PGI Vocabulary and Glossary of Acronyms and Terms
The purpose of this page is to provide :
– an expansion of acronyms and
– an unambiguous definition of terms
used in the context of a Production Grid.
It is based on the OGSA® Glossary of terms and the GLUE Specification v. 2.0.
It provides a minimum background information about Grids.
In presenting these expansions and definitions, we do NOT attempt to justify them, nor present the discussions that preceded them, but we encourage the reader to follow any supplied references for a more detailed discussion.
The root terms are :
– ‘Data Processing’, which means much more than computing,
– ‘Administrative domain’, which holds a security repository for client authorization and authentication,
– ‘Trust’, which permit interoperation between different administrative domains,
– ‘Federation’, where different administrative domains agree on standardization and mutual trust.
For each official or de facto standard mentioned, the corresponding defining organization follows inside parenthesis.
For some terms (in particular those defined by GLUE), the defining document also follows the definition inside parenthesis.
Links to appropriate web pages are given inline.
| Term || Definition |
| AAA || Authentication, Authorization and Accounting, as defined by RFC 2903, RFC 2904, RFC 2905, RFC 2906 (IETF). http://en.wikipedia.org/wiki/AAA_protocol |
| AAI || Authentication and Authorization Infrastructure. Example is X509. |
| AC || Attribute Certificate (RFC 3281). http://www.apps.ietf.org/rfc/rfc3281.html |
| AccessPolicy || AccessPolicy express authorization rules, e.g. which UserDomains MAY access a certain service Endpoint (GLUE). |
| Accounting || Process permitting to keep trace, and to provide targeted display of quantified usage of resources by clients. |
Accounting data must be persistent. Standardization of its format eases interoperability.
Examples of targeted display are ‘overall usage of one resource’, and ‘client billing’.
| Activity || Unit of work which is submitted to a Service via an Endpoint (GLUE). |
Main example of Activity is a ComputingActivity, so Activity is often a used as shorthand for ComputingActivity (Job).
| AdminDomain || Collection of actors which manage a number of Services (GLUE). |
| Administrative domain || Service provider holding a security repository permitting to easily authenticate and authorize clients with credentials. |
Interoperation between different administrative domains having different security reposi¬tories, different security software or different security policies is notoriously difficult. Therefore, administrative domains wishing interoperation have to build a federation.
This concept is captured by GLUE as AdminDomain.
| Allocated || See allocation. |
| Allocation || Process of assigning a set of resources for use by a job. |
| Application || Program which is to be executed inside a job. |
In most service grids, clients are authenticated, so they can submit any application.
In desktop grids, computing resources can NOT authenticate job submitters. Therefore, the application itself has to be officially validated (that is analyzed and verified as harmless) and stored inside an application repository.
| Application repository || Secure repository holding validated applications. |
Application repositories are required by desktop grids.
| ARC || Advanced Resource Connector : Grid middleware developed and supported by NorduGrid collaboration, and used by NDGF. http://www.nordugrid.org/middleware/ |
| A-REX || ARC Resource-coupled EXecution service : BES compatible computing service of ARC middleware. |
| ARGUS || XACML-based authorization service developed and maintained by EGI and EMI. https://twiki.cern.ch/twiki/bin/view/EGEE/~AuthorizationFramework |
| AUTHN || Authentication : Process of ensuring that a credential is valid and belongs to the entity that presents it. Examples of types of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called). |
| AUTHZ || Authorization : Determination whether a particular entity has the rights to perform a given activity. |
| Automatic staging || Data staging performed automatically by the execution service in any direction between local storage for the job and a location provided by the job submitter. |
This requires that the job submitter provides to the execution service (potentially delegated) credentials permitting data access. For stage-in, this also requires that the data is already in the specified location before job submission.
These preparation steps permit to avoid manual staging.
| Term || Definition |
| Backend interface || Interface which is normally NOT seen by clients, but which permits interoperability between different implementations of functionalities using the same persistent resource. |
For example, standardization of the format of accounting records permits an accounting program of a grid infrastructure to correctly process accounting records generated in another grid infrastructure by jobs forwarded there for execution.
| BES || Shorthand for OGSA-BES. |
| BOINC || Berkeley Open Infrastructure for Network Computing : |
Grid middleware for desktop grids. http://boinc.ssl.berkeley.edu/
| Term || Definition |
| CA || Certificate Authority : Entity which issues digital certificates for use by other parties. It is an example of a trusted third party (RFC 3280). http://en.wikipedia.org/wiki/Certificate_authority |
| Campus grid || Data processing infrastructure which does NOT spread several administrative domains. Therefore, its security requirements are simple and are easily fulfilled by local accounts. |
| Capability || Ability to execute a specified course of action. http://en.wikipedia.org/wiki/Capability_(systems_engineering) |
| CE || Computing Element (EGI) |
| CIM || Common Information Model : An object-oriented model for system management, published by the Distributed Management Task Force (DMTF). http://www.dmtf.org/standards/cim/ |
It is mentioned here because GLUE, the OGF recommendation for the information model permitting to describe grid entities, is NOT compliant to CIM.
| CIS || Credential Issuing Service (Security) |
| Client || In a service-oriented architecture, a client is a software component or other program unit that makes use of the capabilities offered by a service. |
In a grid context, a client is a holder of credentials belonging to a member of a GLUE UserDomain.
| Client interface || Interface which is directly used by clients. Thus, it is a candidate for standardization. |
| Cloud || Data processing infrastructure providing an extensive integrated client interface permitting information discovery, data management, job management, logging, accounting and monitoring. |
Most clouds are enclosed inside a single administrative domain, do NOT provision communication between different administrative domains, and provide limited security.
| CMMI-DEV || Capability Maturity Model Integration for Development : Process improvement approach that helps organizations improve their performance, in particular for software engineering. http://www.sei.cmu.edu/library/abstracts/reports/06tr008.cfm |
| Collection job || Container for a limited number of explicitly described independent simple jobs. This container receives its own job ID, permitting clients to manage the collection as a whole. |
| Component || An interchangeable part of a system that encapsulates its contents and defines its behavior in terms of its public interfaces. |
| Computing || Running a program. This is only a tiny part of data processing. |
| ComputingActivity || Single (but possibly multi-processor) job (GLUE). |
| Computing grid || Legacy shorthand for ‘Distributed data processing infrastructure’. |
| Contact || Contact information for different groups or expert roles responsible for aspects of the operation of Services and Domains, e.g., user support, security or sysadmin (GLUE). |
| Context || The conditions and circumstances under which an operation takes place. For example: |
• In programming languages a calling context is a set of bindings of values to variables.
• A VO is a possible context for a request to a service.
• A security context is a set of credentials under which execution can occur.
| COPS || Common Open Policy Service. It specifies a simple client/server model for supporting policy control as defined by RFC 4261 (IETF). http://www.apps.ietf.org/rfc/rfc4261.html |
| CREAM || Computing Resource Execution And Management : gLite Computing Element. http://grid.pd.infn.it/cream/field.php |
| CSIRT || Computer Security Incident Response Team (Security). http://en.wikipedia.org/wiki/CSIRT |
| CVS || Credential Validation Service (Security) |
| Term || Definition |
| Data access || A mechanism that allows an entity to identify a subset of the data held by a data resource and to update that subset, return it to the requesting entity, or make it available for transfer elsewhere. |
| Data catalog || Registry which stores data descriptions of data services or of the data resources they represent. This is sometimes called a ‘metadata catalog’. |
| DAG || Directed Acyclic Graph : Directed graph with NO directed cycles. http://en.wikipedia.org/wiki/Directed_acyclic_graph |
| DAG job || DAG workflow of a limited number of explicitly described simple jobs. This DAG workflow receives its own job ID, permitting clients to manage the collection as a whole. |
| Data consistency || An instance of data in a resource in a distributed system is said to be ‘consistent’ with one or more other instances of that data elsewhere in the system if it is up-to-date with respect to those instances. |
In a given system, a policy may define the rules for determining the extent to which data is up-to-date, and for maintaining that degree of consistency.
| Data federation || In OGSA, data federation refers to the logical integration of multiple data services or data resources so that they can be accessed as if they were a single service. |
| Data format || The encoding, structure, classification and organization of data in a data resource or message. |
| Data management service || In OGSA, the capability concerned with the storage, description, access, update, location, transfer and other management of data. |
| Data model || A mapping of the contents of an information model into a form that is specific to a particular type of repository, protocol, platform, etc. It is a rendering of an information model according to a specific set of mechanisms for representing, organizing, storing and handling data. |
There are typically three parts :
• A collection of data structures such as lists, tables, and relations;
• A collection of operations that can be applied to the structures such as retrieval, update, and summation;
• A collection of integrity rules that define the legal values or changes of state (operations on values).
The audience for a data model is implementers. The WBEM initiative is an example of an instantiation of CIM as a data model.
For more information see RFC 3444 (IETF). http://www.apps.ietf.org/rfc/rfc3444.html
| Data processing || Whole management of data, encompassing data extraction from scientific instruments, data storage, metadata management, computing, … |
| Data replication || Maintenance of one or more copies (replicas) of data such that the replicas are kept up-to-date with any changes in that data. |
See OGSA Data Architecture for more information.
| Data resource || Entity (and its associated framework) which provides a data access mechanism or can act as a data source or data sink. |
| Data service || Service which provides interfaces to the capabilities and data of one or more data resources within a service-oriented architecture. |
| Data set || An encoding of data in a defined syntax suitable for externalization outside of a data service. For example, for data transfer to or from another data service. |
Examples include a WebRowSet encoding of an SQL query result set, a JPEG-encoded byte array, and a ZIP-encoded byte array of a set of files.
| Data sink || Data resource that receives the data transferred by a data transfer mechanism from a data source. |
| Data source || Data resource that contains or generates data to be transferred to a data sink via a data transfer mechanism. |
| Data staging || Transfer of data to a specified location in preparation for an activity, e.g., running a job on an execution resource, or the transfer to another location of data resulting from an activity. |
PGI does NOT cover Pre-staging (occurring before the submission of a job) and Post-staging (occurring after the completion of a job), but focuses on file transfers occurring during the lifetime of the job, with a corresponding entry in the JSDL.
| Data transfer || Mechanism to transfer data from a data source to a data sink. |
| dCache || Grid middleware for data management, now maintained by EMI. www.dcache.org/ |
| DCI || Distributed Computing Infrastructure (wording for Computing Grid by the European Commission). |
| DEGISCO || Desktop Grids for International Scientific Collaboration : European project for technical dissemination and infrastructure extension : |
Its aim is the further extension to 'International Cooperation Partner Countries' (ICPC) of the European 'Distributed Computing Infrastructure' (DCI) which is already interconnected to desktop grids by the '3G Bridge' infrastructure.
| DEISA || Distributed European Infrastructure for Supercomputing Applications : Grid infrastructure project for academic supercomputers. http://www.deisa.eu/ |
| Delegation || Transfer of rights and privileges to another party (Security). |
GSI performs direct delegation of Globus proxies (which do NOT comply to RFC 3820).
GridSite Delegation described at http://www.gridsite.org/wiki/Delegation_protocol is a service permitting delegation of X509 proxies, and is used by gLite as described at https://twiki.cern.ch/twiki/bin/view/EGEE/~GridSiteDelegation
| Distributed data processing || Better wording for Grid computing. |
Data processing using distributed resources. These distributed resources may be enclosed in a single administrative domain (campus grid, cloud) or may be spread over different administrative domains (desktop grids, production grids, service grids).
In this last case, the different administrative domains need to form a federation.
| Distributed data processing infrastructure || Better wording for Grid, Computing Grid and DCI. |
Infrastructure for distributed data processing, permitting clients to submit data processing activities to (potentially) remote resources. This encompasses NOT only data and computing resources, but also security setups, information discovery, logging, accounting, monitoring, operational staff, documentation, training, …
It may be enclosed in a single administrative domain, like a campus grid or a cloud.
It may also be a federation of different administrative domains, like a desktop grid, a production grid or a service grid.
| DG || Desktop Grid : Loose opportunistic grid using idle computing resources (often desktop computers owned by volunteers). |
No single desktop resource can guarantee any QoS, but a large desktop grid as a whole can provide a guaranteed QoS.
Trust is based on the certification of applications.
Most often, computing resources PULL jobs from desktop grid servers.
| Domain || Abstract group of actors playing a role in a grid system. Examples of instantiation are AdminDomain and UserDomain (GLUE). |
| DoS || Denial of Service : A form of attack on a computer system that results in some part of the system being prevented from providing its normal level of service to its users (Security). http://en.wikipedia.org/wiki/Denial-of-service_attack |
| Term || Definition |
| EDGeS || Enabling Desktop Grids for e-Science : Now finished European project for technology, infrastructure and dissemination : Its aim was to create and operate an integrated grid infrastructure that seamlessly integrates : |
• a variety of desktop grids (powered in particular by BOINC and XtremWeb-HEP) on the one hand,
• service grids powered by the gLite middleware (such as EGEE) on the other hand.
| EDGI || European Desktop Grid Infrastructure : European project for technology and infrastructure : Its aim is to support the user communities of European Grid Initiative and National Grid Initiatives which : |
• are heavy users of Distributed Computing Infrastructures,
• require an extremely large number of CPUs and cores.
For this aim, EDGI is developing middleware which consolidates the results achieved in the EDGeS project concerning the extension of service grids with desktop grids.
| EEC || End Entity Certificate, for example User or Server Certificate, as opposed to CA Certificate (Security). |
| EGEE || Enabling Grids for E-sciencE : European project of grid infrastructure for academic computers, now being replaced by EGI. http://www.eu-egee.org/ |
| EGI || European Grid Infrastructure: Grid infrastructure for academic computers. |
EGI is a sustainable continuation of EGEE, and contains NDGF. http://www.egi.eu/
| EGI-InSPIRE || European project started on 1 May 2010 and funding EGI during 4 years. http://www.egi.eu/projects/egi-inspire |
| EMI || European Middleware Initiative : European project of grid middleware, having to manage and make compatible ARC, gLite, Unicore and dCache, for usage by EGI and PRACE. http://www.eu-emi.eu/ |
| Endpoint, End point || Network location that can be contacted to access certain functionalities based on a well-defined interface (GLUE). |
| Entity || Any nameable thing. For example, in OGSA an entity might be a resource or a service. |
| EPI || End Point Identifier : URI that is unique in space and time. Clients can compare the EPIs contained in two or more EPRs. If the EPIs are the same, the EPRs are said to point to the same entity (WS-Naming). |
| EPR || Endpoint reference : A WS-Addressing construct that identifies a message destination. In WSRF an EPR conveys the information needed to identify or reference a stateful resource. http://www.w3.org/2002/ws/addr/ |
| e-Science || Computationally intensive science that is carried out in highly distributed network environments, or science that uses immense data sets that require grid computing. http://en.wikipedia.org/wiki/E-Science |
| ETSI || European Telecommunications Standards Institute. http://www.etsi.org/ |
| Event || Anything that occurs in or to an IT system that is potentially interesting to a person, to some other part of the same system, or to an external system, may be considered to be an event. |
Information about an event may be expressed as a log record and stored in a log service. It may also be communicated to other interested services through a notification message.
| ExecutionEnvironment || Hardware and operating system environment in which a job will run. It represents a set of homogeneous Worker Nodes, so if a computing system contains nodes with significantly different properties, there MAY be several ExecutionEnvironment instances. This implies that it should be possible to request a specific environment when a job is submitted (GLUE). See also Hosting environment. |
| Execution Service || Grid service publishing Endpoint(s) permitting clients to submit jobs. An execution service is responsible for the execution of the jobs which it receives. An execution service MAY perform brokering to find the most adequate computing resource (which MAY be another execution service), and forward the job to it. |
An execution service manages jobs, which are transient entities, but also has to write down logging and accounting records, which must be persistent.
| Term || Definition |
| Failure || State in which a service or other entity is not correctly meeting its specified behavior. |
| Failure recovery || Restoration of a service or other entity to its specified behavior. |
Recovery might be effected either by correcting the failure condition or by routing subsequent requests to an alternate entity that is capable of providing the same service.
| Fault || Exceptional but anticipated behavior |
| File path || String in some directory system that can be bound to some file (or pseudo-file)—for example, /home/mydir/data. |
Usually a file path on one machine is invalid or resolves to a different file on other machines (in the absence of some sort of distributed file system).
| Federation || Multiple computing and/or network providers agreeing upon standards of operation in a collective fashion. http://en.wikipedia.org/wiki/Federation_(information_technology) |
The primary standard is mutual trust. A production grid is a federation of its administrative domains, with IGTF as trust anchor.
| FQAN || Fully Qualified Attribute Name |
| FTP || File Transfer Protocol |
| Term || Definition |
| GCM || Grid Component Model (ETSI). http://www.etsi.org/~WebSite/Technologies/GRID.aspx |
In fact, GLUE is much more relevant.
| Genesis II || Grid middleware developed by University of Virginia. http://www.cs.virginia.edu/genesis/ |
| GIN || Grid Interoperability Now : Community Group (OGF). http://www.ogf.org/gf/group_info/view.php?group=gin-cg |
| gLexec || Grid security program which acts as a light-weight 'gatekeeper'. gLExec takes grid credentials as input. gLExec takes the local site policy into account to authenticate and authorize the credentials. http://www.nikhef.nl/pub/projects/grid/gridwiki/index.php/GLExec |
| gLite || Grid middleware developed and used by EGEE, now maintained by EMI and used by EGI. gLite currently uses an old version of GSI, which accepts Globus proxies, but does NOT accept RFC-3820-compliant X509 proxies. http://glite.web.cern.ch/glite/ |
| Globus || Organization developing grid middleware used in US and within EGI in Europe. http://www.globus.org/ |
In particular, it created the Globus Toolkit, with Globus proxies and the GRAM protocol.
| Globus proxy || Proxy Certificate which does NOT comply with RFC 3820 (Globus). |
Globus proxies are accepted ONLY by GSI libraries, which also know how to achieve direct delegation of Globus proxies.
| Globus GSSAPI || Globus implementation of GSSAPI (Globus). Old versions are INCOMPATIBLE with the OpenSSL implementation. Only NEW versions (since version 4.0 approximately) also accept RFC-3820-compliant X509 proxies. |
| GLUE || The GLUE specification is an information model for Grid entities described using the natural language and UML Class Diagrams (OGF). http://www.ogf.org/documents/GFD.147.pdf |
| GRAM || Grid Resource Allocation and Management (Globus) : |
Protocol for job submission and management. NOT compliant to BES.
| Grid || Shorthand for distributed data processing infrastructure. |
An OGSA grid is a system that is concerned with the integration, virtualization, and management of services and resources in a distributed, heterogeneous environment that supports collections of users and resources (virtual organizations) across traditional administrative and organizational domains (real organizations).
Less formally, a grid computing environment combines distributed pools of resources onto which applications or services may be dynamically provisioned and re-provisioned, to improve economy, efficiency, agility, performance, scaling, resilience and utilization. The contributed resources are often consolidated from numerous smaller pools, where they may have been under-utilized, and as a result grids tend to be heterogeneous.
Grids offer great flexibility, as resources can be re-purposed or re provisioned in line with an organization’s changing goals. They typically focus on services rather than components, and are built using architectural styles such as service-oriented architecture, which are disaggregated or distributed in nature and can leverage the properties of the available resources. Key requirements for successful grid implementa¬tion and management include standardization of the interfaces of common components, and the use of standardized information models, security models and data models.
| Grid computing || Legacy shorthand for Distributed data processing. |
Grid computing is related to, but subtly different from, Utility computing.
| Grid infrastructure || Legacy shorthand for Distributed data processing infrastructure. |
| GridSAM || A job management service provided by OMII-UK that implements OGSA-BES. http://omii.ac.uk/wiki/~GridSAM |
| GridSite || Software project focused on Grid Security for the Web, Web platforms for Grids. It provides a Delegation Service. http://www.gridsite.org/ |
| GROMACS || Classical molecular dynamics application designed for simulations of large biomolecules. Open source. Highly popular among biophysicists. First published PGI use case. http://www.gromacs.org |
| GSI || Globus Security Infrastructure. It permits direct delegation of Globus proxies. Old versions of GSI do NOT accept RFC-3820-compliant X509 proxies. Only NEW versions of GSI (since version 4.0 approximately) accept RFC-3820-compliant X509 proxies. |
| GSI-style X509 proxy || Globus proxy. |
| GSS = GSSAPI || Generic Security Services Application Program Interface, as defined by RFC 5554 (IETF). http://tools.ietf.org/html/rfc5554 |
| GT2 || Globus Toolkit version 2 (Globus, non-WS) |
| GT4 || Globus Toolkit version 4 (Globus, uses WS) |
| GUID || Globally Unique Identifier, which is a 128-bits implementation (often represented as 32 hexadecimal characters) of an Identifier with Global Uniqueness. http://en.wikipedia.org/wiki/Globally_Unique_Identifier |
| Term || Definition |
| Hosting environment || OGSA name for ExecutionEnvironment : |
Any environment in which a task can execute : for example a Web services execution environment, an operating system, etc.
| HPC || High Performance Computing, generally involving tightly coupled parallel jobs, and mostly performed on supercomputers with low-latency interconnects. http://en.wikipedia.org/wiki/High-throughput_computing |
| HTC || High Throughput Computing, generally involving independent, sequential jobs, which may last several months. http://en.wikipedia.org/wiki/High-throughput_computing |
HTC can be performed on any large resource : Supercomputer, Service Grid (SG), Desktop Grid (DG).
| HTTP || Hypertext Transfer Protocol—a text-based protocol that is commonly used for transferring information across the Internet. http://www.w3c.org/Protocols |
| HTTPG || HTTP secured using GSI |
| HTTPS || HTTP secured using SSL. |
| Term || Definition |
| ICE || Interface to Cream Environment (gLite) |
| ICT || Information and Communication Technology |
| Identifier with Global Uniqueness || Anything which uniquely identifies something on a global level. It MAY be implemented by GUID (128 bits), and MAY also be implemented by other means. |
| Identity || Attribute, such as a name, that allows one entity to be distinguished from all others. |
| IDGF || International Desktop Grid Federation. http://desktopgridfederation.org/ |
| IETF || Internet Engineering Task Force. http://www.ietf.org/ |
| IGE || Initiative for Globus in Europe : European project representing the interests of Globus users within Europe. http://www.ige-project.eu |
| IGTF || International Grid Trust Federation : Trust anchor for production grid security. http://www.igtf.net/ |
| IIRM || Infrastructure Interoperability Reference Model |
| Information Model || Abstraction and representation of entities in a managed environment including properties, operations, and relationships. |
An information model is independent of implementation: that is, it is protocol-neutral, repository-independent, and platform-independent.
An information model's level of specificity is varied, dependent on need. It can be described in a formal language such as UML or an informal natural language such as English.
An information model is useful for designers to describe the managed environment, for administrators to understand the modeled objects, and for implementers as a guide to the functionality that can be described, limited by, and coded in the data models.
CIM and GLUE are examples of object-oriented information model.
For more information see RFC3444. http://www.apps.ietf.org/rfc/rfc3444.html
| Interactive job || Simple job permitting or requiring direct client interaction with the computing resource. |
| Interface || Point of interaction between components, allowing them to function independently. http://en.wikipedia.org/wiki/Interface_(computer_science) |
Its specification is a precise description of the exchanged messages and of their sequence. http://en.wikipedia.org/wiki/Interface_(object-oriented_programming)
Interoperability evidently requires standardization of client interfaces.
But some functionalities also require standardization of backend interfaces (such as accounting records standardized by OGF in http://www.ogf.org/documents/GFD.98.pdf)
| IRI || Internationalized Resource Identifier : an extension of the URI syntax to allow non-Latin characters, as defined in RFC 3987. http://www.apps.ietf.org/rfc/rfc3987.html |
| ITIL || Information Technology Infrastructure Library : Set of concepts and practices for Information Technology Services Management. http://en.wikipedia.org/wiki/ITIL |
It particularly applies to grid operation.
| ITU-T || International Telecommunication Union, Telecommunication Standardization Sector. ITU-T Recommendations are defining elements in information and communication technology (ICT) infrastructure. http://www.itu.int/ITU-T/ |
| Term || Definition |
| JDL || Job Description Language (gLite). |
| Job || A user-defined work unit which is scheduled to be carried out by an execution subsystem. Synonym of ComputingActivity. |
A job may be a Simple job, a Collection job, a Parameter sweep job, an Interactive job, a DAG job, …
Execution services manage simple jobs, and MAY also manage other types of jobs.
| Job ID || Identifier which the execution service associates to a submitted job and returns back to the job submitter. This job ID permits authorized clients to manage the job. |
| JSDL || Job Submission Description Language : A language for describing job submissions, including details of their required execution environments. It is defined by ‘Job Submission Description Language (JSDL) Specification, Version 1.0’. http://www.ogf.org/documents/GFD.136.pdf |
| Term || Definition |
| LB || Logging and Bookkeeping (gLite). http://egee.cesnet.cz/mediawiki/index.php/Main_Page |
| LCG || LHC Computing Grid. http://lcg.web.cern.ch/LCG/ |
| Legacy, Legacy program, Legacy file system || Pre-existing items which are still used, but NOT adequate anymore, because they are not standard compliant or rely strongly on assumptions which have become false, like : |
• Globus proxies, GRAM, …
• Execution under human supervision, now replaced by execution inside a grid job,
• Execution inside a single administrative domain, now replaced by execution inside a production grid federating separate administrative domains,
• Usage of local files, now replaced by usage of remote grid files.
In OGSA, “legacy” is often used to describe pre-existing items such as programs or file systems that must be grid-enabled before they can be used as grid resources.
| Legacy CREAM || CREAM middleware using the GRAM protocol (gLite). To be verified. |
| Local storage || Storage location which is immediately accessible by a component without need of specific credentials. In particular, job payloads are often unable to directly access remote data locations, so that data staging is necessary. |
| Location || Geographical location where a certain Domain or Service is placed (GLUE). |
| Log record || Expression of an event for the purpose of persisting the event in a logging service. |
| Log service || See logging service. |
| Logging || Process permitting to keep trace, and to provide targeted display of actions performed by components, in particular their usage of resources. |
Logging data must be persistent. Standardization of its format eases interoperability.
Examples of targeted display are ‘software component history’, ‘resource usage history’, and ‘job history across various components’.
| Logging service || Intermediary service which serves as a persistent repository for log records. |
| Term || Definition |
| Manage || See management. |
| Manageability || Ability to manage a resource, or the ability of a resource to be managed. |
| Manageability interface || Interface through which a resource is managed. |
| Manageable resource || Resource that can be managed programmatically, either through a manageability interface or through some other mechanism such as a policy file. |
| Management || Process of taking administrative actions such as deploying, configuring, monitoring, metering, tuning, and/or troubleshooting resources, either manually or automatically. |
| Managed || See management. |
| Manager || Local software layer (not directly exposed via an endpoint) which has control of the underlying resources (GLUE). |
The functionalities of a manager layer which need to be accessible by remote users are typically abstracted by a middleware component via a standard interface, and are modeled by the concept of endpoint.
Examples of managers are : for computing resources, batch systems such as OpenPBS or LSF; for storage resources, GPFS or HPSS.
For OGSA, a manager is a software that manages manageable resources. A manager may or may not require a human operator.
| Manual staging || Data staging performed manually by the job submitter in any direction between any location and the location defined by the execution service as local storage for the job. |
This requires that the job submitter receives this local storage location from the execution service during the job lifetime, and that the job is not really running at that time.
| MappingPolicy || It expresses which UserDomains MAY consume a certain share of resources (GLUE). |
| Message || Self-contained unit of data that is transferred between a message producer and one or more message consumers. |
| Message consumer || Service that receives a message. |
| Message producer || Service that emits a message. |
| Messaging service || Service that transmits messages from message producers to message consumers. |
| Metadata || Data which describes data. Metadata may include references to schemas, provenance, and information quality. |
| MICS CA || Member Integrated Credential Services : An automated CA which issues (long-lived) X509 credentials to end entities based on an external primary source of identity (Example: CERN CA). |
| Middleware || Software which connects components. It sits ‘in the middle’ between application software which may be deployed on different operating systems. Its complexity requires professional software engineering. http://en.wikipedia.org/wiki/Middleware |
| MPI || Message Passing Interface : A standard API for implementing message-passing libraries. MPI libraries are generally used to coordinate activity within parallel applications. http://www.mpi-forum.org |
| Term || Definition |
| Name || Attribute used to identify an entity. |
• A human-oriented name is based on a naming scheme that is designed to be easily interpreted by humans (e.g. human-readable and human-parsable).
• An abstract name is a persistent name suitable for machine processing that does not necessarily contain location information. Abstract names are bound to addresses.
• An address specifies the location of an entity.
| NAREGI || Japanese National Research Grid Initiative. http://www.naregi.org/index_e.html |
| NDGF || Nordic DataGrid Facility : Grid infrastructure for academic computers, using the ARC middleware, and now part of EGI. http://www.ndgf.org/ |
| NGI || National Grid Initiative : NGIs of European states contribute to EGI. |
| NorduGrid || Grid Research and Development collaboration aiming at development, maintenance and support of the free grid middleware known as the Advance Resource Connector (ARC). The collaboration is based on a Memorandum of Understanding. http://www.nordugrid.org |
| Notification || Asynchronous message communicating the details of an event to an interested party. |
Usage of notification permits components to avoid having to repeatedly poll services.
Components wishing to receive notifications have to subscribe to a service delivering them.
| NREN || National Research and Education Network. |
NRENs provide huge data transfer resources for scientific, academic and educational purposes, but NOT for business purposes.
| Term || Definition |
| OASIS || Organization for the Advancement of Structured Information Standards. It is responsible in particular of SAML and XACML. http://www.oasis-open.org/ |
| OGF || Open Grid Forum. http://www.ogf.org/ |
| OGSA || Open Grid Services Architecture (OGF). |
| OGSA Basic Profile || An OGSA Basic Profile is a profile in the style of WS-Interoperability (WS I) that defines recommended usage of infrastructure-level standards for grid scenarios. OGSA services should utilize one such profile when a given infrastructure capability is needed. |
For example, if secure communication is required, OGSA services should use one of the OGSA Basic Security Profiles.
For information about WS-I : http://ws-i.org
| OGSA-BES || OGSA Basic Execution Service : SOAP-based specification for grid ‘service to initiate, monitor, and manage computational activities’ (jobs), using a state model (OGF). |
Specified in ‘OGSA® Basic Execution Service Version 1.0’. http://www.ogf.org/documents/GFD.108.pdf
| OGSI || Open Grid Services Infrastructure (OGF). |
| OID || Object Identifier, used in particular to name object types in X509 certificates (Security). |
| OMII-UK || Open Middleware Infrastructure Institute. http://omii.ac.uk/ |
| OMII-EU || Open Middleware Infrastructure Institute for Europe. http://www.omii-europe.org |
| OpenSSL || Open source implementation of the SSL and TLS protocols. http://www.openssl.org/ |
It accepts RFC-3820-compliant X509 proxies, but NOT Globus proxies, and does NOT perform direct delegation.
| OSG || Open Science Grid : Grid Infrastructure in the USA for academic computers, using the VDT grid middleware. http://www.opensciencegrid.org/ |
| Term || Definition |
| PAP || Policy Administration Point (part of the XACML authorization model) : Point which manages policies (Security). |
| Parameter sweep job || Container for independent simple jobs to be created dynamically, as specified by 'JSDL Parameter Sweep Job Extension'. http://www.ogf.org/documents/GFD.149.pdf |
This container receives its own job ID, permitting clients to manage the container as a whole.
| Payload || Anything (Application, Script, Pilot Job, ...) executed by a resource on request of the activity. The payload MAY completely ignore that it is executed inside a grid activity. |
| PC || Proxy Certificate (Security). |
| PC chains || Proxy Certificate Chains (Security). |
| PDP || Policy Decision Point : Point which evaluates and issues authorization decisions (RFC 2904). |
| PEP || Policy Enforcement Point : Point which intercepts user's access request to a resource and enforces PDP's decision (RFC 2904). |
| PGI || Production Grid Infrastructure (OGF). Working Group focused on production grids. http://www.ogf.org/gf/group_info/view.php?group=pgi-wg |
| PIP || Policy Information Point (part of the XACML authorization model) : Point which can provide external information to a PDP, such as LDAP attribute information (Security). |
| PKC || Public Key Cryptography (Security). |
| PKI || Public Key Infrastructure (Security). |
| PMI || Privilege Management Infrastructure (ITU-T). |
| Policy || Statements, rules or assertions which specify the correct or expected behavior of an entity (GLUE). |
For example, AccessPolicy relates to Endpoints and MappingPolicy relates to Shares.
| PRACE || Partnership for Advanced Computing in Europe : Pan-European Research Infrastructure for High Performance Computing (HPC). www.prace-project.eu/ |
| Production grid || Grid infrastructure which can spread several administrative domains. |
Therefore, its security requirements are complex, require trust mechanisms between all administrative domains of the production grid.
So, a production grid is often organized as a federation of its administrative domains.
Academic production grids use NRENs. Therefore, they can be used for scientific, academic and educational purposes, but NOT for business purpose.
| Profile || Normative document which aids development of interoperable software components by providing guidance on the use of a collection of specifications or other profiles. |
| Provisioning (and deployment) || Provisioning is the act of putting a resource or set of resources into a state such that it is available for use. Depending on the context of the operation, the provisioning process might include activities such as reservation and allocation. |
The term “provisioning” is commonly used in conjunction with or as an alternative to deployment. In contexts where the two are used together, provisioning is often regarded as the high-level process of gathering and readying all the necessary resources, while each lower-level process, such as allocating a server or installing and starting a software component, is referred to as deployment.
| Proxy || Certificate (usually short-lived to lower security issues) authenticated by a another certificate, but NOT directly signed by a Certificate Authority. A proxy can contain additional attributes defined on the fly, such as VOMS extensions signed by a VOMS server. ATTENTION : Globus proxies created by GSI permit delegation by GSI, but are NOT compatible with RFC-3820-compliant X509 proxies. |
| Term || Definition |
| QoS || Quality of Service : A measure of the level of service attained, such as security, network bandwidth, average response time or service availability. |
| Term || Definition |
| RA || Registration Authority : Responsible for identity vetting of all end-entities, which must contact the RA face-to-face and present photo-id and/or valid official documents (Security). |
| RENKEI || REsources liNKage for E-scIence : Japanese research and development project for new middleware technologies to enable the e-science community. |
RENKEI is a Japanese word meaning ‘federation’. http://www.e-sciren.org/
| Reservation || Process of reserving resources for future use by a planned task. |
| Resource || Entity providing capabilities which are exposed via Endpoints. Examples are execution environments for computational activities or data stores for data (GLUE). |
In an OGSA grid, resources are accessed through services.
In a grid context the term encompasses entities that provide a capability or capacity (e.g., servers, networks, disks, memory, applications, databases, IP addresses, and software licenses). Dynamic entities such as processes, print jobs, database query results and virtual organizations may also be represented and handled as resources.
See http://www.w3.org/TR/2004/NOTE-ws-arch-20040211/#resource for the WS Architecture definition of this term.
| Resource configuration || Process of adjusting the configurations of a set of resources to meet the requirements of the task to which they have been allocated. |
For example, configuration may involve setting appropriate parameters and storing policies for middleware, O/S, firmware and hardware.
Resource configuration may be preceded by resource deployment.
| Resource discovery || Process of searching for resources which match some criteria. |
| Resource lifecycle management || Process of managing resources allocated to a task, from the time of allocation until the time of release. |
| Resource management || Generic term for several forms of management that may be applied to resources. These include (but are not limited to) typical IT systems management activities. |
| Resource manager || Manager which implements one or more resource management functions. |
| RFC 2246 || The Transport Layer Security (TLS) Protocol (Version 1.0). Obsoleted by RFC 5246 |
| RFC 2459 || Certificate and CRL Profile for Internet X.509 Public Key Infrastructure. Obsoleted by RFC 3280 |
| RFC 2748 || The COPS (Common Open Policy Service) Protocol. Obsoleted by RFC 4261 |
| RFC 2903 || Generic AAA Architecture (IETF). http://www.apps.ietf.org/rfc/rfc2903.html |
| RFC 2904 || AAA Authorization Framework (IETF). http://www.apps.ietf.org/rfc/rfc2904.html |
| RFC 2905 || AAA Authorization Application Examples (IETF). http://www.apps.ietf.org/rfc/rfc2905.html |
| RFC 2906 || AAA Authorization Requirements (IETF). http://www.apps.ietf.org/rfc/rfc2906.html |
| RFC 3305 || Uniform Resource Identifiers (URIs), URLs, and Uniform Resource Names (URNs) : Clarifications and Recommendations (IETF). http://www.apps.ietf.org/rfc/rfc3305.html |
| RFC 3198 || Terminology for Policy-Based Management (IETF). http://www.apps.ietf.org/rfc/rfc3198.html |
| RFC 3280 || Certificate and Certificate Revocation List (CRL) Profile for Internet X.509 Public Key Infrastructure (IETF). http://www.apps.ietf.org/rfc/rfc3280.html |
| RFC 3281 || An Internet Attribute Certificate : Profile for Authorization (IETF). http://www.apps.ietf.org/rfc/rfc3281.html |
| RFC 3444 || On the Difference between Information Models and Data Models (IETF). http://www.apps.ietf.org/rfc/rfc3444.html |
| RFC 3820 || Proxy Certificate Profile for Internet X.509 Public Key Infrastructure (PKI) (IETF). http://www.apps.ietf.org/rfc/rfc3820.html |
| RFC 3986 || Uniform Resource Identifier (URI): Generic Syntax (IETF). http://www.apps.ietf.org/rfc/rfc3986.html |
| RFC 3987 || Internationalized Resource Identifiers: IRIs (IETF). http://www.apps.ietf.org/rfc/rfc3987.html |
| RFC 4122 || Universally Unique Identifier (UUID) (IETF). http://www.apps.ietf.org/rfc/rfc4122.html |
| RFC 4261 || Common Open Policy Service (COPS) over Transport Layer Security (TLS). It specifies a simple client/server model for supporting policy control (IETF). http://www.apps.ietf.org/rfc/rfc4261.html |
| RFC 4346 || The Transport Layer Security (TLS) Protocol (Version 1.1). Obsoleted by RFC 5246 |
| RFC 5246 || The Transport Layer Security (TLS) Protocol (Version 1.2) (IETF). http://tools.ietf.org/html/rfc5246 |
| RFC 5554 || Generic Security Service Application Program Interface (GSS-API) for the Use of Channel Bindings (IETF). http://tools.ietf.org/html/rfc5554 |
| RNS || Resource Namespace Service (OGF). RNS provides a basic directory service, mapping strings (paths) to WS-Addressing EPRs. RNS has functions to list, insert, and delete entries. http://www.ogf.org/documents/GFD.101.pdf |
| Term || Definition |
| SAML || Security Assertion Markup Language (OASIS). http://www.oasis-open.org/committees/download.php/16768/wss-v1.1-spec-os-SAML~TokenProfile.pdf |
| Scenario || Specific sequence or path of interactions, from initiation to goal, occurring within a particular environment and/or context. A use case may contain multiple scenarios. |
OGSA scenarios are high-level and described in a casual style.
| SDO || Standard Developing Organization. |
Useful SDOs are OGF, IETF, W3C, OASIS
| Service || Unique identification of instances of endpoint, share, manager, resource participating in the provision of some unified capability (GLUE). |
A service in the most general sense is an entity, usually composed of one or more software components, that provides functionality in response to client requests.
A service is often a part of a service-oriented architecture, and participates in realizing one or more capabilities.
| Service composition || Aggregation of multiple small services into larger services. http://www.serviceoriented.org |
| Service-oriented architecture (SOA) || This term is increasingly used to refer to an architectural style of building reliable distributed systems that deliver functionality as services, with the additional emphasis on loose coupling between interacting services. |
Note : An SOA can be based on Web services (which provide basic interoperability), but it may use other technologies instead.
| Service provider || This term is generally synonymous with service. In some contexts it may refer to a person, organization or higher-level system responsible for making a service available to service requestors. |
| Service requestor || This term is generally synonymous with client. In some contexts it may refer to a person, organization or higher-level system that makes use of a service offered by a service provider. |
| SG || Service Grid : Federation of managed computing resources, offering a guaranteed Quality of Service according to a Service Level Agreement. Trust is based on the Authentication of Users and Resources. Often, grid Users PUSH jobs to Computing Resources, but pilot jobs PULL jobs from dedicated servers. |
| Share || Usage of service functionalities or resources constrained on aspects such as identify or UserDomain membership, usage information or resource characteristics (GLUE). |
For example, this is the part of a resource which is available for a VO.
| Shibboleth || Architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on Security Assertion Markup Language (SAML). http://shibboleth.internet2.edu/ |
| Simple job || Job whose description contains only 1 job executed by only 1 batch system, and NOT permitting or requiring direct client interaction with the computing resource. |
The job description MAY require multiple cores, multiple processors, MPI support, ...
| SLA || Service Level Agreement : Contract between a provider and a consumer that specifies the level of service that is expected during the term of the contract. An SLA typically includes one or more service-level objectives specified in a service level definition. |
SLAs are used by vendors and customers, as well as internally by IT shops and their end users. They might specify availability requirements and response times for normal operations and for problem resolution (network down, machine failure, etc.), and they might stipulate the payment and/or penalties associated with meeting or failing to meet the agreed criteria.
Derived from http://www.hostchart.com/webhostingterms.asp
| SLC || Short Lived Credential (Security). |
| SLCS CA || Short Lived Credential Service: An automated CA which translates credentials (usually authentication tokens) issued from a large site or federation into the X.509 format suitable for use on Grids (with a lifetime less than 1Msec). |
| SLD || Service Level Definition |
| SOAP || An XML-based protocol for exchanging structured information in a decentralized, distributed environment. |
See http://www.w3.org/2000/xp/Group and http://www.w3.org/TR/soap12-part1/ for more information.
| Software Engineering || Application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software. http://en.wikipedia.org/wiki/Software_engineering |
Scientific computing applications require mostly scientific algorithmic skills, whereas grid middleware really requires professional software engineering.
| SRM || Storage Resource Manager (OGF). http://www.ogf.org/documents/GFD.129.pdf |
| SSL || Secure Sockets Layer : A communication protocol whose primary goal is to provide private and reliable communication between two applications. http://en.wikipedia.org/wiki/Secure_Sockets_Layer |
SSL is now renamed or replaced by TLS.
| SSO || Single Sign-On (Security). |
SSO across different administrative domains can be achieved only if they belong to the same federation.
| Stage-in || Data transfer(s) performed by the client or the execution service from a location NOT suitable for job execution (Client private area, Web, Tape, Storage resource with poor connectivity, ...) to a location suitable for job execution (Local disk on the computing resource, Storage resource with excellent connectivity to the computing resource). |
PGI does NOT cover Pre-stage-in (occurring before the submission of a job), but focuses on stage-in occurring during the lifetime of the job, with a corresponding entry in the JSDL.
| Stage-out || Data transfer(s) performed by the client or the execution service from a location used by job execution (Local disk on the computing resource, Storage resource with excellent connectivity to the computing resource) to a location suitable for the client after job completion (Client private area, Web, Remote storage resource(s), ...). |
PGI does NOT cover Post-stage-out (occurring after the completion of a job), but focuses on stage-out occurring during the lifetime of the job, with a corresponding entry in the JSDL.
| Staging || Shorthand for Data Staging. |
| Standard || Specification of an interface. |
De facto standards are widely used, but are NOT officially approved by any SDO.
Official standards are approved by a SDO, but few of them are really used.
A diagram presenting useful official and de facto standards is available at http://forge.gridforum.org/sf/go/doc15990?nav=1
| State || An entity’s state is the combined values of its ‘interesting” attributes’. Interesting attributes are those for which external observers may see changes over time. Examples include the position of a switch, the price of a stock, or the amount of memory allocated to a process. |
Since not all attributes may be available or interesting to all possible observers, different observers may have different views of the state of an entity at a given time.
A change in the value of an attribute is an event.
| Storage resource || Resource which provides a physical or logical storage capability. Examples include storage devices, storage appliances, disk volumes and file systems. |
| Support functionalities || Functionalities which are NOT directly required by the end user, but which are in fact necessary for operation. Examples of such support functionalities are information, security, logging, accounting, monitoring, ... |
| Term || Definition |
| TLS || Transport Layer Security: a secure communication protocol. TLS is a successor to SSL, and offers additional security measures. |
TLS is defined by RFC 5246 (IETF) http://tools.ietf.org/html/rfc5246
See http://en.wikipedia.org/wiki/Transport_Layer_Security for discussion of this topic.
| Trust || The willingness to take actions expecting beneficial outcomes, based on assertions by other parties (Security). |
| Trust authority || An entity that is trusted to issue specified assertions. |
| Trust management || Definition of trust authorities and specification of what they should be trusted to do. |
| Trust relationships || Polices that govern how entities in differing domains honor each other’s authorizations. |
An authority may be completely trusted (for example, any statement from the authority will be accepted as a basis for action) or there may be limited trust, in which case only statements in a specific range are accepted.
| Term || Definition |
| UI || User Interface machine (gLite) |
| UML || Unified Modeling Language http://www.uml.org/ |
UML is a very useful tool of software engineering :
It permits to create diagrams clearly showing Use cases, Requirements, Classes, Collaborations, Message Sequences, States, Deployments, Flow Charts, … which may be understood by engineers, criticized, improved, and then perhaps implemented.
| UNICORE || Uniform Interface to Computing Resources : Grid middleware developed, supported and used by DEISA, SKIFGrid and other National Grid Initiatives (NGIs). http://www.unicore.eu/ |
| UNICORE-BES || Implementation of the OGSA-BES recommendation inside UNICORE. |
| Unit of work || Synonym of ComputingActivity and Job. |
| UR || Usage Record, for Accounting (OGF). http://www.ogf.org/documents/GFD.98.pdf |
| URI || Uniform Resource Identifier : String used for identifying an abstract or physical resource. http://en.wikipedia.org/wiki/URI |
| URL || Uniform Resource Locator: URI specifying the address of an Internet resource. http://en.wikipedia.org/wiki/URL |
| Use case || Description of a system’s behavior as it responds to a request that originates from outside of that system. In other words, a use case describes ‘who’ can do ‘what’ with the system in question. The use case technique is used to capture a system's behavioral requirements by detailing scenario-driven threads through the functional requirements. http://en.wikipedia.org/wiki/Use_Case |
Use cases should NOT focus on user applications or on the internals of the described system, but on the boundaries of the system, on preconditions, on actors, stakeholders and participants, on the primary scenario of interactions between the actors and the system, and on postconditions.
| User || End users are scientists, with various ICT and grid knowledge. For example : Application developers, Experienced application users, Scientists with no ICT knowledge using a scientific portal, ... |
Direct users of grids are various : Developers of scientific applications, Integrators of scientific applications for grids, Providers of scientific workflow engines, Providers of scientific portals, Site Administrators, VO Administrators, ...
| UserDomain || Abstract concept for a Virtual Organization (GLUE) |
| UUID || Universally Unique Identifier, as defined by RFC 4122 (IETF). This is a specification for a 128-bits Identifier with Global Uniqueness (represented as 32 hexadecimal characters), often implemented as GUID. http://tools.ietf.org/html/rfc4122 |
| Term || Definition |
| VDT || Virtual Data Toolkit : Grid middleware used by OSG. http://vdt.cs.wisc.edu//index.html |
| Virtualization || Virtualization uses a level of indirection to abstract the implementation details of one or more entities, enabling them to appear to their consumers in a more appropriate form. For example, a virtualized entity might present different interfaces from its underlying entities, a single entity might be partitioned and presented as a set of (lower-capacity) entities, or a set of discrete entities might be treated as a single aggregate entity. |
| Virtualize || See virtualization. |
| VO || Virtual Organization : One implementation of a UserDomain (GLUE). |
A virtual organization comprises a set of individuals and/or institutions having direct access to computers, software, data, and other resources for collaborative problem-solving or other purposes.
VOs are a concept that supplies a context for operation of a grid that can be used to associate users, their requests, and a set of resources. The sharing of resources in a VO is necessarily highly controlled, with resource providers and consumers defining clearly and carefully just what is shared, who is allowed to share, and the conditions under which sharing occurs.
| Volunteer computing || Form of desktop grid infrastructure where computing is performed on personal computers volunteered by their owners. This differs from institutional desktop grids because the computing resources are : |
• unaccountable and untrusted,
• sporadically connected,
• often behind NATs, firewalls, or HTTP proxies,
• highly diverse in terms of hardware and software.
| VOMS || VO Management Service. |
| VOMS AC || Attribute Certificate provided by a VOMS server (OGF). |
Its format is defined by an OGF draft at http://forge.gridforum.org/sf/go/doc13797?nav=1 referring to RFC 3280 and RFC 3281.
| VOMS extensions || = VOMS-style AC = VOMS-style Attribute Certificates = X509 Attribute Certificates. |
| VOMS proxy || X509 proxy with VOMS extensions (OGF). |
| VRC || Virtual Research Community : Group of researchers sharing common interest. |
Some VRCs have already established a VO for grid usage, others have not done it yet.
| Term || Definition |
| X509 || ITU-T standard for a public key infrastructure (PKI) for single sign-on (SSO) and Privilege Management Infrastructure (PMI). X509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm. |
| X509 certificate || X509 EEC (End Entity Certificate) directly signed by a certificate authority. This signature normally requires some time (human verification), so these full X509 certificates are NOT convenient to convey additional attributes defined on the fly. |
| X509 proxy || X509 certificate (usually short-lived to lower security issues) authenticated by a another X509 certificate, but NOT directly signed by a certificate authority. An X509 proxy can contain additional attributes defined on the fly, such as VOMS extensions signed by a VOMS server. ATTENTION : Globus proxies created by GSI permit delegation by GSI, but are NOT compatible with RFC-3820-compliant X509 proxies. |
| XACL = XACML || eXtensible Access Control Markup Language (OASIS). http://xml.coverpages.org/xacml.html |
| XML || eXtensible Markup Language : Flexible text format that is used for data exchange. http://www.w3.org/XML |