05/13/2006: "GGF 17 comes to an end....."

The GGF meeting came to an end yesterday and today was the end of the GRID World meeting that was co-hosted. I attended all GGF sessions that were related to requirements engineering, security and databases. The general impression I was left with is that the Grid community is still trying to derive requirements in an attempt to scope what we call GRID computing. The driving force behind this process are the end users and their experiences in their respective applications.

As such there were a lot of discussions on how to sustain links with end users and continually refine middlware requirements. Several people presented requirements that had been derived from various data intensive application domains such as astrophysics, pointing out that security requirements are still surfacing. GOLD went down the same route of investigating a particular domain and using those results in order to scope our software solutions and further more generalise them. One of the conclusions I drew from this meeting is that as it turns out, the process of using domain specific use cases to derive generic requirements is inadequate. This is not to say that the process is totally wrong but it is not capable of producing a generic view which is what GGF people aim for, specially as a way of developing standards. I guess I am guilty of believing that to an extend.

Addressing accountability, privacy and at the same time data integrity is something that was discussed a lot. The usage of certificates came into question. One of the things that became clear to us at the GOLD project since the early days is that in order to deal with such issues, is to really understand what the trade offs are. We always pushed the idea of a flexible middleware platform where such issues are decided by the application and not by the middleware provider. There was a talk where the authors went back to ideas that were considered dead and burried, such as identity based cryptography keys as a way to deal with both issues of accountability and data integrity. That was not of course well received. It is important to understand that middleware cannot possibly dictate a solution for all these issues to the application. It is the application (i.e. end users ) that have to decide on a middleware solution that best suits their needs, moving at the same time (as my ph.d. supervisor used to teach me) the responsibility boundary from the vendor to the application.

In the area of security I was pleased to see some initiative in areas such as intrusion tolerance and intrusion detection. I came across this idea s few years back but nothing much had actually happended. Again as I said earlier the requirements for an initial model to address these issues was derived by experiences with dealing with hackers, data and identity theft.

OGSA DAI 2.2 was also presented. According to the developers this new installment supports several open source servers. I also found out a few things about the work at Manchester and in particular the DAIS (Database Access and Integration Services) working group. Some of the work on creating transparent platform independent interfaces to database resources is very exciting. I spoke extensively about this with my Manchester colleagues and I think the GOLD information management work could benefit from it. I definately think that GOLD should have kept in touch with GGF and I will urge my collegues to make an effort to attend future meetings. I am giving a talk at the university of Berkeley end of next week and I will now try to amend my slides to reflect my GGF experience. Will update again soon...