The DECIDE Science Gateway

(1)

y a w e t a G e c n e i c S E D I C E D e h T

e n o z z i d r A .

V

^{1 ,}^,³^*

, R . B a r b e r a

¹^,²^,³

, A . C a l a n d u c c i

¹^,³

, M . F a r g e t t a

¹^,³

, G . L a R o c c a

³

, S . M o n f o r t e

³

, a

n g a t s i P .

F

³

, R . R o t o n d o

³

, . D S c a r d a c i

³

1ConsorzioCOMETA ,ViaS .Soifa64 ,95123Catania ,tIaly.

2Departmento fPhysic sandAstronomyoft heUniverstiyo fCatania ,VialeA.Doria6 ,95125Catania,I taly.

3 tIailanNaitonalI nsttiuteo fNuclea rPhysics ,Divisiono fCatania ,ViaS .Soifa64 ,95123Catania ,tIaly.

T C A R T S B A

: n o it a v it o

M Thepresen tpape rrepotrsonthearchtiectureandthe e h t n i d e p o l e v e d y a w e t a G e c n e i c S e h t f o n o it a t n e m e l p m i t n e s e r p

n e o t s i k r o w e h t f o n o it a v it o m e h T . t c e j o r p E D I C E D e h t f o t x e t n o

c a-

e e l

b -Heatlh fo rEuropeanciitzens irrespecitveo fthei rsocia land n

if ancia lstatus andthei rplaceo fresidence ,providing them wtih h

g i h a o t s s e c c

a -qualtiyealrydiagnositcandprognositcservicef o r e h t n o d e s a b , a it n e m e d f o s m r o f r e h t o d n a e s a e s i D r e m i e h z l A e h t

. e r u t c u rt s a rf n i d ir G d n a k r o w t e n h c r a e s e r n a e p o r u E

1 INTRODUCTION

t s a p e h t n i y l s u o m r o n e d e p o l e v e d s a h g n i g a m i l a c i d e m f o d l e if e h

T0years .Image database smadeo fthousand so fmedica limage s 2renowavaliablet obeuseda sareferencefori ndividua ldiagn

a o-

i y ll a n o it a t u p m o c d n a d e t a c it s i h p o s , e m it e m a s e h t t A . s i

s ntensive

m o rf n o it a m r o f n i t c a rt x e n a c t a h t d e p o l e v e d n e e b e v a h s m h ti r o g l

aedicali magesi nvisiblet ot henakedeye.I nparitcular ,braindi

m s-

t n e l a v e r p y l h g i H . s n o it a c il p p a h c u s m o rf t if e n e b o t y d a e r e r a s e s a

end burdensome chronic condiiton ssuch a s

a Alzheimer Disease

o s i d l a t n e m p o l e v e d o r u e n d n a e v it a r e n e g e d o r u e n r e h t o d n a ) D A

( r-

e g a m i h ti w y lr a e d e s o n g a i d e b n a c s r e

d -basedmarker sofs rtuctura l y

lr a e g n i w o ll a , s e g n a h c n i a r b l a n o it c n u f d n

a pharmacologica lo r

o il li m 4 . 1 , r a e y h c a E . s n o it n e v r e t n i e v it a ti li b a h e

r nEuropean swli l

b s i ti d n a ) s d n o c e s 4 2 y r e v e e n o ( a it n e m e d f o m r o f a p o l e v e

d e-

h ti w g n i v il s n a e p o r u E n o il li m 3 . 7 e r a e r e h t y lt n e r r u c t a h t d e v e

ilemenita and abou t35.6 mliilon people wolrdwide .Inaddiiton , dha tnumberi sesitmatedt onealrydoubleovert h

t enex t20yearst o

f o s s e n ll i f o t s o c l a t o t e h t , 8 0 0 2 n I . 0 3 0 2 n i e l p o e p n o il li m 7 . 5

6emenita disorder sintheEuropeanUnion wa sesitmatedto 160 dliilon

b Euroo fwhich56%werecost sofi nforma lcare .Becauseo f s

s e r p g n i s a e r c n i d n a n o it a l u p o p g n i e g a e h

t ure sonpubilc ifnances ,

e d t x e n e h t n i s e g n e ll a h c r o j a m e h t f o e n o e m o c e b l li w a it n e m e

d c-

.s m e t s y s h tl a e h l a n o it a n f o y ti li b a n i a t s u s e h t r o f s e d

anfotrunately ,neuroinformaitc sadvancement srequrie highco

U m-

e g r a l s a l l e w s a s e c r u o s e r e g a r o t s d n a l a n o it a t u

p referencei mage

c a d e c n a v d a o t e s u r i e h t g n i n if n o c , s n o s r e p l a m r o n f o s t e s a t a

d a-

e t a ir p o r p p a h ti w d e p p i u q e s e rt n e c h c r a e s e r d n a s l a ti p s o h c i m e

dumanexperitseandcomputaitonalf aciilite.s

himoft heDiagnositcEnhancemen to fConifdencebyanI ntern

A a-

l a n o

it DistirbutedEnvrionmen t(DECIDE )project[DECIDE] , -co

*Correspondingauthor ;emali :[email protected].

r P k r o w e m a r F h t n e v e S s ti r e d n u n o i n U n a e p o r u E e h t y b d e d n u

f o-

, m a r

g i s to design , implement , and vaildate a dedicated e- n

a P e h t n o g n i y l e r e r u t c u rt s a rf n

I -European backbone GÉANT

] T N A E G

[ and the Naitona lResearch and Educaiton Network s u e .I G E e r u t c u rt s a rf n I d ir G n a e p o r u E e h t n o d n a ) s N E R N

( [EGI ]

) s I G N ( s e v it a it i n I d ir G l a n o it a N e h t d n

a andbasedont her esearch

. D I R G u e n f o e r u t c u rt s a rf n ivert hi se

O -Inrfasrtucture ,aproducitonqualtiyservicewli lbepro- r

e t u p m o c e h t r o f k c o l c e h t d n u o r a d e d i

v -aidedexrtacitono fdiag-

r o f s r e k r a m e s a e s i d c it s o

n A D and schizophrenia rfom medica l .s

e g a m

i DECIDE wli loffe racces sto abigdistirbuted reference 2

d n a 0 5 8 ( s e s a b a t a

d ,200dataset s rfomnormalandneurologica l e

g r a l , ) y l e v it c e p s e r , s t c e j b u

s dsitirbuted compuitng and storage e

r o m ( s e c r u o s e

r than1,000CPUcores and70TBo fstorage), and :

s l o o t g n i s s e c o r p e g a m i e v i s n e t n

i x Automatedsegmentaitono fhippocampa lvolume rfomsrtuc- u

t ra lmagneitcresonance imagest osuppotrt hediagnosi so f D

x A ; Voxel-based staitsitca lanalysi so f18F-FDGposirtonemis- d

n a ) T E P ( y h p a r g o m o t n o i

s Tc99-ECDsinglephotonemis- n i a r b f o s n r e tt a p s s e s s a o t ) T C E P S ( y h p a r g o m o t n o i

s ph o-y

h d n a m s il o b a t e

m y op -perfusiontosuppor tthediagnosi so f x AD; Specrtal-basedstaitsitca lanalysi so felecrtoencephalographic

e h t r o f d e s u , s e i d u t

s exrtacitono fquanttiaitveelecrtophysio- f

o s i s o n g a i d e h t tr o p p u s o t s r e k r a m l a c i g o

l A ; D

x Patternr ecogniitonanalysi soff uncitona lneuroimagings tud- ,

s e

i arleady assessed fo rthe exrtaciton o fclass-related b-i n

i s r e k r a m

o theclassiifcaitono fschizophrenicpaitent swtih A

P O D F 8

1 PETandextendedfo rfuncitona l18F- GFD -PET e

v it a r e n e g e d o r u e n n

i demenita.

e n ( s r e s u d n e e h t o t d e s o p x e e r a s l o o t d n a s n o it a c il p p a E D I C E

D u-

e c n e i c S a h g u o r h t )l a r e n e g n i s t s it n e i c s d n a , s n a i c i s y h p , s t s i g o l o

rateway[ Wlikins

G -Dieh r2007 ,Wlikins-Dieh r2008] .

e h t m o rf d e t n e s e r p s i y a w e t a G e c n e i c S E D I C E D e h t r e p a p s i h t n

Iechnica landt echnologica lpoin to fview .Thepaperi sorganized t s

a follows .Seciton 2descirbe sthe archtiecture o fthe DECIDE s ti d li u b o t d e s u s e i g o l o n h c e t d n a s d o h t e m e h t d n a e r u t c u rt s a rf n

ippilcaitonpotral .Seciton3r epotr sont hei mplementaitondones o aa randt hef ristr esutl sobtained .Conclusion saredrawni nS

f eciton

. 4

(2)

2 METHODS s i m r o ft a l p E D I C E D e h

T buli tont opoft hreef undamenta lpillars : d

n a s e c r u o s e r g n it u p m o c d ir G , y ti v it c e n n o c k r o w t e

n domain-

c if it n e i c s c if i c e p

s appilcaitons(seeFigure1) .Thenetworkconnec- f

o e p y t t n e r e f fi d r e h t e g o t s g n ir b y ti v

it srtucture s(cilnica landre- o t s u c a h ti w ) s n o it u ti t s n i h c r a e s e r c i m e d a c a d n a s r e t n e c h c r a e

s m-

n i d e z

i terconneciton among al lpatrne rstie sand granitng high d

e e p

s l/arge bandwidthand reilableacces stotheGird inrfasrtuc- G

e h T . e r u

t ir dinrfasrtucturei suseda sacollaboraitont oolamong o

m r a h o t e u l g l a c i g o l o n h c e t a s a s r e n tr a

p nizeandunfiydevelop-

d n a s t n e

m a sanelasitcpoo lo fcompuitngandstorageresource s e

r e h

w to hos tlargevolume so fdataandperformthei ranalyses . u

E e h t n o s e il e r E D I C E D f o d ir G e h

T ropeanGÉANTnetworkand

r e n tr a p s e d i v o r

p stie swtihdriec tilnk st otheriNRENs .DECIDE il

p p

a caitonsr efert ofou rdfiferen tdiagnositc/prognositcalgortihm s p

a d e c n a v d a n o d e s a b e r a h c i h

w proachest ohandle mco plexi mag- t

a m i a d n a s

e enhancing diagnositc conifdence .Neuroimaging x

e e b l li w s r e k r a

m rtactedbyt hetechniques ilstedi nt hepreviou s ,

n o it c e

s compairngt heneuroimagingdataoft hepaitents t olarge e h t y b d e t c e n n o c r e t n i s l a ti p s o h e h t y b d e r a h s e s a b a t a d e c n e r e f e

r e-

e r u t c u rt s a rf n

I .TheDECIDEservice swli lbevaildatedincutitng- n

o it i d n o c l a c i n il c e g d

e sand the diagnosi so fschizophrenia wli l d

e s s e r d d a e b o s l

a .

. 1 . g i

F Mulit-layeredarchtiectureoft heDECIDEplaftorm. i s n a i c i s y h p d n a s t s i g o l o r u e n g n it r o p p u s n o d e s u c o f s i E D I C E

D n-

d e v l o

v ni theassessmen to fneurodegeneraitvediseasesi nt hed-i y b e c n e d if n o c s r e s u g n i c n a h n e t a s m i a d n a s i s o n g o r p d n a s i s o n g

amprovingt her eilablitiyoft her equriedanalysi sandbyi ntegraitng iifferen tcilnica lapproache.sI tha sbeenconceivedt ot arge tano

d n-

c n e i d u a l a c i d e m l a c i n h c e

t eandt irest osuppotrt hedaliyneed so f d n o y e b l l e w g n i o g , s t n e it a p r i e h t h ti w g n il a e d e li h w s t s i g o l o r u e

nhewolrdofr esearch. thevetr

T ica lapproacht oe-HeatlhadoptedbyDECIDEensurest he c

l a c i g o l o r u e n e h t f o s t n e m e ri u q e

r ommuntiytobetakenintoac- s e c i v r e s n o it a c il p p a f o n g i s e d e h t n i g n i n n i g e b y r e v e h t m o rf t n u o

coensureful lusablitiyi narea lcilnica lenvrionment .The

t useo f

a m I e c n a n o s e R c it e n g a M ( a t a d n o it i s i u q c a l a c i d e m t n e r e ff i d r u o

f g-

g n

i - MRI ,PosirtonEmissionTomography - TPE ,SinglePhoton o

m o T d e t u p m o C n o i s s i m

E graphy - SPECT ,and Elecrtoenceph- g

o l

a raphy - EEG )allow scombining complementary diagnositc y s g n il b a n e , s i s o n g a i d e s a e s i d e v it a r e n e g e d o r u e n n o s e h c a o r p p

a n-

d n a s n i a m o d l a c i n il c t n e r e f fi d n e e w t e b s e i g r

e possiblysupporitng

d l e if e h t n i s e h c a o r p p a l a c i n il c t n e r e f fi d g n o m a s e i d u t s n o it a l e r r o c

o fneurology .Fou rdfiferen tdiagnositc/prognositcalgortihm sare E

D I C E D e h t n i s e c i v r e s s a d e d i v o r p e b o t d e n n a l

p ScienceGate-

y a

w .Theyarebasedonadvancedapproachesf ort heenhancemen t r p a t a d r o s e g a m i x e l p m o c n o d n a e c n e d if n o c c it s o n g a i d f

o o-

o h l a r e h p ir e p t a s r o t c o d e d i v o r p o t s i l a o g r i e h t , y l n i a M . g n i s s e

c s-

e h t r o f s r e k r a m l a c i n il c g n i n i m r e t e d r o f s l o o t e c i v r e s h ti w s l a ti

palrydiagnosi so fneurologica land psych

e iatirc disorder s(neuro-

o r p s ti h ti w r e h t e g o t ) a i n e r h p o z i h c s d n a s e s a e s i d e v it a r e n e g e

d g-

o

n sitcr elevance:

x GridSPM [Casitgilon i2009:] speciifcally designed fo r s

e g a m i l a c i n il c l a c i g o l o r u e n T E P d n a T C E P

S , provide sa

e l g n i s a n o s i s y l a n a l a c it s it a t

s -subject ,basedonStaitst-i f o s i s o n g a i d y lr a e e h t r o f ) M P S ( g n i p p a M c ir t e m a r a P l a clzh

A eime rDisease andothe rneurodegeneraitvediseas-

; s

x e GridANN4ND [Turkheime r2006 ,Bose2008:] concern s s P d n a l a c i g o l o r u e N n i s r e k r a m o i b T E P f o s i s y l a n a e h

t y-

p d n a s r e d r o s i D c ir t a i h

c rovide sasingle-subjec tclassfi-i h

g u o r h t s t n e it a p d e t c e p s u s f o n o it a

c theuseo fanAtrfi-i

; k r o w t e N l a r u e N l a i

x cGridMRISeg [Morra 2008:] implement san automaitc e l g n i s f o n o it a t n e m g e s l a c it r o c b u s e h t r o f m h ti r o g l

a -

o v l a p m a c o p p i h r o f s e g a m i n i a r b I R M t c e j b u

s lumeest-i

l e d o m t x e t n o c o t u a e h t g n i s u , n o it a

m (ACMAdaboost )

; ] I N O L [ I N O L y b d e p o l e v e

x dGridEEG [Bablion i2001 ,Bablion i2009 ,Bilnowska 0

1 0

2 ] :based on a compairson o fpathologica lversu s ,

s t c e j b u s l a m r o

n implement sEEGprocessingalgortihm s o

m i a e h t h ti

w fdetecitngealrys ymptom so fADanddis- .t n e m ri a p m i e v it a r e n e g e d f o s m r o f t n e r e ff i d g n i h s i u g n it r e v o e r o

M ,t heprojec twli ldesignandi mplemen tamulitmoda li -m g

n i g

a repostiory,t oi ncludeMRI ,PETandEEGdatasetsandmade m

e h

t avaliablefo rexplotiaitontot hedataanalysi ssotfwareatt he e

c i v r e s c it s o n g o r p / c it s o n g a i d e h t f o s i s a

b .Medica ldataownership

o t a t a d l a c i d e m s i h h ti w e t u b ir t n o c o h w s n a i c i s y h P e h t f o s n i a m e

rhemedica l

t repostiory ,uploadingdataandrepotr swtiht hei rrele- r

n o it a z ir o h t u a t n a

v ights .No rfeedownloado fmedica ldata rfom w

o ll a s i t u b , e l b i s s o p e b l li w y r o ti s o p e r E D I C E D e h

t sexterna lex-

e h t n i h ti w a t a d l a c i d e m e h t e s u o t s tr e

p repostiory through the

. e c i v r e s c it s o n g o r p / c it s o n g a i d E D I C E

D

3 RESULTS

n i d e n i a l p x e y ll a u s i v d n a , n o it c e s s u o i v e r p e h t n i d e b ir c s e d s

Aigure2 ,DECIDE aimst ousee

F -Inrfasrtucturest oallowmedica l e h t d n u o r a g n i n n u r , e c i v r e s y ti l a u q n o it c u d o r p a d li u b o t s tr e p x

elock ,whichallow sdoctorst oexecutealgortihm sondatacomi

c ng

n i a r b e n i m r e t e d o t r e d r o n i s t n e m u rt s n i c it s o n g a i d t n e r e ff i d m o

rfarkersf ort heealrydiagnosi so fADandotherf orm so fdemenita. m

(3)

. 2 . g i

F Pictoira lviewoft heDECIDEi nfrasrtuctureands ervice.s E

D I C E D e h t f o s t n e m e l e e h t s e b ir c s e d n o it c e s s i h

T inrfasrtucture

r a f o s d e n i a t b o s tl u s e r e h t s w o h s d n a s e c i v r e s s ti d n

a t(heprojec t

e h t n o d e tr a t

s 1^s^to fSeptembe r2010) .Separate sub-seciton sare e

e h t o t d e t o v e

d -Inrfasrtuctureandt ot heScienceGateway. 1

.

3 T e-he Infrastructure E D I C E D e h t , y a d o t f o s

A rGidi nrfasrtucturei smadeof t ensties t s n o c , I G E o t g n i g n o l e b y ll a i c if f o l l a , m e h t f o x i S . ) 3 e r u g i F e e s

( -i

e r p e h t e t u ti t s n o c r u o f e li h w e r u t c u rt s a rf n i n o it c u d o r p e h t e t u

t -

d n a d e p o l e v e d e r a s m h ti r o g l a e h t e r e h w e r u t c u rt s a rf n i n o it c u d o r

pestedbeforebeing

t fullydeployed .Oneoft hesties( FBF)i salsoa t c e j o r p ] D I R G u e n [ D I R G u e n e h t f o s e r u t c u rt s a rf n i d ir G e h t f o e ti

s tih which DECIDE wli lbe interoperable in term so fservices , wataandappilcaitons .

d

. 3 . g i

F Layou toft heDECIDEGirdi nfrasrtucture. E

D I C E D f o s e ti s e h t ll a n

O , thel ates tversionoft hegLtiemiddle- l

l a d n a d e y o l p e d s i ] e ti L g [ e r a

w o fti smos tcommonservice sare n a g r O l a u tr i V e h t f o e c n a t s n i d e t a c i d e d A . g n i n n u r d n a d e ll a t s n

i -i

. e l b a li a v a o s l a s i ) S M O V ( e c i v r e S p i h s r e b m e M n o it a s

e s d ir G l a n o it i d d a o w t , e r a w e l d d i m e ti L g d r a d n a t s e h t s e d i s e

B r-

r o f k r o w e m a rf y r a r b i L g e h t : d e y o l p e d o s l a e r a e ti L g n o d e s a b s e c i v ird

G -baseddigtia lrepostioire s[Calanducc i2 700 ]andtheSecure

r o f m e t s y S e g a r o t

S o - ent - h lfydataencrypiton/decrypiton [Scardac i 7

0 0

2 ]whichha sprovent ober obus tandscalable[ Scardac i2009 ] .

s e r u t a e f d e t s e u q e r e h t g n i d i v o r p y l e u q i n u d n aLibrary

g si ar obus,ts ecureandeasy- ot -uses ystemt ohandlewide- b

ir t s i d a n o d e r o t s s t e s s a l a ti g i d d a e r p

s utedGirdi nrfasrtucture .Al l entiresi ngLibraryareorganizedaccordingt ot heri t ype :a ils to f e h t y b d e g a n a m e b o t t e s s a f o d n i k h c a e e b ir c s e d s e t u b ir tt a c if i c e p

system .Thesearet hes ameattirbutest ha tcanbequeiredbyusers . ssset s are associated wtih the prope r type in the

A regisrta-

e h n i e p y t b u s n e v i g a s a d e u g o l a t a c t e s s a n A . s s e c o r p d a o l p u / n o

it r-

a d e n if e d e r a s e p y t , e s r u o c f O . e p y t t n e r a p s ti f o s e t u b ir tt a e h t s

ti c-

y e h t s t e s s a e h t t n u o c c a o t n i g n i k a t d n a s d e e n ' s r e s u e h t o t g n i d r o

can tto manage .The lfexiblitiyandextensibi

w ltiyoffered bythi s

y n a m r o f y r a r b i L g t p o d a o t s e it i n u m m o c t n e r e f fi d w o ll a m e t s y

sataloguingpurpose.sI nputf lie scanber ead rfoml oca ldisks ,ne

c -t

e n o o t d e t a c il p e r d n a . c t e , s r e v r e s P T F / P T T H , s r e d l o f d e r a h s k r o

w rmorestorageelement sonwhicht heus

o eri sauthoirzedt owrtie .

, s e c r u o s e r d ir G n o t n e s e r p y d a e rl a s t e s s a e g a n a m o s l a n a c y r a r b i L

ghroughdriec taccesst oFlieCatalogues .A ifne

t -grainedauthoirza-

d n a e p y t , t e s s a h c a e : s n o i s s i m r e p t e s o t d e s u s i m s i n a h c e m n o

itategoryha sase to fACLst ha t

c restirct sti susage ,allowingasse t U . r e s u e l g n i s a t s u j r o s p u o r g d e t c e l e s o t s s e c c a t n a r g o t s r e n w

o s-

d n a s e p y t ,s e ir t n e e s o h t y l n o e c a f r e t n i g n i s w o r b e h t n i w e i v n a c s r

eategoiresf o rwhicht heyaregrantedacces spirvliege.s

c

. 4 . g i

F ArchtiectureofthegLibrarysystem.

o ll o f e h t s e s u d n a e r a w e l d d i m e ti L e h t f o p o t n o t li u b s i y r a r b i L

g w-

rf n i E D I C E D e h t n o d e y o l p e d l l a , ) 4 e r u g i F e e s ( s e c i v r e s g n

i a-

u rt s cture:

x TheStorageElement s(SEs)t ha tprovideunfiormaccesst o s

e b n a c y e h T . s e c r u o s e r e g a r o t s a t a

d ingledisk,sl argedisk

e p a t r o s y a r r

a -basedMas sStorageSystems;

x The AMGA Metadata Catalogue [AMGA ] tha t store s s r e s u g n i w o ll a , s e li f d ir G f o s t n e t n o c e h t g n i b ir c s e d a t a d a t e

mos earchf o rentire sbasedont hei rdescirpitons;

x tTheLCGFlieCatalog( LFC)t ha tmapsl ogicalf liename son- r o e n o n i d e r o t s e li f a f o s a c il p e r f o s n o it a c o l l a c i s y h p e h t o

t oreStorageElements; m

(4)

x TheVitrua lOrganizaitonMembershipService( VOMS)t ha t a s e l o r d n a s e g e li v ir p ’ s r e s u f o n o it i n if e d d e li a t e d a s w o ll

a c-

e t c a rt s b a o t g n i d r o

c nitite scalled “Vitrua lOrganizaitons”

;) s O V

x (TheI nformaitonService( IS)t ha tprovidesi nformaitonabou t o t d e s u s i S I e h t ,r a l u c it r a p n i

; s u t a t s ri e h t d n a s e c r u o s e r d ir

Giscovert heSE savaliablef o ragivenVO. d

h t t a f i n e v

E emomen tgLibraryi sverygLtie-centirc,i tcaneasuly e

i g o l o n h c e t e g a r o t s r e h t o h ti w d e t a r g e t n i y li s a e e

b s, suchascloud

t a l

p form,sasf a rast heyprovidesomekindo fURLf orr eferirngt o tr

o p p u s d n a s e li

f common rtansfe r protocol s such a s P

T F I S G , P T F , S P T T H / P T T

H ,etc..

m o c e n

O pettio ro fgLibraryi st hegCube rfamework (www.gcube- )

g r o . m e t s y

s developed in the contex t o f the DILIGENT and .

s t c e j o r p E C N E I C S 4

D gCube provide smany feature sbu ta tthe i

n i e h t n i y ti x e l p m o c d e s a e r c n i n a f o t s o

c ita lsetup ,deploymen t

f o t n e m e g a n a m d n

a repostioires .gLibrarycurrenltyprovidesles s a

e

f tureswtihr espectt ogCubebu ttidoe stit hroughaveryeasy- ot - s r e s u e h t o t y l e t e l p m o c t s o m l a g n i d i h , e c a f r e t n i e v it i u t n i d n a e s

uhecomplextiyoft heundelryingi nrfasrtucture. theSecureStorageSyst

T emprovide suser swtihsutiableandsim- n a y b d e n w o s t n e m e l e e g a r o t s n i a t a d l a it n e d if n o c e v a s o t s l o o t e l

pxterna lorganizaitonina rtansparen tandsecureway

e , hidingthe

o e h t f o y ti x e l p m o

c peraiton snecessaryt oensuredatapirvacy,i n- a

li a v a d n a y ti r g e

t blitiy .Thecorecomponen toft heSecureStorage r

d n a e r o t s o t d e s u t n e m e l e d ir g w e n a , e r o t s y e k e h t s

i etirevet he

e s a n i s y e k ’ s r e s

u ureway.Thekeystorehast o bei nstalledi nside e

h

t dataowner’ s rtustedenvrionmen tandno taccessible rfomt he a

n r e t x

e lwolrdt oguaranteeagoods ecurtiyl evel .TheSecureStor- t

n i e b o t d e n g i s e d n e e b s a h e c i v r e S e g

a egratedi nt hegLtiemid-

f o e d a m s i ti d n a e r a w e l

d thef ollowingcomponents:

x Command Line Appilcaitons :command sintegrated in the r

c n e o t e c a f r e t n I r e s U e ti L

g yp tand upload ,decryp tand e

l e e g a r o t s e h t n o s e li f d a o l n w o

d ments;

x An AppilcaitonProgramInterface: theAP Iallow sthede- a t a d l a it n e d if n o c e g a n a m o t e l b a s m a r g o r p e ti r w o t r e p o l e

vusingt heSecureStorages ervice;

x TheKeystore :anewgirdelemen tusedt ostoreandretireve k

’ s r e s u e h

t eysi nas ecureway;

x TheSecureStorageFramework:i sacomponen toft heser- e s e d i v o r p t I .s t n e n o p m o c r e h t o e h t y b d e s u y ll a n r e t n i , e c i

v n-

t I . s n o it c n u f y ti li t u r e h t o d n a s n o it c n u f n o it p y r c e d / n o it p y r

cake scare o finteracito

t n wtih the Gird Data Managemen t .

m e t s y S

e n o , e l p m a x e n a s

A o ftheSecureStoragecommands i sgraph- y

ll a c

i explainedi nFigure5.

. g i

F 5. Example o fSecureStorage command s l(cg-scr) .Thi scommand h

t g n i o d t n e m e l e e g a r o t s a n o e li f a s t p y r c n e d n a s d a o l p

u efollowingac-

a ) 1 : s n o

it newr andomsecre tkeyi sgenerated ;2)t hekeyandt heACLare t

) 3 ; e r o t s y e k e h t n o d e v a

s hei nputf liei sencryptedinsideuse rrtustedenv-i

;t n e m n o

r 4 )Theencryptedf liei suploadedont heGirdStorageElemen.t e

g a r o t S e r u c e S e h

T servicestore suse rflies i naStorageElemen t d

e t p y r c n e n a n

i format .An authoirzed use rcould in pirnciple n

w o

d loadaf lie rfomaStorageElemen tbreakingt heacces spoilcy e

h , e s a c y n a n i , t u

b /she wouldno tbeabletodecryp ti tbecause e

h /she does on townthekeyneededto do ti .Then ,dataacces s o

c nrto loft heSecureStorageServicei sbasedont hepoilcyt oac- d

e e d n I . e r o t s y e k e h t n o s y e k e h t s s e

c , auserneed stogett heprop- c a n i a t a d s s e c c a o t e r o t s y e k e h t m o rf y e k n o it p y r c e d r

e lea rfor-

.t a

m heSecureStorageServiceauthoirzaitonmode lha sbeendesigned Tobei ntegratedi nt hegLtiemiddlewareusingt hes tandardcrede

t n-

l a

it s (proxyceritifcateswtihVOMSextensions )usedi nt hi senv-i n

o

r men.tI nt hi sway ,u s ser canexploi tSecureStorageusingt heri l

a it n e d e r c e ti L

g s wtihoutt henee dtoi nstal lnewsecurtiysotfware . e h t n o d e s a b e r u d e c o r p n o it a c it n e h t u a n a s t n e m e l p m i e r o t s y e k e h

Tnformaitonst

i oredintheuser’ sproxy(use rDisitnguished Name )

s e t u b ir tt a S M O V d n

a . tIprovide so rdeniesthekeyneededt ode- a

t a d e h t t p y r

c usinganAcces sConrto lList( ACL )mechanism . An L

C

A i sassociatedto eachdecrypitonkey da n i tcanbemadeof e

r o m r o e n

o disitnguishednames( DNs )and/o roneo rmoreVOMS .s

e t u b ir tt

a I texrtactst heDNandVOMSattirbutes rfomt heX.509 y

x o r

p ceritifcateandcheck sfit heuseri sauthoirzed. Thekeystore r

e s u s e d i v o r

p s wtiht hedecrypitonkeyonly fit heriDN so rVOMS n

o c s e t u b ir tt

a tainedi nt heriproxymatchwtihanenrtyi n theACL y

e k e h t f

o .

2 .

3 TheScienceGatewa y

e h t f o s u t a t s t n e s e r p d n a e r u t c e ti h c r a e h t s e b ir c s e d n o it c e s s i h

TECIDE Science Gateway .A sshown in Figure 3 ,the Science Datewayi sbuli twtihint heLfieray rfameworkandcontainer[ Li

G -f

)

” 0 . 2 t e lt r o p

“ ( 8 6 2 R S J e h t h ti w t n a il p m o c y ll u f s i t i d n a ] y a r

etandard .Separatesub

s -seciton saredevotedto the vairou sfunc- .l

a tr o p e h t f o s t c e p s a l a n o it

(5)

1 . 2 .

3 AuthenitcaitonandAuthorizaiton

y a w e t a G e c n e i c S E D I C E D e h t f o t n e m e ri u q e r t n a tr o p m i t s o m e h

Ta sto ease

w theacces sto thedsitirbuted compuitngand storage e

h t y b s e c r u o s e

r larges tpossiblecommuntiyo f(Girdnon-expetr ) i

n il

c cianst hroughase to fwel ldeifnedanddomainspeciifcappl-i .

s n o it a

c Inorder t omeett hi srequriement ,authenitcaitonanda -u m

s i n a h c e m n o it a s ir o h

t s havebeenconceivedt oprovideasmooth a

c il p p a e h t o t s s e c c

a iton ssitll preserving the securtiy leve lre- e

d e t u b ir t s i d e h t y b d e t s e u

q -Inrfasrtuctureandt het ypologyof the )

a t a d l a c i n il c ( n o it a m r o f n i e l b i s n e

s managed.I ndeed,theneurolog- l

a c

i d aat storedi nt heScienceGatewayhaveexrtar equriement sin f

o s m r e

t securtiy ,anonymtiyandconifdenitaltiy.I tmus talway sbe a n a n w o r e h / s i h r o f s e g a m i h c i h w s s e c c a n a c o h w d e n if e d y lr a e l

c -l

. s i s

y Therefore ,severa lweb and Gird technologie shave been t

p o d

a edanddeployedtoensuret hatt heauthenitcaitonandauthor-i m

s i n a h c e m n o it a

s sfulif lthe stirngent requriements and imple- s

e g e li v ir p g n i d n o p s e r r o c d n a s e l o r d e t c e p x e e h t s t n e

m .

e s u f n o c o t t o n r e d r o n i ,r e v o e r o

M inexpeirenceduser swtihdiffer- c

f o s t e s t n

e redenitals ,anothe rdesignrequriemen twast ohavei n i g a s e c i v r e s l l a s s o r c a m s i n a h c e m ) O S S ( n O n g i S e l g n i S a e c a l

p v-

. e s u o t )t h g ir e h t s a h , . e .i ( d e lt it n e s i r e s u n

eheabover equriement shavebeenf uliflledbyt headopitonof

T et h

h S [ m e t s y S h t e l o b b i h

S ibboleth]f o rauthenitcaitonandt heSecurtiy . O S S e h t t n e m e l p m i o t ) L M A S ( e g a u g n a L p u k r a M n o it r e s s Ahibboleth

S allow sinsttiuiton swishingt oincludet heDECIDES -ic y

a w e t a G e c n

e a soneoft her esource so fthei ruser stosimplyand y

li s a

e createanIdenttiyProvide r(IdP) .Whenauser t irest ouse E

D I C E D e h t f o e n

o appilcaitons avaliableontheScienceGateway , e

r s i e h s / e

h -driectedtot heI dPo fhis/he rowni nsttiuteandt heIdP n

o p s e r s

i siblef ort heidenitifcaitonoftheuser ,generallyt hrougha f

o r i a

p u rsenameandpassword.I ft heauthenitcaitonbyt heI dPi s s

i l o rt n o c e h t , l u f s s e c c u

s returnedtotheScienceGatewaywhich t

a m o t u a s i r e s u e h

t icallyl oggedi n. e d e f P D I r G f o t r a p s i l a tr o p e h t , y lt n e r r u

C raiton ,anewfederaiton

d e t a r e p

o byConsorzioCOMETAt omanagesevera lwebpotrals . r

o f a , s s e l e h tr e v e

N ma l reques t to join the IDEM federaiton e

h t f o e n o , ] M E D I

[ bigges tShibbolethfederaiton savaliable .p -ro R

R A G y b d e d i

v , andincludingmany tIailanuniversiite sandre- s

a h , s e rt n e c h c r a e

s alsobeens ubmitted . e

c n

O a use ri sauthenitcated ,the authoirsaiton system veirife s r

e h / s i

h credenitals andt heScienitifcBoardo fDECIDEgrant a -u s

n o it a s ir o h

t . A cenrtailsed LDAP serve rprovide sthe authoirsa- a

c r e s u a o s s e l o r h ti w s r e s u g n it a i c o s s a y b s n o

it nperformont he

s e it i v it c a e h t ll a y a w e t a G e c n e i c

S designedfort herole she/shei s .

h ti w d e t a i c o s s

ance the use ri sauthenitcated and authoirsed to run one the OECIDEappilcaiton,st

D hel as tsteptobedonei st hecreaitono fa it

r e c y x o r

p ficatet osecureGird rtansacitons .Usually,t hisr equrie s i g e r e b d n a e t a c if it r e c l a ti g i d 9 0 5 . X l a n o s r e p a e v a h o t r e s u e h

t s-

, e r o m r e h tr u F . n o it a s i n a g r O l a u tr i V n e v i g a f o S M O V e h t n i d e r e

te/shealsohast ohavehis/he rceritifcatel oadedi nt hewebbrow

h s-

r e v s i h c i h w r

e yotfenasoluitonpronet osecurtiybreaches .The e

s s e c c a o t s e t a c if it r e c l a n o s r e p f o n o it p o d

a -Inrfasrtucture sha s

e b o t d e t a rt s n o m e

d dfiifcul tbynon-exper tuser sandrepresent sa c s w e n n i y g o l o n h c e t s i h t f o g n i d a e r p s d i p a r e h t o t r o t c a f g n it i m

il -i

fi t n

e icdomain swherecompute rsciencei sno tabasicknowledge . s e r u t c u rt s a rf n i d ir G o t s s e c c a e h t e k a m o t d r a w r o f p e t s e l b a t o n

A smuch rtansparen tand

a a ssmootha spossible ,ha srecenltybeen r r e f e r o s l a , s e t a c if it r e c t o b o r f o n o it c u d o rt n i e h t h ti w d e v e i h c

a eda s

h T . s e t a c if it r e c l a tr o

p eadvantagesi nrtoducedbyt hisnewkindo f n e e b y lt n e r r u c e v a h y e h t d n a d l o fi n a m e r a s e t a c if it r e c l a ti g i d

, K U f o e s o h t s a h c u s s e it ir o h t u A n o it a c if it r e C l a r e v e s y b d e t p o d

aheNethelrands ,and tIaly .Robo tceritifcate sare now

T aday ssuc-

, g n ir o ti n o m e c i v r e s d ir G e t a m o t u a o t , e c n a t s n i r o f , d e s u y ll u f s s e

cistirbuteddatacollecitonsystems ,andi dentfiyaresponsiblefo r dnattendedservice sonewantst osharewtihallt hemember so fa upeciifcVO .Fromasecurtiypoin to fview ,rob

s o tceritifcate sare

r e p m a t f o d r a o b n o d e r o t s y ll a u s

u -resistan tdevice ssucha ssmar-t d

i o v a d n a y ti r u c e s e h t s e v o r p m i s i h T . s d r a

c s any rfaudulen tuseo f

.s y e k e t a v ir p e h

tnordert ol e tphysiciansi nvolvedi nt heDECIDEprojectt oacces s Ihe compuitng and

t storage Gird resource sthrough the Science e s u e h t n o d e s a b m s i n a h c e m n o it a c it n e h t u a d ir G w e n a , y a w e t a

G frobo tceritifcate savaliable onsmar tcard sha sbeendesigned . ohesoluitoni mplemented( seeFigure6 )

T extendst henaitveJava™

a r g o t p y r

C phic Token Interface Standard (PKCS#11 )[PKCS#11] h

t h ti

w eJavaCoGKi t[vonLaszewsk i2001] andt heBouncyCas- e

lt [BouncyCaslte] API sin orde rto implemen ta “ilghtweight” o

t p y r

c -utlitiywhichmaybeusedbygeneircGirdusers ,cilen ta -p l

a tr o p d ir G , s n o it a c il

p s and/o rScienceGateway stoacces srobot d

e r o t s s e t a c if it r e

c onsmatrcard sandgenerateaproxywtihVOMS s

n o i s n e t x

e .

. 6 . g i

F Overviewo fhowt henew“ilghtweight”crypto-ilbrarywork.s r e v r e S n e k o T e e h t y b d e t n e s e r p e r s i y r a r b il w e n e h t f o e r o c e h Tava

J class ,a mutltihreaded serve rwhich accept sal ltherequest s d

n a s t n e il c d e z ir o h t u a f o t s il a m o rf g n i m o

c manage sa ils tofr obo t

s e t a c if it r e

c kepti nt heUSBtoken .Thecilentr equest saresaitsifed y

b theTokenCilen tJavaclass .Wtiht hi sclass ,users ,cilen tappl-i a

s l a tr o p d ir G , s n o it a

c nd/o rScienceGateway scansendrequestst o e

k o T e e h

t nServe rfo rbrowsingtheavaliableX.509ceritifcate so r n

e

g erateGirdproxieswtihVOMSextensions .Toi mprovet hese- ,

r e v r e s d n a s t n e il c n e e w t e b y ti r u

c theSSLprotocol i susedt os -e e

r u

c thecommunicaiton.s

s e t u b ir tt a O V t n e r e f fi d t n a r g o t e l b i s s o p s i t i y r a r b il s i h t g n i s

Urole sandpirv

( lieges)t ot heuse rdependingontheappilcaitont/ask .

e t u c e x e o t s t n a w e h s / e

h Theassociaitonoft hi sgran ti shandledby e

c n e i c S e h

t Gatewaywhichtake scareo fproviding theuser swtih y

r a r o p m e t d il a v

a proxy.

ThemaindfiferencewtihGirdpotrals avaliablei nothe rprojectsi s e h t y b r e h t e g o t d e k n il s m e t s y s y ti r u c e s t n e r e f fi d o w t f o e s u e h

totral ,providing

p user swtihaneasyaccesst or esource swtihou tthe c

l a n o s r e p f o d e e

n eritifcates .Froma securtiypoin to fview, the

(6)

i n a c t a h t s n o it u ti t s n i e h t o t d e t a g e l e d s i d o h t e m n o it a c it n e h t u

a m-

s i tI . h c a o r p p a d e t c ir t s e r y r e v t n e m e l

p alsopossiblet ohaveeven

r e tt e

b authenitcaiton method sthan PK Iceritifcates ,e.g .mixing h

c a o r p p a t n e r e ff i

d e s ilkepassword ,biometirca,lI Pandsoon . -Ad s i l a tr o p e h t d n a s P d I e h t n e e w t e b n o it a c i n u m m o c e h t , y ll a n o it i

dncrypted so the authenitcaiton step provide sa securtiy leve la t eleas tcomparablewtihothe rapproache.s

P A D L e h t , d n a h r e h t o e h t n

O -basedauthoirsaitonallowsuserst o e

s

u theservice sprovidedbyt hepotral .Actually ,user scanno tac- s t n e n o p m o c c if i c e p s o t d n a m e d o t e v a h y e h t t u b s e c r u o s e r e h t s s e

che communicaiton

t tiw h the services .Since user scanno tacces s h

ti

w ou tShibboleth-basedveirifcaitonandt heavaliableservice sdo s

e c r u o s e r o t s s e c c a t c e ri d e d i v o r p t o

n , tii salmosti mpossiblefo r s

r e s

u toperformmailciou soperaitons throught hepotral . n

i ,r e v e w o

H orde rtoavoidanyabuse ,apro-acitvel oggingsystem r

e t s i g e

r sal lusers ’acitviite sandmatchest hesewtiht hej obsr egis- e

h t n i d e r e

t gLtie Logging andBookkeeping(LB )service .This w

o ll a n o it a m r o f n

i s identfiyingallt heoperaiton sensuirngt henon- i

d u p e

r abiilt yo fGird rtansaciton swhichi soneoft hef undamenta l )

I S G ( e r u t c u rt s a rf n I y ti r u c e S d ir G e h t f o s t n e m e ri u q e

r .

o ri v n e e f a s a s e d i v o r p m s i n a h c e m y ti r u c e s l a b o l g e h t , y ll a n i

F n-

e b n a c a t a d l a c i d e m e r e h w , I K P l l u f a o t e l b a r a p m o c t s a e l t a , t n e

managedwtihout

m securtiyo rconifdenitaltiyproblems. 2

. 2 .

3 Interfacet oGrids ervices

y a w e t a G e c n e i c S e h t o t d e t a c it n e h t u a e c n

O , andauthoirzedt or un

m h ti r o g l a E D I C E D e h t f o e n

o s ,user scanchooseoneoft heappl-i s

i s y l a n a n a t i m b u s o t e r u d e c o r p e h t tr a t s d n a s n o it a

c job .Thet yp-i

n i g n i k r o w s n a i c i s y h p e h t h ti w d e e r g a n e e b s a h t a h t o ir a n e c s l a

cheprojecti st hef ollowing:

t x Theuse r ifll sawebformontheScience Gatewaydeifning ;

n o it a c il p p a e h t f o s r e t e m a r a p t u p n i e h

x tInputf liest obeanalyzedbyt heselectedalgortihmare rtans- ;

y a w e t a G e c n e i c S e h t o t d e r r e

x fAj ob ,descirbedusingt heJ obDescirpitonLanguageo fgLtie , d ir G E D I C E D e h t o t d e tt i m b u s d n a d e t a e r c y ll a c it a m o t u a s

inrfasrtucturet ogethe rwtiht hei nputf lies;

x iTheuseri snoitifedwhent hej obi ssubmittedand rfomt hen f o t e lt r o p d e t a c i d e d a h g u o r h t s u t a t s s ti r o ti n o m n a c e h s / e h n

oheScienceGateway;

x tWhen thejob ifnishes ,the use rreceive san emai l rfomthe .

b o j e h t f o t u p t u o e h t g n i n i a t n o c y a w e t a G e c n e i c S

k c a b e h

T -endenginet hati mplementst heabovedescirbedscenairo e c n e i c S e h t d n i h e b s e c i v r e s d ir G e ti L g e h t h ti w s t c a r e t n i d n

aateway rfont

G -endha sbeenwirtten in pureJava using the jLtie s

n o it c n u f e h t h g u o r h t d e ll a c ] e ti L j[

I P

A o fthe jSAGA ilbrary

S

j[ AGA] .jLtiei saJava ilbraryprovidingsimpleAP Ifo raccess- e

ti L g g n

i -basedGirdi nrfasrtuctures . tIi si ntendedfo rJavadeve-l o

h w s r e p

o would ilket oavoiddeailngwtiht hecomplexiite soft he e n t r o f f e d n a e m it e c u d e r o t t n a w d n a e r a w e l d d i m e ti L

g ededto

s s o r c d li u

b -plaftorm Gird appilcaitons .jSAGA i sa Java imple- e

m ntaitono fSAGA( SimpleAPIf o rGirdAppilcaitons)[ Goodale m u r o F d ir G n e p O e h t y b d e n if e d n o it a c if i c e p s d r a d n a t s ] 1 1 0

2OGF.]j SAGA:

[ x Enable sunfiormdata managemen tand execuiton manage- a

t n e

m cros sexisitnggirdi nrfasrtuctures;

x Make sextension seasy :adapto rinterface sare designed to t n e r e ff i d f o t r o p p u s g n it a r g e t n i r o f t r o f f e g n i d o c e z i m i n i

middleware( beside sgLtie,t heGlobu sToolkti[ Globus ]and mNICORE [ UNICORE ]arealsos uppotred;)

U

x Ensure soperaitngsystemi ndependency :mos toft heprovid- n o h t o b d e t s e t e r a d n a a v a J e r u p n i n e tt ir w e r a s r o t p a d a d

e SWindow sandLinuxoperaitngs ystem.s M

d n e o t d e s o p x e e r a s e c a f r e t n i e r a w e l d d i m , 7 e r u g i F n i n w o h s s

Aserst hroughstandardporltet sembed

u dedi nt heLfieraycontainer . e h t y b d e t a e r c s e t a c if it r e c y x o r p y b d e r u c e s e r a s n o it c a s n a rt d ir

Gobo tserve rdescirbedi nt hepreviou ssub

r -secitonwhliedataman-

e h t h g u o r h t d e s u e r a s e c i v r e s t n e m e g

a Representaitona lState

r e f s n a r

T (REST)f unciton soft hegLibrary rfameworkdescirbedi n

. 1 . 3 n o it c e S

. 7 . g i

F Schemaitcviewoft hemaincomponent soft heDECIDEScience .

y a w e t a G

3 . 2 .

3 Useri nterface

t n o rf c i h p a r g e h t , e v o b a d e n o it n e m y d a e rl a s

A -endoft heDECIDE

n i s u d e p o l e v e d n e e b s a h y a w e t a G e c n e i c

S g the Lfieray potra l

d e s u t s o m e h t y lt n e r r u c s i y a r e fi L . r e n i a t n o c t e lt r o p d n a k r o w e m a

rfamework to bulid Science Gateway sin the “Gird wolrd” and rfhip swtih more thansixtyporltet stha tcan be easliycombined smashed

( -up)t obulidcomplexandappeailnge-collaboraitonenv-i .s

t n e m n o

r Othe r200+porltet sareavaliablei nt her epostioryoft he .

y ti n u m m o c y a r e fi

L sanexample ,Figure8showst hei npu tpageoft heGirdSPMa

A p-

. y a w e t a G e c n e i c S E D I C E D e h t n o e l b a li a v a n o it a c il p