wikipedia.org/wiki/Interface_(object-oriented_programming) Interoperability evidently requires standardization of client interfaces. But some functionalities also require standardization of backend interfaces (such as accounting records standardized by OGF in http://www.ogf.org/documents/GFD.98.pdf)
IRI	Internationalized Resource Identifier : an extension of the URI syntax to allow non-Latin characters, as defined in RFC 3987. http://www.apps.ietf.org/rfc/rfc3987.html
ITIL	Information Technology Infrastructure Library : Set of concepts and practices for Information Technology Services Management. http://en.wikipedia.org/wiki/ITIL It particularly applies to grid operation.
ITU-T	International Telecommunication Union, Telecommunication Standardization Sector. ITU-T Recommendations are defining elements in information and communication technology (ICT) infrastructure. http://www.itu.int/ITU-T/

J

Term	Definition
JDL	Job Description Language (gLite).
Job	A user-defined work unit which is scheduled to be carried out by an execution subsystem. Synonym of ComputingActivity. A job may be a Simple job, a Collection job, a Parameter sweep job, an Interactive job, a DAG job, … Execution services manage simple jobs, and MAY also manage other types of jobs.
Job ID	Identifier which the execution service associates to a submitted job and returns back to the job submitter. This job ID permits authorized clients to manage the job.
JSDL	Job Submission Description Language : A language for describing job submissions, including details of their required execution environments. It is defined by ‘Job Submission Description Language (JSDL) Specification, Version 1.0’. http://www.ogf.org/documents/GFD.136.pdf

K

Term	Definition

L

Term	Definition
LB	Logging and Bookkeeping (gLite). http://egee.cesnet.cz/mediawiki/index.php/Main_Page
LCG	LHC Computing Grid. http://lcg.web.cern.ch/LCG/
Legacy, Legacy program, Legacy file system	Pre-existing items which are still used, but NOT adequate anymore, because they are not standard compliant or rely strongly on assumptions which have become false, like : • Globus proxies, GRAM, … • Execution under human supervision, now replaced by execution inside a grid job, • Execution inside a single administrative domain, now replaced by execution inside a production grid federating separate administrative domains, • Usage of local files, now replaced by usage of remote grid files. In OGSA, “legacy” is often used to describe pre-existing items such as programs or file systems that must be grid-enabled before they can be used as grid resources.
Legacy CREAM	CREAM middleware using the GRAM protocol (gLite). To be verified.
Local storage	Storage location which is immediately accessible by a component without need of specific credentials. In particular, job payloads are often unable to directly access remote data locations, so that data staging is necessary.
Location	Geographical location where a certain Domain or Service is placed (GLUE).
Log record	Expression of an event for the purpose of persisting the event in a logging service.
Log service	See logging service.
Logging	Process permitting to keep trace, and to provide targeted display of actions performed by components, in particular their usage of resources. Logging data must be persistent. Standardization of its format eases interoperability. Examples of targeted display are ‘software component history’, ‘resource usage history’, and ‘job history across various components’.
Logging service	Intermediary service which serves as a persistent repository for log records.

M

Term	Definition
Manage	See management.
Manageability	Ability to manage a resource, or the ability of a resource to be managed.
Manageability interface	Interface through which a resource is managed.
Manageable resource	Resource that can be managed programmatically, either through a manageability interface or through some other mechanism such as a policy file.
Management	Process of taking administrative actions such as deploying, configuring, monitoring, metering, tuning, and/or troubleshooting resources, either manually or automatically.
Managed	See management.
Manager	Local software layer (not directly exposed via an endpoint) which has control of the underlying resources (GLUE). The functionalities of a manager layer which need to be accessible by remote users are typically abstracted by a middleware component via a standard interface, and are modeled by the concept of endpoint. Examples of managers are : for computing resources, batch systems such as OpenPBS or LSF; for storage resources, GPFS or HPSS. For OGSA, a manager is a software that manages manageable resources. A manager may or may not require a human operator.
Manual staging	Data staging performed manually by the job submitter in any direction between any location and the location defined by the execution service as local storage for the job. This requires that the job submitter receives this local storage location from the execution service during the job lifetime, and that the job is not really running at that time.
MappingPolicy	It expresses which UserDomains MAY consume a certain share of resources (GLUE).
Message	Self-contained unit of data that is transferred between a message producer and one or more message consumers.
Message consumer	Service that receives a message.
Message producer	Service that emits a message.
Messaging service	Service that transmits messages from message producers to message consumers.
Metadata	Data which describes data. Metadata may include references to schemas, provenance, and information quality.
MICS CA	Member Integrated Credential Services : An automated CA which issues (long-lived) X509 credentials to end entities based on an external primary source of identity (Example: CERN CA).
Middleware	Software which connects components. It sits ‘in the middle’ between application software which may be deployed on different operating systems. Its complexity requires professional software engineering. http://en.wikipedia.org/wiki/Middleware
MPI	Message Passing Interface : A standard API for implementing message-passing libraries. MPI libraries are generally used to coordinate activity within parallel applications. http://www.mpi-forum.org

N

Term	Definition
Name	Attribute used to identify an entity. • A human-oriented name is based on a naming scheme that is designed to be easily interpreted by humans (e.g. human-readable and human-parsable). • An abstract name is a persistent name suitable for machine processing that does not necessarily contain location information. Abstract names are bound to addresses. • An address specifies the location of an entity.
NAREGI	Japanese National Research Grid Initiative. http://www.naregi.org/index_e.html See RENKEI.
NDGF	Nordic DataGrid Facility : Grid infrastructure for academic computers, using the ARC middleware, and now part of EGI. http://www.ndgf.org/
NGI	National Grid Initiative : NGIs of European states contribute to EGI.
NorduGrid	Grid Research and Development collaboration aiming at development, maintenance and support of the free grid middleware known as the Advance Resource Connector (ARC). The collaboration is based on a Memorandum of Understanding. http://www.nordugrid.org
Notification	Asynchronous message communicating the details of an event to an interested party. Usage of notification permits components to avoid having to repeatedly poll services. Components wishing to receive notifications have to subscribe to a service delivering them.
NREN	National Research and Education Network. NRENs provide huge data transfer resources for scientific, academic and educational purposes, but NOT for business purposes.

O

Term	Definition
OASIS	Organization for the Advancement of Structured Information Standards. It is responsible in particular of SAML and XACML. http://www.oasis-open.org/
OGF	Open Grid Forum. http://www.ogf.org/
OGSA	Open Grid Services Architecture (OGF).
OGSA Basic Profile	An OGSA Basic Profile is a profile in the style of WS-Interoperability (WS I) that defines recommended usage of infrastructure-level standards for grid scenarios. OGSA services should utilize one such profile when a given infrastructure capability is needed. For example, if secure communication is required, OGSA services should use one of the OGSA Basic Security Profiles. For information about WS-I : http://ws-i.org
OGSA-BES	OGSA Basic Execution Service : SOAP-based specification for grid ‘service to initiate, monitor, and manage computational activities’ (jobs), using a state model (OGF). Specified in ‘OGSA® Basic Execution Service Version 1.0’. http://www.ogf.org/documents/GFD.108.pdf
OGSI	Open Grid Services Infrastructure (OGF).
OID	Object Identifier, used in particular to name object types in X509 certificates (Security).
OMII-UK	Open Middleware Infrastructure Institute. http://omii.ac.uk/
OMII-EU	Open Middleware Infrastructure Institute for Europe. http://www.omii-europe.org
OpenSSL	Open source implementation of the SSL and TLS protocols. http://www.openssl.org/ It accepts RFC-3820-compliant X509 proxies, but NOT Globus proxies, and does NOT perform direct delegation.
OSG	Open Science Grid : Grid Infrastructure in the USA for academic computers, using the VDT grid middleware. http://www.opensciencegrid.org/

P

Term	Definition
PAP	Policy Administration Point (part of the XACML authorization model) : Point which manages policies (Security).
Parameter sweep job	Container for independent simple jobs to be created dynamically, as specified by 'JSDL Parameter Sweep Job Extension'. http://www.ogf.org/documents/GFD.149.pdf This container receives its own job ID, permitting clients to manage the container as a whole.
Payload	Anything (Application, Script, Pilot Job, ...) executed by a resource on request of the activity. The payload MAY completely ignore that it is executed inside a grid activity.
PC	Proxy Certificate (Security).
PC chains	Proxy Certificate Chains (Security).
PDP	Policy Decision Point : Point which evaluates and issues authorization decisions (RFC 2904).
PEP	Policy Enforcement Point : Point which intercepts user's access request to a resource and enforces PDP's decision (RFC 2904).
PGI	Production Grid Infrastructure (OGF). Working Group focused on production grids. http://www.ogf.org/gf/group_info/view.php?group=pgi-wg
PIP	Policy Information Point (part of the XACML authorization model) : Point which can provide external information to a PDP, such as LDAP attribute information (Security).
PKC	Public Key Cryptography (Security).
PKI	Public Key Infrastructure (Security).
PMI	Privilege Management Infrastructure (ITU-T).
Policy	Statements, rules or assertions which specify the correct or expected behavior of an entity (GLUE). For example, AccessPolicy relates to Endpoints and MappingPolicy relates to Shares.
PRACE	Partnership for Advanced Computing in Europe : Pan-European Research Infrastructure for High Performance Computing (HPC). www.prace-project.eu/
Production grid	Grid infrastructure which can spread several administrative domains. Therefore, its security requirements are complex, require trust mechanisms between all administrative domains of the production grid. So, a production grid is often organized as a federation of its administrative domains. Academic production grids use NRENs. Therefore, they can be used for scientific, academic and educational purposes, but NOT for business purpose.
Profile	Normative document which aids development of interoperable software components by providing guidance on the use of a collection of specifications or other profiles.
Provisioning (and deployment)	Provisioning is the act of putting a resource or set of resources into a state such that it is available for use. Depending on the context of the operation, the provisioning process might include activities such as reservation and allocation. The term “provisioning” is commonly used in conjunction with or as an alternative to deployment. In contexts where the two are used together, provisioning is often regarded as the high-level process of gathering and readying all the necessary resources, while each lower-level process, such as allocating a server or installing and starting a software component, is referred to as deployment.
Proxy	Certificate (usually short-lived to lower security issues) authenticated by a another certificate, but NOT directly signed by a Certificate Authority. A proxy can contain additional attributes defined on the fly, such as VOMS extensions signed by a VOMS server. ATTENTION : Globus proxies created by GSI permit delegation by GSI, but are NOT compatible with RFC-3820-compliant X509 proxies.

Q

Term	Definition
QoS	Quality of Service : A measure of the level of service attained, such as security, network bandwidth, average response time or service availability.

R

Term	Definition
RA	Registration Authority : Responsible for identity vetting of all end-entities, which must contact the RA face-to-face and present photo-id and/or valid official documents (Security).
RENKEI	REsources liNKage for E-scIence : Japanese research and development project for new middleware technologies to enable the e-science community. RENKEI is a Japanese word meaning ‘federation’. http://www.e-sciren.org/
Reservation	Process of reserving resources for future use by a planned task.
Resource	Entity providing capabilities which are exposed via Endpoints. Examples are execution environments for computational activities or data stores for data (GLUE). In an OGSA grid, resources are accessed through services. In a grid context the term encompasses entities that provide a capability or capacity (e.g., servers, networks, disks, memory, applications, databases, IP addresses, and software licenses). Dynamic entities such as processes, print jobs, database query results and virtual organizations may also be represented and handled as resources. See http://www.w3.org/TR/2004/NOTE-ws-arch-20040211/#resource for the WS Architecture definition of this term.
Resource configuration	Process of adjusting the configurations of a set of resources to meet the requirements of the task to which they have been allocated. For example, configuration may involve setting appropriate parameters and storing policies for middleware, O/S, firmware and hardware. Resource configuration may be preceded by resource deployment.
Resource discovery	Process of searching for resources which match some criteria.
Resource lifecycle management	Process of managing resources allocated to a task, from the time of allocation until the time of release.
Resource management	Generic term for several forms of management that may be applied to resources. These include (but are not limited to) typical IT systems management activities.
Resource manager	Manager which implements one or more resource management functions.
RFC 2246	The Transport Layer Security (TLS) Protocol (Version 1.0). Obsoleted by RFC 5246
RFC 2459	Certificate and CRL Profile for Internet X.509 Public Key Infrastructure. Obsoleted by RFC 3280
RFC 2748	The COPS (Common Open Policy Service) Protocol. Obsoleted by RFC 4261
RFC 2903	Generic AAA Architecture (IETF). http://www.apps.ietf.org/rfc/rfc2903.html
RFC 2904	AAA Authorization Framework (IETF). http://www.apps.ietf.org/rfc/rfc2904.html
RFC 2905	AAA Authorization Application Examples (IETF). http://www.apps.ietf.org/rfc/rfc2905.html
RFC 2906	AAA Authorization Requirements (IETF). http://www.apps.ietf.org/rfc/rfc2906.html
RFC 3305	Uniform Resource Identifiers (URIs), URLs, and Uniform Resource Names (URNs) : Clarifications and Recommendations (IETF). http://www.apps.ietf.org/rfc/rfc3305.html
RFC 3198	Terminology for Policy-Based Management (IETF). http://www.apps.ietf.org/rfc/rfc3198.html
RFC 3280	Certificate and Certificate Revocation List (CRL) Profile for Internet X.509 Public Key Infrastructure (IETF). http://www.apps.ietf.org/rfc/rfc3280.html
RFC 3281	An Internet Attribute Certificate : Profile for Authorization (IETF). http://www.apps.ietf.org/rfc/rfc3281.html
RFC 3444	On the Difference between Information Models and Data Models (IETF). http://www.apps.ietf.org/rfc/rfc3444.html
RFC 3820	Proxy Certificate Profile for Internet X.509 Public Key Infrastructure (PKI) (IETF). http://www.apps.ietf.org/rfc/rfc3820.html
RFC 3986	Uniform Resource Identifier (URI): Generic Syntax (IETF). http://www.apps.ietf.org/rfc/rfc3986.html
RFC 3987	Internationalized Resource Identifiers: IRIs (IETF). http://www.apps.ietf.org/rfc/rfc3987.html
RFC 4122	Universally Unique Identifier (UUID) (IETF). http://www.apps.ietf.org/rfc/rfc4122.html
RFC 4261	Common Open Policy Service (COPS) over Transport Layer Security (TLS). It specifies a simple client/server model for supporting policy control (IETF). http://www.apps.ietf.org/rfc/rfc4261.html
RFC 4346	The Transport Layer Security (TLS) Protocol (Version 1.1). Obsoleted by RFC 5246
RFC 5246	The Transport Layer Security (TLS) Protocol (Version 1.2) (IETF). http://tools.ietf.org/html/rfc5246
RFC 5554	Generic Security Service Application Program Interface (GSS-API) for the Use of Channel Bindings (IETF). http://tools.ietf.org/html/rfc5554
RNS	Resource Namespace Service (OGF). RNS provides a basic directory service, mapping strings (paths) to WS-Addressing EPRs. RNS has functions to list, insert, and delete entries. http://www.ogf.org/documents/GFD.101.pdf

S

Term	Definition
SAML	Security Assertion Markup Language (OASIS). http://www.oasis-open.org/committees/download.php/16768/wss-v1.1-spec-os-SAML~TokenProfile.pdf
Scenario	Specific sequence or path of interactions, from initiation to goal, occurring within a particular environment and/or context. A use case may contain multiple scenarios. OGSA scenarios are high-level and described in a casual style.
SDO	Standard Developing Organization. Useful SDOs are OGF, IETF, W3C, OASIS
Service	Unique identification of instances of endpoint, share, manager, resource participating in the provision of some unified capability (GLUE). A service in the most general sense is an entity, usually composed of one or more software components, that provides functionality in response to client requests. A service is often a part of a service-oriented architecture, and participates in realizing one or more capabilities.
Service composition	Aggregation of multiple small services into larger services. http://www.serviceoriented.org
Service-oriented architecture (SOA)	This term is increasingly used to refer to an architectural style of building reliable distributed systems that deliver functionality as services, with the additional emphasis on loose coupling between interacting services. Note : An SOA can be based on Web services (which provide basic interoperability), but it may use other technologies instead.
Service provider	This term is generally synonymous with service. In some contexts it may refer to a person, organization or higher-level system responsible for making a service available to service requestors.
Service requestor	This term is generally synonymous with client. In some contexts it may refer to a person, organization or higher-level system that makes use of a service offered by a service provider.
SG	Service Grid : Federation of managed computing resources, offering a guaranteed Quality of Service according to a Service Level Agreement. Trust is based on the Authentication of Users and Resources. Often, grid Users PUSH jobs to Computing Resources, but pilot jobs PULL jobs from dedicated servers.
Share	Usage of service functionalities or resources constrained on aspects such as identify or UserDomain membership, usage information or resource characteristics (GLUE). For example, this is the part of a resource which is available for a VO.
Shibboleth	Architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on Security Assertion Markup Language (SAML). http://shibboleth.internet2.edu/
Simple job	Job whose description contains only 1 job executed by only 1 batch system, and NOT permitting or requiring direct client interaction with the computing resource. The job description MAY require multiple cores, multiple processors, MPI support, ...
SLA	Service Level Agreement : Contract between a provider and a consumer that specifies the level of service that is expected during the term of the contract. An SLA typically includes one or more service-level objectives specified in a service level definition. SLAs are used by vendors and customers, as well as internally by IT shops and their end users. They might specify availability requirements and response times for normal operations and for problem resolution (network down, machine failure, etc.), and they might stipulate the payment and/or penalties associated with meeting or failing to meet the agreed criteria. Derived from http://www.hostchart.com/webhostingterms.asp
SLC	Short Lived Credential (Security).
SLCS CA	Short Lived Credential Service: An automated CA which translates credentials (usually authentication tokens) issued from a large site or federation into the X.509 format suitable for use on Grids (with a lifetime less than 1Msec).
SLD	Service Level Definition
SOAP	An XML-based protocol for exchanging structured information in a decentralized, distributed environment. See http://www.w3.org/2000/xp/Group and http://www.w3.org/TR/soap12-part1/ for more information.
Software Engineering	Application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software. http://en.wikipedia.org/wiki/Software_engineering Scientific computing applications require mostly scientific algorithmic skills, whereas grid middleware really requires professional software engineering.
SRM	Storage Resource Manager (OGF). http://www.ogf.org/documents/GFD.129.pdf
SSL	Secure Sockets Layer : A communication protocol whose primary goal is to provide private and reliable communication between two applications. http://en.wikipedia.org/wiki/Secure_Sockets_Layer SSL is now renamed or replaced by TLS.
SSO	Single Sign-On (Security). SSO across different administrative domains can be achieved only if they belong to the same federation.
Stage-in	Data transfer(s) performed by the client or the execution service from a location NOT suitable for job execution (Client private area, Web, Tape, Storage resource with poor connectivity, ...) to a location suitable for job execution (Local disk on the computing resource, Storage resource with excellent connectivity to the computing resource). PGI does NOT cover Pre-stage-in (occurring before the submission of a job), but focuses on stage-in occurring during the lifetime of the job, with a corresponding entry in the JSDL.
Stage-out	Data transfer(s) performed by the client or the execution service from a location used by job execution (Local disk on the computing resource, Storage resource with excellent connectivity to the computing resource) to a location suitable for the client after job completion (Client private area, Web, Remote storage resource(s), ...). PGI does NOT cover Post-stage-out (occurring after the completion of a job), but focuses on stage-out occurring during the lifetime of the job, with a corresponding entry in the JSDL.
Staging	Shorthand for Data Staging.
Standard	Specification of an interface. De facto standards are widely used, but are NOT officially approved by any SDO. Official standards are approved by a SDO, but few of them are really used. A diagram presenting useful official and de facto standards is available at http://forge.gridforum.org/sf/go/doc15990?nav=1
State	An entity’s state is the combined values of its ‘interesting” attributes’. Interesting attributes are those for which external observers may see changes over time. Examples include the position of a switch, the price of a stock, or the amount of memory allocated to a process. Since not all attributes may be available or interesting to all possible observers, different observers may have different views of the state of an entity at a given time. A change in the value of an attribute is an event.
Storage resource	Resource which provides a physical or logical storage capability. Examples include storage devices, storage appliances, disk volumes and file systems.
Support functionalities	Functionalities which are NOT directly required by the end user, but which are in fact necessary for operation. Examples of such support functionalities are information, security, logging, accounting, monitoring, ...

T

Term	Definition
TLS	Transport Layer Security: a secure communication protocol. TLS is a successor to SSL, and offers additional security measures. TLS is defined by RFC 5246 (IETF) http://tools.ietf.org/html/rfc5246 See http://en.wikipedia.org/wiki/Transport_Layer_Security for discussion of this topic.
Trust	The willingness to take actions expecting beneficial outcomes, based on assertions by other parties (Security).
Trust authority	An entity that is trusted to issue specified assertions.
Trust management	Definition of trust authorities and specification of what they should be trusted to do.
Trust relationships	Polices that govern how entities in differing domains honor each other’s authorizations. An authority may be completely trusted (for example, any statement from the authority will be accepted as a basis for action) or there may be limited trust, in which case only statements in a specific range are accepted.

U

Term	Definition
UI	User Interface machine (gLite)
UML	Unified Modeling Language http://www.uml.org/ UML is a very useful tool of software engineering : It permits to create diagrams clearly showing Use cases, Requirements, Classes, Collaborations, Message Sequences, States, Deployments, Flow Charts, … which may be understood by engineers, criticized, improved, and then perhaps implemented.
UNICORE	Uniform Interface to Computing Resources : Grid middleware developed, supported and used by DEISA, SKIFGrid and other National Grid Initiatives (NGIs). http://www.unicore.eu/
UNICORE-BES	Implementation of the OGSA-BES recommendation inside UNICORE.
Unit of work	Synonym of ComputingActivity and Job.
UR	Usage Record, for Accounting (OGF). http://www.ogf.org/documents/GFD.98.pdf
URI	Uniform Resource Identifier : String used for identifying an abstract or physical resource. http://en.wikipedia.org/wiki/URI
URL	Uniform Resource Locator: URI specifying the address of an Internet resource. http://en.wikipedia.org/wiki/URL
Use case	Description of a system’s behavior as it responds to a request that originates from outside of that system. In other words, a use case describes ‘who’ can do ‘what’ with the system in question. The use case technique is used to capture a system's behavioral requirements by detailing scenario-driven threads through the functional requirements. http://en.wikipedia.org/wiki/Use_Case Use cases should NOT focus on user applications or on the internals of the described system, but on the boundaries of the system, on preconditions, on actors, stakeholders and participants, on the primary scenario of interactions between the actors and the system, and on postconditions.
User	End users are scientists, with various ICT and grid knowledge. For example : Application developers, Experienced application users, Scientists with no ICT knowledge using a scientific portal, ... Direct users of grids are various : Developers of scientific applications, Integrators of scientific applications for grids, Providers of scientific workflow engines, Providers of scientific portals, Site Administrators, VO Administrators, ...
UserDomain	Abstract concept for a Virtual Organization (GLUE)
UUID	Universally Unique Identifier, as defined by RFC 4122 (IETF). This is a specification for a 128-bits Identifier with Global Uniqueness (represented as 32 hexadecimal characters), often implemented as GUID. http://tools.ietf.org/html/rfc4122

V

Term	Definition
VDT	Virtual Data Toolkit : Grid middleware used by OSG. http://vdt.cs.wisc.edu//index.html
Virtualization	Virtualization uses a level of indirection to abstract the implementation details of one or more entities, enabling them to appear to their consumers in a more appropriate form. For example, a virtualized entity might present different interfaces from its underlying entities, a single entity might be partitioned and presented as a set of (lower-capacity) entities, or a set of discrete entities might be treated as a single aggregate entity.
Virtualize	See virtualization.
VO	Virtual Organization : One implementation of a UserDomain (GLUE). A virtual organization comprises a set of individuals and/or institutions having direct access to computers, software, data, and other resources for collaborative problem-solving or other purposes. VOs are a concept that supplies a context for operation of a grid that can be used to associate users, their requests, and a set of resources. The sharing of resources in a VO is necessarily highly controlled, with resource providers and consumers defining clearly and carefully just what is shared, who is allowed to share, and the conditions under which sharing occurs.
Volunteer computing	Form of desktop grid infrastructure where computing is performed on personal computers volunteered by their owners. This differs from institutional desktop grids because the computing resources are : • unaccountable and untrusted, • sporadically connected, • often behind NATs, firewalls, or HTTP proxies, • highly diverse in terms of hardware and software.
VOMS	VO Management Service.
VOMS AC	Attribute Certificate provided by a VOMS server (OGF). Its format is defined by an OGF draft at http://forge.gridforum.org/sf/go/doc13797?nav=1 referring to RFC 3280 and RFC 3281.
VOMS extensions	= VOMS-style AC = VOMS-style Attribute Certificates = X509 Attribute Certificates.
VOMS proxy	X509 proxy with VOMS extensions (OGF).
VRC	Virtual Research Community : Group of researchers sharing common interest. Some VRCs have already established a VO for grid usage, others have not done it yet.

W

Term	Definition
W3C	World Wide Web Consortium : International community where Member organizations, a full-time staff, and the public work together to develop Web standards. http://www.w3.org/ Web service Web services tend to fall into one of two camps : Big Web services using SOAP, and RESTful Web services. http://en.wikipedia.org/wiki/Web_service A simplified dependency graph of security related WS standards is available inside http://forge.gridforum.org/sf/go/doc15990?nav=1
WLCG	Worldwide LHC Computing Grid (LCG).
WSDL	Web Services Description Language—an XML-based language for describing Web services. See http://www.w3.org/TR/wsdl for more information.
WS	Web Service
WS-Addressing	Specification of transport-neutral mechanisms that allow web services to communicate addressing information. It essentially consists of two parts: a structure for communi¬cating a reference to a Web service endpoint, and a set of Message Addressing Properties which associate addressing information with a particular message (W3C). http://www.w3.org/Submission/2004/SUBM-ws-addressing-20040810/
WS-Naming	Specification profiling WS-Addressing in order to provide identities and name rebinding (OGF). http://www.ogf.org/documents/GFD.109.pdf
WS-Notification	Web Services Notification (OASIS). http://docs.oasis-open.org/wsn/wsn-1.3-os.zip Family of related specifications which define a standard Web services approach to notification using a topic-based publish/subscribe pattern.
WS-RF	Web Services Resource Framework (OASIS). It defines a generic and open framework for modeling and accessing stateful resources using Web services. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsrf
WS-Security	Web Services Security: SOAP Message Security 1.1 (OASIS). It describes enhancements to SOAP messaging to provide message integrity and confidentiality. It also provides a general-purpose mechanism for associating security tokens with message content. http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-errata-os-SOAP~MessageSecurity.pdf
WS-Trust	WS-Trust 1.3 (OASIS). It defines extensions that build on WS-Security to provide a framework for requesting and issuing security tokens, and to broker trust relationships. http://docs.oasis-open.org/ws-sx/ws-trust/v1.3/ws-trust.pdf

X

Term	Definition
X509	ITU-T standard for a public key infrastructure (PKI) for single sign-on (SSO) and Privilege Management Infrastructure (PMI). X509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm. http://www.itu.int/rec/T-REC-X.509/en
X509 certificate	X509 EEC (End Entity Certificate) directly signed by a certificate authority. This signature normally requires some time (human verification), so these full X509 certificates are NOT convenient to convey additional attributes defined on the fly.
X509 proxy	X509 certificate (usually short-lived to lower security issues) authenticated by a another X509 certificate, but NOT directly signed by a certificate authority. An X509 proxy can contain additional attributes defined on the fly, such as VOMS extensions signed by a VOMS server. ATTENTION : Globus proxies created by GSI permit delegation by GSI, but are NOT compatible with RFC-3820-compliant X509 proxies.
XACL = XACML	eXtensible Access Control Markup Language (OASIS). http://xml.coverpages.org/xacml.html
XML	eXtensible Markup Language : Flexible text format that is used for data exchange. http://www.w3.org/XML

Y

Term	Definition

Z

Term	Definition

Show Details