XSEDE Architecture Level 3 Decomposition June 30, 2013 Version 0.971 Felix Bachmann, Ian Foster, Andrew Grimshaw, David Lifka, Morris Riedel, Steven Tuecke XSEDE Architecture Level 3 Decomposition v.0.97 Page i Document History Relevant Sections Version Date Changes Author Entire Document 0.9 10/11/2012 First public release XSEDE Sections 4.1, 5 0.91 2/25/2013 Updated based on feedback during the Grimshaw SD&I design review. Sections 4.2, 6, 7 0.92 4/1/2013 Updated based on feedback during Foster SD&I review; also to remove refer- ences to XUAS components that are not fully specified. Section 3.1.5 0.93 4/25/2013 Updated based on feedback during the Foster (removed), 3.2.1, SD&I design review. Removed Globus 3.5. [3-5] (re- Help (3.1.5), Nexus LDAP interface moved), 6.1.2.5 (6.1.2.5). Removed refs to XUAS Java (removed), 4.2.2, and Python APIs that are not yet 4.2.4, 6.1.2, 7.1.2, documented. Standardized naming for 7.3.2 Globus Online File Transfer CLI. Removed obsolete XUAS XML refs. Added refs for all interface specifica- tions in section 6.1.2. Added an overview of the common identity services. Described SAML-based authentication via CILogon. Added description of MIT Kerberos packages and detailed their deployment. Re- moved references to Globus execution management services. New Section 6.3 0.94 5/9/2013 Added protocol references and Foster sequence diagrams for XUAS identity- related component interactions. 1, 2, 3.2.3.2, 3.2.4, 0.95 5/21/2013 Added "Fully Reviewed on March 29, Grimshaw 3.3.1, 3.3.2.4, 2013" 4.1.9, 5.1.1.1, 5.1.5, 5.2.5, 5.3.2, 5.4.3, 5.4.4, 8.1.1, 8.2 7.3.5 (new), 0.96 5/21/2013 Added package info for Globus GSI Foster 8.1.3, 8.3 clients and deployment information for Globus GSI clients, MyProxy clients, GridFTP clients, X.509 CA data 7.3.5, 8.3 1.1.1.2 6/1 Clarified MyProxy & Globus GSI client 1.1.1.1 0 1.1.1.3 F /2013 packages .97 oster XSEDE Architecture Level 3 Decomposition v.0.97 Page ii Table of Contents 2 Introduction - Fully Reviewed on 3/29/2013 ...........................................................................5 2.1 The Purpose of this Document............................................................................................5 2.2 Web Services vs. Web/Cloud Approaches to Architecture ...................................................6 2.3 Structure of this Document ................................................................................................6 2.4 Document Management and Configuration Control ............................................................7 2.5 Relationship to Other Software Architecture Documents SADs ............................................7 2.6 Process for Updating this SAD ............................................................................................7 3 Architecture Background - Fully Reviewed on 3/29/2013 ........................................................8 3.1 Access layer .......................................................................................................................9 3.2 Services Layer .................................................................................................................. 10 3.3 Resource Layer ................................................................................................................ 11 4 Access Layer Level 3 Decomposition ..................................................................................... 12 4.1 Thin-client graphical user interfaces ................................................................................. 12 4.1.1 XSEDE User Portal thin-client GUI ......................................................................................... 12 4.1.2 OAuth Login thin-client GUI .................................................................................................. 13 4.1.3 Globus Nexus thin-client GUI ................................................................................................ 14 4.1.4 Globus Online file transfer thin-client GUI ............................................................................ 16 4.2 Command-line interfaces (CLI) .......................................................................................... 17 4.2.1 Globus Online File Transfer CLI ............................................................................................. 17 4.2.2 Globus Toolkit globus-url-copy file transfer CLI .................................................................... 19 4.2.3 Genesis II command-line tools .............................................................................................. 20 4.2.4 The UNICORE 6 command-line tools - Security Elements Reviewed on 3/29/2013 ............ 22 4.3 Thick-client graphical user interfaces ................................................................................ 23 4.3.1 UNICORE Rich Client - Security Elements Reviewed on 3/29/2013 ................................... 23 4.3.2 Genesis II GUI ........................................................................................................................ 26 4.3.3 Kepler GUI using Open Standard Web Service Interfaces..................................................... 31 4.4 File Systems ..................................................................................................................... 32 4.4.1 The Global Federated File System (GFFS) ............................................................................. 32 4.4.2 Mounting GFFS ...................................................................................................................... 33 4.5 Application Programming Interfaces ................................................................................. 35 4.5.1 Web Services APIs ................................................................................................................. 36 4.5.2 SAGA: A Standard API for Grid Applications ......................................................................... 36 5 Two Architectural Approaches ............................................................................................. 39 5.1 Open Standards-Based Web Services Architecture ............................................................ 39 5.1.1 SOAP ...................................................................................................................................... 40 5.1.2 Containers and Factories: The Creation of Endpoints .......................................................... 41 5.1.3 Naming and Binding: The Naming of Endpoints ................................................................... 41 5.1.4 WS-Addressing ...................................................................................................................... 42 5.1.5 WS-Naming ............................................................................................................................ 42 5.1.6 WS-Notification ..................................................................................................................... 43 XSEDE Architecture Level 3 v.0.94 Page 1 5.1.7 Reflection and Discovery: The Discovery of Endpoints ......................................................... 44 5.1.8 OGSA WSRF Basic Profile....................................................................................................... 45 5.1.9 Security: Securing Interactions Between Endpoints - Fully Reviewed on 3/29/2013 ........... 45 5.2 The Web/Cloud Approach and XUAS ................................................................................ 47 5.2.1 REST and HTTP ...................................................................................................................... 47 5.2.2 JSON ...................................................................................................................................... 48 5.2.3 TLS (HTTPS) ............................................................................................................................ 49 5.2.4 OAuth 2.0 .............................................................................................................................. 49 6 X-WAVE ............................................................................................................................... 49 6.1 Services Layer Interfaces .................................................................................................. 50 6.1.1 Discovery & Information ....................................................................................................... 50 6.1.2 Execution Management ........................................................................................................ 53 6.1.3 Data Management ................................................................................................................ 56 6.1.4 Infrastructure Services .......................................................................................................... 59 6.1.5 Identity - Fully Reviewed on 3/29/2013 ............................................................................... 59 6.1.6 Accounting & Allocation ........................................................................................................ 61 6.1.7 Help desk & Ticketing ............................................................................................................ 62 6.1.8 Genesis II Specific Interfaces ................................................................................................. 62 6.1.9 UNICORE 6 Specific Interfaces .............................................................................................