Transcript EGEE-II JRA1 all hands meeting Pilsen, Czech

EGEE-II JRA1 all hands meeting
Pilsen, Czech Republic
10-12.7.06
Ensuring sustainability of
of gLite Java Security beyond EGEE-II
John White, HIP-TEK <john.white*cern.ch>
Miika Tuisku, HIP-TEK <miika.tuisku*cern.ch>
Enterprise Grids are here ...
●
●
DataSynapse (www.datasynapse.com)
GigaSpaces (www.gigaspaces.com)
Terracotta (www.terracottatech.com )
ActiveGrid (www.activegrid.com)
Tangosol (www.tangosol.com)
Gemstone (www.gemstone.com)
Azul (www.azulsystems.com)
Support for transactional enterprise applications,
using load balancing & high availability to scale-out
application deployment in server farms and
virtualising JVM service interfaces.
What‘s the connection to gLite?
●
●
●
●
Shouldn‘t we ensure that gLite spreads also
outside the HPC-community?
Being part of larger distribution suites is
tempting ...
Examples: Rocks, Oscar, Red-Hat, SuSE,
Globus/Univa, Eclipse, Apache, JBoss ...
Professional Open Source (commercial
support subscription) will free hands in
providing part of the support.
Tooling in new Enterprise projects
2000-2008
Source: Gartner September 2004
JBoss middleware
●
News: gLite is already using it!
–
–
●
JBoss Java App Server was the first to obtain J2EE
1.4 certification in the market...
–
–
●
●
JBoss employs two Apache Tomcat lead developers
Tomcat is embedded in JBoss App Server
Followed by IBM, BEA, Oracle, Sun
Standard‘s based, JCP executive commitee, member of
the year nominee in 2006 (EJB3, Java EE5, Web
Services)
JBoss Enterprise Middleware Stack (JEMS) has
business friendly LGPL-license (allows embedding)
Today, JBoss is also a division of Red-Hat!
JBoss business model
... Is to follow the Professional Open Source
methodology:
●
–
–
–
“We hire and pay experts in the open source community to
write exceptional and innovative software full-time. Unlike first
generation open source providers, we control the direction
and source code for our projects. This way , we can ensure
that all bug fixes and patches are rolled into future versions of
our products.
We only use open source licenses that are friendly to enduser IT shops, independent software vendors, and the
community itself.
Directly and through our Certified Partners, we deliver the
best support services available; all of which are backed up by
the real product experts. Services include the JBoss
Subscription , Consulting, and Training. “
JBoss products to consider
●
JBoss Web Server
–
●
JBoss Web Services stack (AS 4.04)
–
●
Hybrid of Tomcat + Apache Portable Runtime +
openSSL + mod_rewrite (URL redirection)
A complete rewrite of Apache Axis from scratch
in order to be standards compliant
JBoss Security Framework (AS 5.0 3Q06)
–
JBoss SSO, SAML and XACML support
JBoss Web Server
JBoss Web Server: SSL/TLS on
JBoss Web Server
JBoss Web Server: Summary
●
●
●
●
Performance increase of 3-4 fold with SSL/TLS
compared to plain Tomcat
YES, we loose the Java portability (WORA)
BUT, Apache Portable Runtime runs on more
platforms than Java JVM itself. Think of Eclipse.
AND, Java container applications don‘t know the
difference...
JBoss Web Server is being tested in the CERN
openlab summer student program: Java
container benchmarking (Eric Grancher‘s
group). Final report expected end of Summer.
JBoss Web Service Stack
●
●
●
●
●
●
J2EE compliant web services (ws4ee).
Starting from J2EE-1.4 a compliant application
server is required to support web services in a
portable way (not proprietary Axis way)
Portable web service endpoints and clients
Good interoperability due to BasicProfile-1.0
compliancy
Test coverage of Sun's Compatibility Test Suite
(>2300 WS tests)
Good integration with the overall JBoss architecture
and interoperability Windows .NET
JBoss SSO (due AS 5.0)
●
●
●
●
JBoss SSO framework uses openSAML libraries.
JBoss SSO components: Central Authentication Server,
Federation Server, Identity Management Framework
Java authentication SPI for containers (JSR-196) JASPI:
Framework for pluggable external authentication
JBoss Security Service Provider Interface extension
–
●
JBoss Policy Framework
–
●
SPNEGO, GSS-API
XACML, JACC, WS-Policy or Custom policy
Java Authorization Contract for Containers (JACC)
(JSR-115)
–
Role Based Access Control
RedHat-JBoss Network
JEMS conclusions
●
JBoss Europe headquartered in Neuchâtel, Switzerland
–
●
●
●
●
Headed by Sacha Labourey (EPFL graduate)
JBoss is usually ahead of the Java specs
Market leader in App Server, Tomcat and Hibernate O/R
mapping
gLite would benefit from ...
–
First using JBoss components ...
–
... then contributing gLite Java Security for widespread use in the
SOA/ESB world.
HIP-TEK has been member of JBoss Open Source
Federation (JOSF) since 2005.
–
Happy to help to facilitate the collaboration
Visit: www.jboss.com