Standardization Matrix Standardization Matrix

  A-Rex ARC Info System ARC Clients ARGUS BDII CREAM dCache DPM EGIIS FTS LFC SAGA-SD-RAL StoRM UNICORE WMS VOMS STS WNoDeS  
EMI-ES EMI3(supported) EMI3(supported)       EMI3               EMI3         EMI-ES
GLUE2                       Supported in EMI3     EMI2 EMI3     GLUE2
GridFTP supported(both as server and as client)         supported for data staging             supported as transfer service supported for data staging since EMI1         GridFTP
HTTPS (not GSI) EMI3(supported)                       Not by 31 October code freeze   EMI1   EMI3   HTTPS (not GSI)
JSDL                                     JSDL
NFS 4.1/pNFS                                     NFS 4.1/pNFS
OGSA-BES supported(as server)                                   OGSA-BES
POSIX/IO                                     POSIX/IO
SAGA-ISN                       Supported in EMI3             SAGA-ISN
SAGA-SD                       Supported in EMI3             SAGA-SD
SAML                           Yes, EMI*     EMI3   SAML
SRM supported(as client)                         EMI3 (as client)         SRM
UR(Compute)--CAR EMI3(supported)         EMI3               EMI3 (as producer)         UR(Compute)--CAR
UR(Storage)--StAR               EMI3         Not by 31 October code freeze           UR(Storage)--StAR
WebDAV                         EMI3           WebDAV
WSRF                                     WSRF
XACML EMI3(supported, as client through plugin to talk with Argus PDP server)                                   XACML
Delegation (gridsite) EMI3(supported, gridsite delegation protocol version 1.0, 2.0 and 2.1)                           support gridsite delegation protocol 1.0 and 2.0 since gLite       Delegation (gridsite)
WS-Trust                                 EMI3   WS-Trust
                                       
Color Code                                      Color Code
No expected standard adoption or standard not applicable Standard adopted Planned standard adoption Later standard adoption (problematic)                               No expected standard adoption or standard not applicable

Component Details Component Details

EMI-ES (PGI)

The EMI Execution Service (ES) specification was created based on various concepts that have been collected from e-science
application use cases by the OGF Production Grid Infrastructure (PGI) working group and are standardized under the GIN umbrella
within OGF. The specification has been partly adopted during the EMI-2 preparation and issues found in the specification have been
corrected towards production usage. The adoption of this specification is thus part of the EMI 3 release with implementations in the
ARC A-Rex and gLite CREAM computing elements as well as in UNICORE.

 

EMI Product

Planned Adoption

Adoption Status

A-REX

EMI 2

EMI 2

CREAM

EMI 2

EMI 2

UNICORE

EMI 2

EMI 2

WMS

EMI 3

EMI 3

 

GLUE-2

The EMI product portfolio is largely based on an information ecosystem based on the OGF GLUE2 information model standard. EMI works on harmonizing all products toward the use of this standard.

 

EMI Product

Planned Adoption

Adoption Status

A-REX

EMI 2

EMI 2

ARC Info System

 

 

ARGUS

EMI 2

EMI 2

BDII

EMI 1

EMI 1

CREAM

EMI 2

EMI 2

dCache

EMI 2

EMI 2

DPM

EMI 2

EMI 2

LFC

EMI 2

EMI 2

FTS

EMI 2

EMI 2

EGIIS

 

 

SAGA-SD-RAL

EMI 2

EMI 2

UNICORE

EMI 1

EMI 1

WMS

EMI 1

EMI 2 U Planned

VOMS

 

 

 

GRID-FTP

The OGF GridFTP specification is one of the most used standards in data transfer particularly optimized for large-scale data transfers. Several EMI products adopt the GRIDFTP standard such as dCache and FTS.

 

HTTPS (not GSI)

One of the major goals of the EMI project is to enable the use of EMI products with Web-based solutions thus requiring the adoption of the standard HTTP(S) instead of the proprietary Grid Security Infrastructure (GSI) access methods. All storage elements offering the support for the HTTP(S) protocol that includes dCache, DPM, and StoRM with the EMI 2 release. The use of this interface is currently limited to those interactions that require no delegation methods.

EMI Security Token Service and WS-Trust

EMI Security Token Service (STS) is a service for transforming an existing security token into another type of security token. The
Security Token in STS format is according to the definition of WS-Security specification, as a collection if claims that can be attached
into Web Service message (SOAP message).
STS is a partial implementation of the OASIS WS-Trust specification, which defines extensions that build on WS-Security to provide a
framework for requesting and issuing security tokens, and to broker trust relationships(WS trust).
The token formats that has been supported by STS include X.509 Token, SAML Token and Username Token. There are attempts for STS to
strike a balance between the extensibility offered by the WS-Trust specification and the need to scope that functionality into a manageable set,
see WS-Trust profile, X509 Token profileSAML Token profile and UsernameToken profile.
The transformation of security token provided by the implementation of current STS covers two practical scenarios, from SAML Token
to X.509 Token, and from SAML Token to X.509 proxy Token (with VOMS attributes). In the first scenario, STS service contacts
online-CA to issue the X.509 certificate. In the second scenario, STS service contacts online-CA and
and VOMS server sequentially to issue the X.509 certificate, acquire the VOMS AC, and finally issue the voms proxy.
The Username/Password is also utilized in these scenarios for the authentication between client and Identity Provider,  and
acquisition of SAML assertion afterwards, but since the fact that the implementation of Identity Provider is out of the scope of
STS, and Identity Provider does not support WS-Trust profile, the transforming from Username/Password into SAML Token is not
compliant to WS-Trust specification.
By putting the two stages of token transforming (Username/Password to SAML Token, and SAML Token to X509 Token) together, STS
established the trust relationship between different security domains (SAML Trust domain provided by Identity Provider, and X.509
Trust domain provided by online CA and VOMS server).