In discussion with the Sakai development team, we have identified four generic areas for a demonstrator VRE project to enable a wide selection of tools to be integrated as discussed. Framework extensions would be made to accommodate emerging authentication and authorisation systems such as Shibboleth and PERMIS and SOAP-based interaction with remote services such as WS-I Web services and WSRF Grid services as well as peer-to-peer services. These will be included as an ``Integration API'' which could eventually extend the OKI OSIDs. These extensions are focussed on enabling a portal, such as Sakai, to work in a distributed Service Oriented Architecture. This could be by accessing remote Grid or other services, aggregating content, or enabling communication between portals in a way which differs from the usual client-server model, e.g. peer-to-peer. This breaks the potential bottleneck associated with the usual monolithic portal interface (although in practice that has not been seen to be a problem with thousands of users of institutional portals based on CHEF).
In the evaluation we have attempted to investigate the design of a generic JSF interface to Web services via WSDL and a UDDI registry.
Identification, or specification, of an XML grammar for describing of collaborative research. This work is concerned with the problem of describing a collaborative research session in a standard, easily machine parsable fashion. Firstly we need to be able to describe the time of the proposed session. We then need to be able to describe its subject matter in as rich a set of terms as possible. This contextual description will be utilised in other tools, e.g. for information retrieval. Finally, we need to be able to describe the participants. The eduPerson initiative http://www.educause.edu/eduperson/ will be assessed as a suitable source for a descriptive grammar. The eduPerson initiative is aimed at providing a standard way for institutions to list individuals in their LDAP directories. One of the outputs of the eduPerson project will be a controlled vocabulary that could be used in an XML grammar such as the one proposed here. Some background work has been done by the project partners to extend the UDDI service registry schema to describe projects, people, resources and applications http://www.grids.ac.uk/Papers/Schema/schema.pdf. Other input will be taken from the CCF, Collaborative Computing Frameworks joint project between University of Reading and Emory, USA.
A Service Authentication and Identity Verification System. A concern with establishing virtual collaborations, is one of identity. How can you be reasonably sure that the colleague you are working with 500 miles away is the person they say they are? Any Grid tools accessed via Web services are likely to require Grid Security Infrastructure (GSI) type or other appropriate authentication. This work package will implement a Shibboleth Federation (see http://shibboleth.internet2.edu/) consisting of the collaborators' institutions. Access to the VRE will be protected by a resource manager, which will delegate authentication to the callee's institution. The keys exchanged during the Shibboleth authentication phase will then be used for generation of the appropriate Grid credentials required for use of the Grid tools contained within the VRE. This will build on the JISC evaluation in which Sakai has already been linked to an institutional LDAP people system. Other technology could be harvested from HPCPortal or OGCE which use x.509 extension certificates and a MyProxy certificate repository hosted at the UK Grid Support Centre http://myproxy.grid-support.ac.uk.
Another concern is with establishing appropriate authorisation mechanisms respecting local policies. PERMIS provides a system using a role-based set of authorisation policies. It is the job of the tool provider to outline the privileges of the different roles and to the remote site to assign roles to its users. We will seek input from JISC-funded Security Middleware projects on this and related matters. A separate bid is being prepared to enhance the management interface for PERMIS in these areas for use with Sakai by the Salford group.
A JSF-based Web service interface generator. If we wish to provide access to Web services as tools within the Sakai framework, we need to provide a user interface for parameter input. Within Sakai such interfaces are rendered using a pipeline consisting of an abstract XML layout description and a final Java Server Faces user interface. This work package will produce code that generates such an interface from the WSDL file of a desired Web service. All that will be required is the URL of the service WSDL. We will seek input from the Indiana Xportlets group who have done related work xportlets.
Service registries are a key technology enabling shared development, code distribution and re-use and version management. This functionality will be capable of being coupled with UDDI registry lookups so that a VRE user will be able to search for appropriate Web services to integrate as tools, select the most desirable ones and have user interfaces transparently created there and then. Prototype UDDI servers are being hosted at Daresbury and Oxford. Background work is reported in http://www.grids.ac.uk/Papers/UDDI/uddi.pdf.
This work will have to be closely coupled with the identity work as the credentials gathered at Sakai logon will have to be passed onto any Web services requiring authentication. This is done in HPCPortal and GROWL using agents, a session key and MyProxy and similarly in the GT3.9.1 implementation of WSRF.
Interface to Peer to Peer Tools This task is to provide generic interfaces to integrate tools using peer-to-peer technology such as JXTA in a straightforward way. Its scope is largely still to be defined, but it is a response to the emergence of peer-to-peer tools such as LionShare which would ideally be accessible in a VRE through a single interface. The interface will also support the peer-to-peer communication between portlets in multiple portal instances (another form of aggregation). A complementary proposal to use P2P services to establish a VRE is being submitted by the Reading and Westminster groups. Background work is reported in http://www.grids.ac.uk/Papers/Rana/rana.pdf.