Project Home




Source Code


File Releases


Project Admin
Search Wiki Pages Project: pgi-wg     Wiki > Vocabulary > View Wiki Page
wiki2105: Vocabulary

PGI Vocabulary and Glossary of Acronyms and Terms

The purpose of this page is to provide :
– an expansion of acronyms and
– an unambiguous definition of terms
used in the context of a Production Grid.

It is based on the OGSA® Glossary of terms and the GLUE Specification v. 2.0.

It provides a minimum background information about Grids.
In presenting these expansions and definitions, we do NOT attempt to justify them, nor present the discussions that preceded them, but we encourage the reader to follow any supplied references for a more detailed discussion.

The root terms are :
– ‘Data Processing’, which means much more than computing,
– ‘Administrative domain’, which holds a security repository for client authorization and authentication,
– ‘Trust’, which permit interoperation between different administrative domains,
– ‘Federation’, where different administrative domains agree on standardization and mutual trust.

For each official or de facto standard mentioned, the corresponding defining organization follows inside parenthesis.
For some terms (in particular those defined by GLUE), the defining document also follows the definition inside parenthesis.
Links to appropriate web pages are given inline.


Term Definition
AAA Authentication, Authorization and Accounting, as defined by  RFC 2903,  RFC 2904,  RFC 2905,  RFC 2906  (IETF).
AAI Authentication and Authorization Infrastructure.  Example is X509.
AC Attribute Certificate  (RFC 3281).
AccessPolicy AccessPolicy express authorization rules, e.g. which UserDomains MAY access a certain service Endpoint  (GLUE).
Accounting Process permitting to keep trace, and to provide targeted display of quantified usage of resources by clients.
Accounting data must be persistent.  Standardization of its format eases interoperability.
Examples of targeted display are ‘overall usage of one resource’, and ‘client billing’.
Activity Unit of work which is submitted to a Service via an Endpoint  (GLUE).
Main example of Activity is a ComputingActivity, so Activity is often a used as shorthand for ComputingActivity (Job).
AdminDomain Collection of actors which manage a number of Services  (GLUE).
Administrative domain Service provider holding a security repository permitting to easily authenticate and authorize clients with credentials.
Interoperation between different administrative domains having different security reposi¬tories, different security software or different security policies is notoriously difficult.  Therefore, administrative domains wishing interoperation have to build a federation.
This concept is captured by GLUE as AdminDomain.
Allocated See allocation.
Allocation Process of assigning a set of resources for use by a job.
Application Program which is to be executed inside a job.
In most service grids, clients are authenticated, so they can submit any application.
In desktop grids, computing resources can NOT authenticate job submitters.  Therefore, the application itself has to be officially validated (that is analyzed and verified as harmless) and stored inside an application repository.
Application repository Secure repository holding validated applications.
Application repositories are required by desktop grids.
ARC Advanced Resource Connector :  Grid middleware developed and supported by NorduGrid collaboration, and used by NDGF.
A-REX ARC Resource-coupled EXecution service :  BES compatible computing service of ARC middleware.
ARGUS XACML-based authorization service developed and maintained by EGI and EMI.
AUTHN Authentication :  Process of ensuring that a credential is valid and belongs to the entity that presents it.  Examples of types of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called).
AUTHZ Authorization :  Determination whether a particular entity has the rights to perform a given activity.
Automatic staging Data staging performed automatically by the execution service in any direction between local storage for the job and a location provided by the job submitter.
This requires that the job submitter provides to the execution service (potentially delegated) credentials permitting data access.  For stage-in, this also requires that the data is already in the specified location before job submission.
These preparation steps permit to avoid manual staging.


Term Definition
Backend interface Interface which is normally NOT seen by clients, but which permits interoperability between different implementations of functionalities using the same persistent resource.
For example, standardization of the format of accounting records permits an accounting program of a grid infrastructure to correctly process accounting records generated in another grid infrastructure by jobs forwarded there for execution.
BES Shorthand for OGSA-BES.
BOINC Berkeley Open Infrastructure for Network Computing :
Grid middleware for desktop grids.


Term Definition
CA Certificate Authority :  Entity which issues digital certificates for use by other parties.  It is an example of a trusted third party  (RFC 3280).
Campus grid Data processing infrastructure which does NOT spread several administrative domains.  Therefore, its security requirements are simple and are easily fulfilled by local accounts.
Capability Ability to execute a specified course of action.
CE Computing Element  (EGI)
CIM Common Information Model :  An object-oriented model for system management, published by the Distributed Management Task Force (DMTF).
It is mentioned here because GLUE, the OGF recommendation for the information model permitting to describe grid entities, is NOT compliant to CIM.
CIS Credential Issuing Service  (Security)
Client In a service-oriented architecture, a client is a software component or other program unit that makes use of the capabilities offered by a service.
In a grid context, a client is a holder of credentials belonging to a member of a GLUE UserDomain.
Client interface Interface which is directly used by clients.  Thus, it is a candidate for standardization.
Cloud Data processing infrastructure providing an extensive integrated client interface permitting information discovery, data management, job management, logging, accounting and monitoring.
Most clouds are enclosed inside a single administrative domain, do NOT provision communication between different administrative domains, and provide limited security.
CMMI-DEV Capability Maturity Model Integration for Development :  Process improvement approach that helps organizations improve their performance, in particular for software engineering.
Collection job Container for a limited number of explicitly described independent simple jobs.  This container receives its own job ID, permitting clients to manage the collection as a whole.
Component An interchangeable part of a system that encapsulates its contents and defines its behavior in terms of its public interfaces.
Computing Running a program.  This is only a tiny part of data processing.
ComputingActivity Single (but possibly multi-processor) job  (GLUE).
Computing grid Legacy shorthand for ‘Distributed data processing infrastructure’.
Contact Contact information for different groups or expert roles responsible for aspects of the operation of Services and Domains, e.g., user support, security or sysadmin  (GLUE).
Context The conditions and circumstances under which an operation takes place.  For example:
• In programming languages a calling context is a set of bindings of values to variables.
• A VO is a possible context for a request to a service.
• A security context is a set of credentials under which execution can occur.
COPS Common Open Policy Service. It specifies a simple client/server model for supporting policy control as defined by RFC 4261 (IETF).
CREAM Computing Resource Execution And Management :  gLite Computing Element.
CSIRT Computer Security Incident Response Team  (Security).
CVS Credential Validation Service  (Security)


Term Definition
Data access A mechanism that allows an entity to identify a subset of the data held by a data resource and to update that subset, return it to the requesting entity, or make it available for transfer elsewhere.
Data catalog Registry which stores data descriptions of data services or of the data resources they represent.  This is sometimes called a ‘metadata catalog’.
DAG Directed Acyclic Graph :  Directed graph with NO directed cycles.
DAG job DAG workflow of a limited number of explicitly described simple jobs.  This DAG workflow receives its own job ID, permitting clients to manage the collection as a whole.
Data consistency An instance of data in a resource in a distributed system is said to be ‘consistent’ with one or more other instances of that data elsewhere in the system if it is up-to-date with respect to those instances.
In a given system, a policy may define the rules for determining the extent to which data is up-to-date, and for maintaining that degree of consistency.
Data federation In OGSA, data federation refers to the logical integration of multiple data services or data resources so that they can be accessed as if they were a single service.
Data format The encoding, structure, classification and organization of data in a data resource or message.
Data management service In OGSA, the capability concerned with the storage, description, access, update, location, transfer and other management of data.
Data model A mapping of the contents of an information model into a form that is specific to a particular type of repository, protocol, platform, etc.  It is a rendering of an information model according to a specific set of mechanisms for representing, organizing, storing and handling data.
There are typically three parts :
• A collection of data structures such as lists, tables, and relations;
• A collection of operations that can be applied to the structures such as retrieval, update, and summation;
• A collection of integrity rules that define the legal values or changes of state (operations on values).
The audience for a data model is implementers.  The WBEM initiative is an example of an instantiation of CIM as a data model.
For more information see RFC 3444  (IETF).
Data processing Whole management of data, encompassing data extraction from scientific instruments, data storage, metadata management, computing, …
Data replication Maintenance of one or more copies (replicas) of data such that the replicas are kept up-to-date with any changes in that data.
See OGSA Data Architecture for more information.
Data resource Entity (and its associated framework) which provides a data access mechanism or can act as a data source or data sink.
Data service Service which provides interfaces to the capabilities and data of one or more data resources within a service-oriented architecture.
Data set An encoding of data in a defined syntax suitable for externalization outside of a data service.  For example, for data transfer to or from another data service.
Examples include a WebRowSet encoding of an SQL query result set, a JPEG-encoded byte array, and a ZIP-encoded byte array of a set of files.
Data sink Data resource that receives the data transferred by a data transfer mechanism from a data source.
Data source Data resource that contains or generates data to be transferred to a data sink via a data transfer mechanism.
Data staging Transfer of data to a specified location in preparation for an activity, e.g., running a job on an execution resource, or the transfer to another location of data resulting from an activity.
PGI does NOT cover Pre-staging (occurring before the submission of a job) and Post-staging (occurring after the completion of a job), but focuses on file transfers occurring during the lifetime of the job, with a corresponding entry in the JSDL.
Data transfer Mechanism to transfer data from a data source to a data sink.
dCache Grid middleware for data management, now maintained by EMI.
DCI Distributed Computing Infrastructure (wording for Computing Grid by the European Commission).
DEGISCO Desktop Grids for International Scientific Collaboration :  European project for technical dissemination and infrastructure extension :
Its aim is the further extension to 'International Cooperation Partner Countries' (ICPC) of the European 'Distributed Computing Infrastructure' (DCI) which is already interconnected to desktop grids by the '3G Bridge' infrastructure.
DEISA Distributed European Infrastructure for Supercomputing Applications :  Grid infrastructure project for academic supercomputers.
Delegation Transfer of rights and privileges to another party  (Security).
GSI performs direct delegation of Globus proxies (which do NOT comply to RFC 3820).
GridSite Delegation described at is a service permitting delegation of X509 proxies, and is used by gLite as described at
Distributed data processing Better wording for Grid computing.
Data processing using distributed resources.  These distributed resources  may be enclosed in a single administrative domain (campus grid, cloud) or may be spread over different administrative domains (desktop grids, production grids, service grids).
In this last case, the different administrative domains need to form a federation.
Distributed data processing infrastructure Better wording for Grid, Computing Grid and DCI.
Infrastructure for distributed data processing, permitting clients to submit data processing activities to (potentially) remote resources.  This encompasses NOT only data and computing resources, but also security setups, information discovery, logging, accounting, monitoring, operational staff, documentation, training, …
It may be enclosed in a single administrative domain, like a campus grid or a cloud.
It may also be a federation of different administrative domains, like a desktop grid, a production grid or a service grid.
DG Desktop Grid :  Loose opportunistic grid using idle computing resources (often desktop computers owned by volunteers).
No single desktop resource can guarantee any QoS, but a large desktop grid as a whole can provide a guaranteed QoS.
Trust is based on the certification of applications.
Most often, computing resources PULL jobs from desktop grid servers.
Domain Abstract group of actors playing a role in a grid system.  Examples of instantiation are AdminDomain and UserDomain  (GLUE).
DoS Denial of Service :  A form of attack on a computer system that results in some part of the system being prevented from providing its normal level of service to its users  (Security).


Term Definition
EDGeS Enabling Desktop Grids for e-Science :  Now finished European project for technology, infrastructure and dissemination :  Its aim was to create and operate an integrated grid infrastructure that seamlessly integrates :
• a variety of desktop grids (powered in particular by BOINC and XtremWeb-HEP) on the one hand,
• service grids powered by the gLite middleware (such as EGEE) on the other hand.
EDGI European Desktop Grid Infrastructure :  European project for technology and infrastructure :  Its aim is to support the user communities of European Grid Initiative and National Grid Initiatives which :
• are heavy users of Distributed Computing Infrastructures,
• require an extremely large number of CPUs and cores.
For this aim, EDGI is developing middleware which consolidates the results achieved in the EDGeS project concerning the extension of service grids with desktop grids.
EEC End Entity Certificate, for example User or Server Certificate, as opposed to CA Certificate  (Security).
EGEE Enabling Grids for E-sciencE :  European project of grid infrastructure for academic computers, now being replaced by EGI.
EGI European Grid Infrastructure:  Grid infrastructure for academic computers.
EGI is a sustainable continuation of EGEE, and contains NDGF.
EGI-InSPIRE European project started on 1 May 2010 and funding EGI during 4 years.
EMI European Middleware Initiative :  European project of grid middleware, having to manage and make compatible ARC, gLite, Unicore and dCache, for usage by EGI and PRACE.
Endpoint, End point Network location that can be contacted to access certain functionalities based on a well-defined interface  (GLUE).
Entity Any nameable thing.  For example, in OGSA an entity might be a resource or a service.
EPI End Point Identifier :  URI that is unique in space and time.  Clients can compare the EPIs contained in two or more EPRs.  If the EPIs are the same, the EPRs are said to point to the same entity  (WS-Naming).
EPR Endpoint reference :  A WS-Addressing construct that identifies a message destination.  In WSRF an EPR conveys the information needed to identify or reference a stateful resource.
e-Science Computationally intensive science that is carried out in highly distributed network environments, or science that uses immense data sets that require grid computing.
ETSI European Telecommunications Standards Institute.
Event Anything that occurs in or to an IT system that is potentially interesting to a person, to some other part of the same system, or to an external system, may be considered to be an event.
Information about an event may be expressed as a log record and stored in a log service.  It may also be communicated to other interested services through a notification message.
ExecutionEnvironment Hardware and operating system environment in which a job will run.  It represents a set of homogeneous Worker Nodes, so if a computing system contains nodes with significantly different properties, there MAY be several ExecutionEnvironment instances.  This implies that it should be possible to request a specific environment when a job is submitted  (GLUE).  See also Hosting environment.
Execution Service Grid service publishing Endpoint(s) permitting clients to submit jobs.  An execution service is responsible for the execution of the jobs which it receives.  An execution service MAY perform brokering to find the most adequate computing resource (which MAY be another execution service), and forward the job to it.
An execution service manages jobs, which are transient entities, but also has to write down logging and accounting records, which must be persistent.


Term Definition
Failure State in which a service or other entity is not correctly meeting its specified behavior.
Failure recovery Restoration of a service or other entity to its specified behavior.
Recovery might be effected either by correcting the failure condition or by routing subsequent requests to an alternate entity that is capable of providing the same service.
Fault Exceptional but anticipated behavior
File path String in some directory system that can be bound to some file (or pseudo-file)—for example, /home/mydir/data.
Usually a file path on one machine is invalid or resolves to a different file on other machines (in the absence of some sort of distributed file system).
Federation Multiple computing and/or network providers agreeing upon standards of operation in a collective fashion.
The primary standard is mutual trust.  A production grid is a federation of its administrative domains, with IGTF as trust anchor.
FQAN Fully Qualified Attribute Name
FTP File Transfer Protocol


Term Definition
GCM Grid Component Model  (ETSI).
In fact, GLUE is much more relevant.
Genesis II Grid middleware developed by University of Virginia.
GIN Grid Interoperability Now :  Community Group  (OGF).
gLexec Grid security program which acts as a light-weight 'gatekeeper'.  gLExec takes grid credentials as input.  gLExec takes the local site policy into account to authenticate and authorize the credentials.
gLite Grid middleware developed and used by EGEE, now maintained by EMI and used by EGI.  gLite currently uses an old version of GSI, which accepts Globus proxies, but does NOT accept RFC-3820-compliant X509 proxies.
Globus Organization developing grid middleware used in US and within EGI in Europe.
In particular, it created the Globus Toolkit, with Globus proxies and the GRAM protocol.
Globus proxy Proxy Certificate which does NOT comply with RFC 3820  (Globus).
Globus proxies are accepted ONLY by GSI libraries, which also know how to achieve direct delegation of Globus proxies.
Globus GSSAPI Globus implementation of GSSAPI  (Globus).  Old versions are INCOMPATIBLE with the OpenSSL implementation.  Only NEW versions (since version 4.0 approximately) also accept RFC-3820-compliant X509 proxies.
GLUE The GLUE specification is an information model for Grid entities described using the natural language and UML Class Diagrams  (OGF).
GRAM Grid Resource Allocation and Management  (Globus) :
Protocol for job submission and management.  NOT compliant to BES.
Grid Shorthand for distributed data processing infrastructure.
An OGSA grid is a system that is concerned with the integration, virtualization, and management of services and resources in a distributed, heterogeneous environment that supports collections of users and resources (virtual organizations) across traditional administrative and organizational domains (real organizations).
Less formally, a grid computing environment combines distributed pools of resources onto which applications or services may be dynamically provisioned and re-provisioned, to improve economy, efficiency, agility, performance, scaling, resilience and utilization. The contributed resources are often consolidated from numerous smaller pools, where they may have been under-utilized, and as a result grids tend to be heterogeneous.
Grids offer great flexibility, as resources can be re-purposed or re provisioned in line with an organization’s changing goals.  They typically focus on services rather than components, and are built using architectural styles such as service-oriented architecture, which are disaggregated or distributed in nature and can leverage the properties of the available resources.  Key requirements for successful grid implementa¬tion and management include standardization of the interfaces of common components, and the use of standardized information models, security models and data models.
Grid computing Legacy shorthand for Distributed data processing.
Grid computing is related to, but subtly different from, Utility computing.
Grid infrastructure Legacy shorthand for Distributed data processing infrastructure.
GridSAM A job management service provided by OMII-UK that implements OGSA-BES.
GridSite Software project focused on Grid Security for the Web, Web platforms for Grids.  It provides a Delegation Service.
GROMACS Classical molecular dynamics application designed for simulations of large biomolecules.  Open source.  Highly popular among biophysicists.  First published PGI use case.
GSI Globus Security Infrastructure.  It permits direct delegation of Globus proxies.  Old versions of GSI do NOT accept RFC-3820-compliant X509 proxies.  Only NEW versions of GSI (since version 4.0 approximately) accept RFC-3820-compliant X509 proxies.
GSI-style X509 proxy Globus proxy.
GSS = GSSAPI Generic Security Services Application Program Interface, as defined by RFC 5554 (IETF).
GT2 Globus Toolkit version 2  (Globus, non-WS)
GT4 Globus Toolkit version 4  (Globus, uses WS)
GUID Globally Unique Identifier, which is a 128-bits implementation (often represented as 32 hexadecimal characters) of an Identifier with Global Uniqueness.


Term Definition
Hosting environment OGSA name for ExecutionEnvironment :
Any environment in which a task can execute :  for example a Web services execution environment, an operating system, etc.
HPC High Performance Computing, generally involving tightly coupled parallel jobs, and mostly performed on supercomputers with low-latency interconnects.
HTC High Throughput Computing, generally involving independent, sequential jobs, which may last several months.
HTC can be performed on any large resource :  Supercomputer,  Service Grid (SG),  Desktop Grid (DG).
HTTP Hypertext Transfer Protocol—a text-based protocol that is commonly used for transferring information across the Internet.
HTTPG HTTP secured using GSI
HTTPS HTTP secured using SSL.


Term Definition
ICE Interface to Cream Environment (gLite)
ICT Information and Communication Technology
Identifier with Global Uniqueness Anything which uniquely identifies something on a global level.  It MAY be implemented by GUID (128 bits), and MAY also be implemented by other means.
Identity Attribute, such as a name, that allows one entity to be distinguished from all others.
IDGF International Desktop Grid Federation.
IETF Internet Engineering Task Force.
IGE Initiative for Globus in Europe :  European project representing the interests of Globus users within Europe.
IGTF International Grid Trust Federation :  Trust anchor for production grid security.
IIRM Infrastructure Interoperability Reference Model
Information Model Abstraction and representation of entities in a managed environment including properties, operations, and relationships.
An information model is independent of implementation: that is, it is protocol-neutral, repository-independent, and platform-independent.
An information model's level of specificity is varied, dependent on need.  It can be described in a formal language such as UML or an informal natural language such as English.
An information model is useful for designers to describe the managed environment, for administrators to understand the modeled objects, and for implementers as a guide to the functionality that can be described, limited by, and coded in the data models.
CIM and GLUE are examples of object-oriented information model.
For more information see RFC3444.
Interactive job Simple job permitting or requiring direct client interaction with the computing resource.
Interface Point of interaction between components, allowing them to function independently.
Its specification is a precise description of the exchanged messages and of their sequence.
Interoperability evidently requires standardization of client interfaces.
But some functionalities also require standardization of backend interfaces (such as accounting records standardized by OGF in
IRI Internationalized Resource Identifier :  an extension of the URI syntax to allow non-Latin characters, as defined in RFC 3987.
ITIL Information Technology Infrastructure Library :  Set of concepts and practices for Information Technology Services Management.
It particularly applies to grid operation.
ITU-T International Telecommunication Union, Telecommunication Standardization Sector.  ITU-T Recommendations are defining elements in information and communication technology (ICT) infrastructure.


Term Definition
JDL Job Description Language  (gLite).
Job A user-defined work unit which is scheduled to be carried out by an execution subsystem.  Synonym of ComputingActivity.
A job may be a Simple job, a Collection job, a Parameter sweep job, an Interactive job, a DAG job, …
Execution services manage simple jobs, and MAY also manage other types of jobs.
Job ID Identifier which the execution service associates to a submitted job and returns back to the job submitter.  This job ID permits authorized clients to manage the job.
JSDL Job Submission Description Language :  A language for describing job submissions, including details of their required execution environments.  It is defined by ‘Job Submission Description Language (JSDL) Specification, Version 1.0’.


Term Definition


Term Definition
LB Logging and Bookkeeping  (gLite).
LCG LHC Computing Grid.
Legacy, Legacy program, Legacy file system Pre-existing items which are still used, but NOT adequate anymore, because they are not standard compliant or rely strongly on assumptions which have become false, like :
• Globus proxies,  GRAM,  …
• Execution under human supervision, now replaced by execution inside a grid job,
• Execution inside a single administrative domain, now replaced by execution inside a production grid federating separate administrative domains,
• Usage of local files, now replaced by usage of remote grid files.
In OGSA, “legacy” is often used to describe pre-existing items such as programs or file systems that must be grid-enabled before they can be used as grid resources.
Legacy CREAM CREAM middleware using the GRAM protocol  (gLite).  To be verified.
Local storage Storage location which is immediately accessible by a component without need of specific credentials.  In particular, job payloads are often unable to directly access remote data locations, so that data staging is necessary.
Location Geographical location where a certain Domain or Service is placed  (GLUE).
Log record Expression of an event for the purpose of persisting the event in a logging service.
Log service See logging service.
Logging Process permitting to keep trace, and to provide targeted display of actions performed by components, in particular their usage of resources.
Logging data must be persistent.  Standardization of its format eases interoperability.
Examples of targeted display are ‘software component history’, ‘resource usage history’, and ‘job history across various components’.
Logging service Intermediary service which serves as a persistent repository for log records.


Term Definition
Manage See management.
Manageability Ability to manage a resource, or the ability of a resource to be managed.
Manageability interface Interface through which a resource is managed.
Manageable resource Resource that can be managed programmatically, either through a manageability interface or through some other mechanism such as a policy file.
Management Process of taking administrative actions such as deploying, configuring, monitoring, metering, tuning, and/or troubleshooting resources, either manually or automatically.
Managed See management.
Manager Local software layer (not directly exposed via an endpoint) which has control of the underlying resources  (GLUE).
The functionalities of a manager layer which need to be accessible by remote users are typically abstracted by a middleware component via a standard interface, and are modeled by the concept of endpoint.
Examples of managers are :  for computing resources, batch systems such as OpenPBS or LSF;  for storage resources, GPFS or HPSS.
For OGSA, a manager is a software that manages manageable resources.  A manager may or may not require a human operator.
Manual staging Data staging performed manually by the job submitter in any direction between any location and the location defined by the execution service as local storage for the job.
This requires that the job submitter receives this local storage location from the execution service during the job lifetime, and that the job is not really running at that time.
MappingPolicy It expresses which UserDomains MAY consume a certain share of resources  (GLUE).
Message Self-contained unit of data that is transferred between a message producer and one or more message consumers.
Message consumer Service that receives a message.
Message producer Service that emits a message.
Messaging service Service that transmits messages from message producers to message consumers.
Metadata Data which describes data.  Metadata may include references to schemas, provenance, and information quality.
MICS CA Member Integrated Credential Services :  An automated CA which issues (long-lived) X509 credentials to end entities based on an external primary source of identity (Example: CERN CA).
Middleware Software which connects components.  It sits ‘in the middle’ between application software which may be deployed on different operating systems.  Its complexity requires professional software engineering.
MPI Message Passing Interface :  A standard API for implementing message-passing libraries.  MPI libraries are generally used to coordinate activity within parallel applications.


Term Definition
Name Attribute used to identify an entity.
• A human-oriented name is based on a naming scheme that is designed to be easily interpreted by humans (e.g. human-readable and human-parsable).
• An abstract name is a persistent name suitable for machine processing that does not necessarily contain location information.  Abstract names are bound to addresses.
• An address specifies the location of an entity.
NAREGI Japanese National Research Grid Initiative.
NDGF Nordic DataGrid Facility :  Grid infrastructure for academic computers, using the ARC middleware, and now part of EGI.
NGI National Grid Initiative :  NGIs of European states contribute to EGI.
NorduGrid Grid Research and Development collaboration aiming at development, maintenance and support of the free grid middleware known as the Advance Resource Connector (ARC).  The collaboration is based on a Memorandum of Understanding.
Notification Asynchronous message communicating the details of an event to an interested party.
Usage of notification permits components to avoid having to repeatedly poll services.
Components wishing to receive notifications have to subscribe to a service delivering them.
NREN National Research and Education Network.
NRENs provide huge data transfer resources for scientific, academic and educational purposes, but NOT for business purposes.


Term Definition
OASIS Organization for the Advancement of Structured Information Standards. It is responsible in particular of SAML and XACML.
OGF Open Grid Forum.
OGSA Open Grid Services Architecture  (OGF).
OGSA Basic Profile An OGSA Basic Profile is a profile in the style of WS-Interoperability (WS I) that defines recommended usage of infrastructure-level standards for grid scenarios.  OGSA services should utilize one such profile when a given infrastructure capability is needed.
For example, if secure communication is required, OGSA services should use one of the OGSA Basic Security Profiles.
For information about WS-I :
OGSA-BES OGSA Basic Execution Service :  SOAP-based specification for grid ‘service to initiate, monitor, and manage computational activities’ (jobs), using a state model  (OGF).
Specified in ‘OGSA® Basic Execution Service Version 1.0’.
OGSI Open Grid Services Infrastructure  (OGF).
OID Object Identifier, used in particular to name object types in X509 certificates  (Security).
OMII-UK Open Middleware Infrastructure Institute.
OMII-EU Open Middleware Infrastructure Institute for Europe.
OpenSSL Open source implementation of the SSL and TLS protocols.
It accepts RFC-3820-compliant X509 proxies, but NOT Globus proxies, and does NOT perform direct delegation.
OSG Open Science Grid :  Grid Infrastructure in the USA for academic computers, using the VDT grid middleware.


Term Definition
PAP Policy Administration Point (part of the XACML authorization model) :  Point which manages policies  (Security).
Parameter sweep job Container for independent simple jobs to be created dynamically, as specified by 'JSDL Parameter Sweep Job Extension'.
This container receives its own job ID, permitting clients to manage the container as a whole.
Payload Anything (Application, Script, Pilot Job, ...) executed by a resource on request of the activity.  The payload MAY completely ignore that it is executed inside a grid activity.
PC Proxy Certificate  (Security).
PC chains Proxy Certificate Chains  (Security).
PDP Policy Decision Point :  Point which evaluates and issues authorization decisions  (RFC 2904).
PEP Policy Enforcement Point :  Point which intercepts user's access request to a resource and enforces PDP's decision  (RFC 2904).
PGI Production Grid Infrastructure  (OGF).  Working Group focused on production grids.
PIP Policy Information Point (part of the XACML authorization model) : Point which can provide external information to a PDP, such as LDAP attribute information  (Security).
PKC Public Key Cryptography  (Security).
PKI Public Key Infrastructure  (Security).
PMI Privilege Management Infrastructure  (ITU-T).
Policy Statements, rules or assertions which specify the correct or expected behavior of an entity  (GLUE).
For example, AccessPolicy relates to Endpoints and MappingPolicy relates to Shares.
PRACE Partnership for Advanced Computing in Europe :  Pan-European Research Infrastructure for High Performance Computing (HPC).
Production grid Grid infrastructure which can spread several administrative domains.
Therefore, its security requirements are complex, require trust mechanisms between all administrative domains of the production grid.
So, a production grid is often organized as a federation of its administrative domains.
Academic production grids use NRENs.  Therefore, they can be used for scientific, academic and educational purposes, but NOT for business purpose.
Profile Normative document which aids development of interoperable software components by providing guidance on the use of a collection of specifications or other profiles.
Provisioning (and deployment) Provisioning is the act of putting a resource or set of resources into a state such that it is available for use.  Depending on the context of the operation, the provisioning process might include activities such as reservation and allocation.
The term “provisioning” is commonly used in conjunction with or as an alternative to deployment.  In contexts where the two are used together, provisioning is often regarded as the high-level process of gathering and readying all the necessary resources, while each lower-level process, such as allocating a server or installing and starting a software component, is referred to as deployment.
Proxy Certificate (usually short-lived to lower security issues) authenticated by a another certificate, but NOT directly signed by a Certificate Authority.  A proxy can contain additional attributes defined on the fly, such as VOMS extensions signed by a VOMS server.  ATTENTION :  Globus proxies created by GSI permit delegation by GSI, but are NOT compatible with RFC-3820-compliant X509 proxies.


Term Definition
QoS Quality of Service :  A measure of the level of service attained, such as security, network bandwidth, average response time or service availability.


Term Definition
RA Registration Authority :  Responsible for identity vetting of all end-entities, which must contact the RA face-to-face and present photo-id and/or valid official documents  (Security).
RENKEI REsources liNKage for E-scIence :  Japanese research and development project for new middleware technologies to enable the e-science community.
RENKEI is a Japanese word meaning ‘federation’.
Reservation Process of reserving resources for future use by a planned task.
Resource Entity providing capabilities which are exposed via Endpoints.  Examples are execution environments for computational activities or data stores for data  (GLUE).
In an OGSA grid, resources are accessed through services.
In a grid context the term encompasses entities that provide a capability or capacity (e.g., servers, networks, disks, memory, applications, databases, IP addresses, and software licenses).  Dynamic entities such as processes, print jobs, database query results and virtual organizations may also be represented and handled as resources.
See for the WS Architecture definition of this term.
Resource configuration Process of adjusting the configurations of a set of resources to meet the requirements of the task to which they have been allocated. 
For example, configuration may involve setting appropriate parameters and storing policies for middleware, O/S, firmware and hardware.
Resource configuration may be preceded by resource deployment.
Resource discovery Process of searching for resources which match some criteria.
Resource lifecycle management Process of managing resources allocated to a task, from the time of allocation until the time of release.
Resource management Generic term for several forms of management that may be applied to resources.  These include (but are not limited to) typical IT systems management activities.
Resource manager Manager which implements one or more resource management functions.
RFC 2246 The Transport Layer Security (TLS) Protocol (Version 1.0).  Obsoleted by RFC 5246
RFC 2459 Certificate and CRL Profile for Internet X.509 Public Key Infrastructure.  Obsoleted by RFC 3280
RFC 2748 The COPS (Common Open Policy Service) Protocol.  Obsoleted by RFC 4261
RFC 2903 Generic AAA Architecture  (IETF).
RFC 2904 AAA Authorization Framework  (IETF).
RFC 2905 AAA Authorization Application Examples  (IETF).
RFC 2906 AAA Authorization Requirements  (IETF).
RFC 3305 Uniform Resource Identifiers (URIs), URLs, and Uniform Resource Names (URNs) :  Clarifications and Recommendations  (IETF).
RFC 3198 Terminology for Policy-Based Management  (IETF).
RFC 3280 Certificate and Certificate Revocation List (CRL) Profile for Internet X.509 Public Key Infrastructure  (IETF).
RFC 3281 An Internet Attribute Certificate :  Profile for Authorization  (IETF).
RFC 3444 On the Difference between Information Models and Data Models  (IETF).
RFC 3820 Proxy Certificate Profile for Internet X.509 Public Key Infrastructure (PKI)  (IETF).
RFC 3986 Uniform Resource Identifier (URI): Generic Syntax  (IETF).
RFC 3987 Internationalized Resource Identifiers: IRIs  (IETF).
RFC 4122 Universally Unique Identifier (UUID)  (IETF).
RFC 4261 Common Open Policy Service (COPS) over Transport Layer Security (TLS).  It specifies a simple client/server model for supporting policy control  (IETF).
RFC 4346 The Transport Layer Security (TLS) Protocol (Version 1.1).  Obsoleted by RFC 5246
RFC 5246 The Transport Layer Security (TLS) Protocol (Version 1.2)  (IETF).
RFC 5554 Generic Security Service Application Program Interface (GSS-API) for the Use of Channel Bindings  (IETF).
RNS Resource Namespace Service  (OGF).  RNS provides a basic directory service, mapping strings (paths) to WS-Addressing EPRs.  RNS has functions to list, insert, and delete entries.


Term Definition
SAML Security Assertion Markup Language  (OASIS).
Scenario Specific sequence or path of interactions, from initiation to goal, occurring within a particular environment and/or context.  A use case may contain multiple scenarios.
OGSA scenarios are high-level and described in a casual style.
SDO Standard Developing Organization.
Useful SDOs are OGF, IETF, W3C, OASIS
Service Unique identification of instances of endpoint, share, manager, resource participating in the provision of some unified capability  (GLUE).
A service in the most general sense is an entity, usually composed of one or more software components, that provides functionality in response to client requests.
A service is often a part of a service-oriented architecture, and participates in realizing one or more capabilities.
Service composition Aggregation of multiple small services into larger services.
Service-oriented architecture (SOA) This term is increasingly used to refer to an architectural style of building reliable distributed systems that deliver functionality as services, with the additional emphasis on loose coupling between interacting services. 
Note :  An SOA can be based on Web services (which provide basic interoperability), but it may use other technologies instead.
Service provider This term is generally synonymous with service.  In some contexts it may refer to a person, organization or higher-level system responsible for making a service available to service requestors.
Service requestor This term is generally synonymous with client.  In some contexts it may refer to a person, organization or higher-level system that makes use of a service offered by a service provider.
SG Service Grid :  Federation of managed computing resources, offering a guaranteed Quality of Service according to a Service Level Agreement.  Trust is based on the Authentication of Users and Resources.  Often, grid Users PUSH jobs to Computing Resources, but pilot jobs PULL jobs from dedicated servers.
Share Usage of service functionalities or resources constrained on aspects such as identify or UserDomain membership, usage information or resource characteristics  (GLUE).
For example, this is the part of a resource which is available for a VO.
Shibboleth Architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on Security Assertion Markup Language (SAML).
Simple job Job whose description contains only 1 job executed by only 1 batch system, and NOT permitting or requiring direct client interaction with the computing resource.
The job description MAY require multiple cores, multiple processors, MPI support, ...
SLA Service Level Agreement :  Contract between a provider and a consumer that specifies the level of service that is expected during the term of the contract.  An SLA typically includes one or more service-level objectives specified in a service level definition.
SLAs are used by vendors and customers, as well as internally by IT shops and their end users.  They might specify availability requirements and response times for normal operations and for problem resolution (network down, machine failure, etc.), and they might stipulate the payment and/or penalties associated with meeting or failing to meet the agreed criteria.
Derived from
SLC Short Lived Credential  (Security).
SLCS CA Short Lived Credential Service: An automated CA which translates credentials (usually authentication tokens) issued from a large site or federation into the X.509 format suitable for use on Grids (with a lifetime less than 1Msec).
SLD Service Level Definition
SOAP An XML-based protocol for exchanging structured information in a decentralized, distributed environment. 
See and for more information.
Software Engineering Application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software.
Scientific computing applications require mostly scientific algorithmic skills, whereas grid middleware really requires professional software engineering.
SRM Storage Resource Manager  (OGF).
SSL Secure Sockets Layer :  A communication protocol whose primary goal is to provide private and reliable communication between two applications.
SSL is now renamed or replaced by TLS.
SSO Single Sign-On  (Security).
SSO across different administrative domains can be achieved only if they belong to the same federation.
Stage-in Data transfer(s) performed by the client or the execution service from a location NOT suitable for job execution (Client private area, Web, Tape, Storage resource with poor connectivity, ...) to a location suitable for job execution (Local disk on the computing resource, Storage resource with excellent connectivity to the computing resource).
PGI does NOT cover Pre-stage-in (occurring before the submission of a job), but focuses on stage-in occurring during the lifetime of the job, with a corresponding entry in the JSDL.
Stage-out Data transfer(s) performed by the client or the execution service from a location used by job execution (Local disk on the computing resource, Storage resource with excellent connectivity to the computing resource) to a location suitable for the client after job completion (Client private area, Web, Remote storage resource(s), ...).
PGI does NOT cover Post-stage-out (occurring after the completion of a job), but focuses on stage-out occurring during the lifetime of the job, with a corresponding entry in the JSDL.
Staging Shorthand for Data Staging.
Standard Specification of an interface.
De facto standards are widely used, but are NOT officially approved by any SDO.
Official standards are approved by a SDO, but few of them are really used.
A diagram presenting useful official and de facto standards is available at
State An entity’s state is the combined values of its ‘interesting” attributes’.  Interesting attributes are those for which external observers may see changes over time.  Examples include the position of a switch, the price of a stock, or the amount of memory allocated to a process.
Since not all attributes may be available or interesting to all possible observers, different observers may have different views of the state of an entity at a given time.
A change in the value of an attribute is an event.
Storage resource Resource which provides a physical or logical storage capability.  Examples include storage devices, storage appliances, disk volumes and file systems.
Support functionalities Functionalities which are NOT directly required by the end user, but which are in fact necessary for operation.  Examples of such support functionalities are information, security, logging, accounting, monitoring, ...


Term Definition
TLS Transport Layer Security: a secure communication protocol.  TLS is a successor to SSL, and offers additional security measures.
TLS is defined by RFC 5246  (IETF)
See for discussion of this topic.
Trust The willingness to take actions expecting beneficial outcomes, based on assertions by other parties  (Security).
Trust authority An entity that is trusted to issue specified assertions.
Trust management Definition of trust authorities and specification of what they should be trusted to do.
Trust relationships Polices that govern how entities in differing domains honor each other’s authorizations.
An authority may be completely trusted (for example, any statement from the authority will be accepted as a basis for action) or there may be limited trust, in which case only statements in a specific range are accepted.


Term Definition
UI User Interface machine  (gLite)
UML Unified Modeling Language
UML is a very useful tool of software engineering :
It permits to create diagrams clearly showing Use cases, Requirements, Classes, Collaborations, Message Sequences, States, Deployments, Flow Charts, … which may be understood by engineers, criticized, improved, and then perhaps implemented.
UNICORE Uniform Interface to Computing Resources :  Grid middleware developed, supported and used by DEISA, SKIFGrid and other National Grid Initiatives (NGIs).
UNICORE-BES Implementation of the OGSA-BES recommendation inside UNICORE.
Unit of work Synonym of ComputingActivity and Job.
UR Usage Record, for Accounting  (OGF).
URI Uniform Resource Identifier :  String used for identifying an abstract or physical resource.
URL Uniform Resource Locator:  URI specifying the address of an Internet resource.
Use case Description of a system’s behavior as it responds to a request that originates from outside of that system.  In other words, a use case describes ‘who’ can do ‘what’ with the system in question.  The use case technique is used to capture a system's behavioral requirements by detailing scenario-driven threads through the functional requirements.
Use cases should NOT focus on user applications or on the internals of the described system, but on the boundaries of the system, on preconditions, on actors, stakeholders and participants, on the primary scenario of interactions between the actors and the system, and on postconditions.
User End users are scientists, with various ICT and grid knowledge.  For example :  Application developers,  Experienced application users,  Scientists with no ICT knowledge using a scientific portal, ...
Direct users of grids are various :  Developers of scientific applications,  Integrators of scientific applications for grids,  Providers of scientific workflow engines,  Providers of scientific portals,  Site Administrators,  VO Administrators, ...
UserDomain Abstract concept for a Virtual Organization  (GLUE)
UUID Universally Unique Identifier, as defined by RFC 4122  (IETF).  This is a specification for a 128-bits Identifier with Global Uniqueness (represented as 32 hexadecimal characters), often implemented as GUID.


Term Definition
VDT Virtual Data Toolkit :  Grid middleware used by OSG.
Virtualization Virtualization uses a level of indirection to abstract the implementation details of one or more entities, enabling them to appear to their consumers in a more appropriate form.  For example, a virtualized entity might present different interfaces from its underlying entities, a single entity might be partitioned and presented as a set of (lower-capacity) entities, or a set of discrete entities might be treated as a single aggregate entity.
Virtualize See virtualization.
VO Virtual Organization :  One implementation of a UserDomain  (GLUE).
A virtual organization comprises a set of individuals and/or institutions having direct access to computers, software, data, and other resources for collaborative problem-solving or other purposes.
VOs are a concept that supplies a context for operation of a grid that can be used to associate users, their requests, and a set of resources. The sharing of resources in a VO is necessarily highly controlled, with resource providers and consumers defining clearly and carefully just what is shared, who is allowed to share, and the conditions under which sharing occurs.
Volunteer computing Form of desktop grid infrastructure where computing is performed on personal computers volunteered by their owners.  This differs from institutional desktop grids because the computing resources are :
• unaccountable and untrusted,
• sporadically connected,
• often behind NATs, firewalls, or HTTP proxies,
• highly diverse in terms of hardware and software.
VOMS VO Management Service.
VOMS AC Attribute Certificate provided by a VOMS server  (OGF).
Its format is defined by an OGF draft at referring to RFC 3280 and RFC 3281.
VOMS extensions = VOMS-style AC = VOMS-style Attribute Certificates = X509 Attribute Certificates.
VOMS proxy X509 proxy with VOMS extensions  (OGF).
VRC Virtual Research Community :  Group of researchers sharing common interest.
Some VRCs have already established a VO for grid usage, others have not done it yet.


Term Definition
W3C World Wide Web Consortium :  International community where Member organizations, a full-time staff, and the public work together to develop Web standards.
Web service
Web services tend to fall into one of two camps :  Big Web services using SOAP, and RESTful Web services.
A simplified dependency graph of security related WS standards is available inside
WLCG Worldwide LHC Computing Grid (LCG).
WSDL Web Services Description Language—an XML-based language for describing Web services.
See for more information.
WS Web Service
WS-Addressing Specification of transport-neutral mechanisms that allow web services to communicate addressing information.  It essentially consists of two parts: a structure for communi¬cating a reference to a Web service endpoint, and a set of Message Addressing Properties which associate addressing information with a particular message  (W3C).
WS-Naming Specification profiling WS-Addressing in order to provide identities and name rebinding  (OGF).
WS-Notification Web Services Notification  (OASIS).
Family of related specifications which define a standard Web services approach to notification using a topic-based publish/subscribe pattern.
WS-RF Web Services Resource Framework  (OASIS).  It defines a generic and open framework for modeling and accessing stateful resources using Web services.
WS-Security Web Services Security: SOAP Message Security 1.1  (OASIS).  It describes enhancements to SOAP messaging to provide message integrity and confidentiality. It also provides a general-purpose mechanism for associating security tokens with message content.
WS-Trust WS-Trust 1.3  (OASIS). It defines extensions that build on WS-Security to provide a framework for requesting and issuing security tokens, and to broker trust relationships.


Term Definition
X509 ITU-T standard for a public key infrastructure (PKI) for single sign-on (SSO) and Privilege Management Infrastructure (PMI).  X509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.
X509 certificate X509 EEC (End Entity Certificate) directly signed by a certificate authority.  This signature normally requires some time (human verification), so these full X509 certificates are NOT convenient to convey additional attributes defined on the fly.
X509 proxy X509 certificate (usually short-lived to lower security issues) authenticated by a another X509 certificate, but NOT directly signed by a certificate authority.  An X509 proxy can contain additional attributes defined on the fly, such as VOMS extensions signed by a VOMS server.  ATTENTION :  Globus proxies created by GSI permit delegation by GSI, but are NOT compatible with RFC-3820-compliant X509 proxies.
XACL = XACML eXtensible Access Control Markup Language  (OASIS).
XML eXtensible Markup Language :  Flexible text format that is used for data exchange.


Term Definition


Term Definition

The Open Grid Forum Contact Webmaster | Report a problem | GridForge Help