Certificate-Driven Grid Workflow Paradigm Based on Service Computing

Certificate-Driven Grid Workflow Paradigm Based on Service Computing Wanchun Dou1,2,3, S.C. Cheung3, Guihai Chen1,2, and Shijie Cai1,2 2

1 State Key Laboratory for Novel Software Technology Department of Computer Science and Technology, Nanjing University, Nanjing, China, Post Code 210093 3 Department of Computer of Computer Science, Hong Kong University of Science and Technology, Hong Kong [email protected]

Abstract. Taking advantage of the application paradigm of web service, a general paradigm of service computing is discussed for underlying workflow execution based on collaborative operation. In line with the scenario of service computing, a certificate-driven workflow application paradigm based on service computing is discussed under grid environment in form of virtual organization. The details engaged in the certificate-driven grid workflow paradigm are listed to demonstrate its execution. The conclusion is presented at last.

1 Introduction Workflow technology has long been considered as an essential technique to integrate distributed and often heterogeneous applications and information systems. It aims to improve the effectiveness and productivity of business processes by supporting business process reengineering or realizing full or partial automation of a business process [1,2]. Generally, the traditional workflow system is often enacted inside an organization. With the advent of e-commerce, business processes involving business-tobusiness and business-to-customer activities usually span across multiple organizations. Additionally, more and more complex problems engaged in engineering or science domain are processed relying on collaborative work implemented by more than one organization on Internet. As a tendency, workflow management systems (WfMSs) are being increasingly deployed to deliver e-business transactions across organizational boundaries. The large-scale collaborative design or e-Science enacted in distributed environment has presented some issues challenging the traditional workflow technologies [3,4]. The organization-across interactions among activities or processes will lead a complex flow relationship. Accordingly, how to enhance a workflow system into a fundamental support mechanism underlying organizationacross workflow application poses a challenge in workflow research and attracts increasing attentions [4]. Satisfying the web-based workflow application requirements, one promising technique is web service to realize support for cross-organizational processes [5]. The challenges of building B2B applications have driven rapid innovation in Web-based application in the last few years. In this paper, the sub-workflow deployed inside a H. Zhuge and G.C. Fox (Eds.): GCC 2005, LNCS 3795, pp. 155 – 160, 2005. © Springer-Verlag Berlin Heidelberg 2005

156

W. Dou et al.

constituent organization is degraded into a workflow segment upon the hybrid workflow system. The paper concentrates on a certificate-driven grid workflow paradigm based on service computing. The paper is organization as follows. In section 2, a service computing paradigm is analyzed based on the basic concepts of web service. In section 3, a certificate-driven grid workflow paradigm is explored. At last, we give the conclusion and point out future work.

2 Basic Concepts Related to Service Computing With recent advances in pervasive devices and communication technologies, there are increasing demands in workflow application for ubiquitous access to networked services. These services extend supports from Web browsers on personal computers to handheld devices and sensor networks. Taking advantage of the distributed technologies such as the CORBA, mobile agents, and web service [5], the web-based workflow segments could be orchestrated by RPC (Remote Procedure Call), message passing, RMI (Remote Method Invocation) or Applet invoked by service agent. Despite great interests and improvement in technology in this area, complicated technical issues and organizational challenges remain to be solved. Generally, the concept of service computing could be interpreted from narrow sense and general sense. In narrow sense, it could be instantiated into web service with concrete application in practice. WSDL, UDDI, QoS, and XML characterize the technologies of web service. Moreover, there are often three roles engaged in web service application, i.e. a service provider, a service requestor, and a service registry [5]. From the organizational-across workflow point of view, the service invocation could be characterized by three phases: 1 How to efficiently discover and locate required web services (enacted by a thirdparty) 2 How to organize the required web service into ad-hoc or collaborative workflow system 3 How to facilitate the interoperability of heterogeneous web services Fig.1 illustrates the scenario of a typical web application from the first topic [6]. This paper concentrates on exploring the second topic listed above. In technology

Fig. 1. The scenario of a typical web application based on efficiently discovering and locating required web services

Certificate-Driven Grid Workflow Paradigm Based on Service Computing

157

point of view, Web service represents a black-box functionality that can be reused without worrying about how the service is implemented. In this paper, the concept of service computing has a generic meaning that concentrates on a framework supporting task execution, while not middleware’s structuring. By defining a binding agreement or contract between two parties, workflow pattern is setup in Client/Server mode. Quality of Service (QoS) becomes an important factor in workflow management. During workflow execution, individual enterprises will centralize on achieving their business goals according to their task with a self-governing fashion. In general sense, the service computing is a novel computing paradigm that underlies the collaboration under distributed environment based on service paragigm. Organization, team, or group provides contribution each other according to some contracts set down in advance or according to the needs during task execution. The general sense of service computing could be formalized as bellows: Service-computing = service + computing Where, service are composed of object and subject of service, content of service, quality of service, et ac, which could be presented in simplified formalization as Service = {object, content, quality, … }; Computing is treated as a kind of behavior or activity that are implemented with certain goal by consuming some resource, exploiting some tools, and taking advantage of some helps (services) from its collaborators, which could be presented in simplified formalization as Computing = {behavior, resource, tool, goals,…}. In this general sense of service computing, the service computing concentrates on the service mode, service supervision, quality of services, and service direction, on the consumption that the service relation has been set up. Additionally, the role of service provider and service requestor could be switched frequently. Typically, peerto-peer system is an application paradigm with frequent roles switching with server and client.

3 A Certificate-Driven Workflow Application Paradigm Under Grid Environment According to the rational explored in section 2, a service-based workflow system can be characterized as sequences of service invocations that could provide autonomous services. The autonomous services could be treated as task-oriented processing [7]. At the stage of modeling an organization-across workflow, the concept of control flow is exploited to prescribe the service relation among organization with a temporal dependency. During workflow execution, control flow is instantiated into a logical switching according to an scheduled temporal logic among activities. In this section, a certificate-driven and organization-across workflow system will be explored as a case study, with service computing perspective based on the security mechanism deployed in grid computing. Grid computing focus on facilitates the sharing of computer resources and services with a certificate mechanism in form of virtual organization. In our case study, service is deployed by granting certificate to facilitating resource access. Here, the resource is mainly the data resource or other computing resource such

158

W. Dou et al.

as CPU, et ac. Now, virtual organization has been brought into grid-based application as one of the key concepts, and the practice of grid-based E-Science, for example, is often enabled by virtual organization [4]. Under grid environment, servers supporting workflow application are decentralized (duplicated) throughout the virtual organization and the distributed servers are controlled by a centralized authority (headquarters); Accordingly, some basic features of virtual organization could be drawn out from those literatures: 1 Lifetime of cooperative is limited; 2 Organization-across collaboration; 3 Access to a wide range of specialized resources during collaboration; 4 Task- or goal-driven autonomous processes; 5 Role-based communication, et ac. Generally, logical execution relationship prescribed in organization-across workflow model depicts the visited and the visiting workflow segment. If the supporting resource or service host are also initiated by workflow engine, the workflow segments in organization level will take little care of the issues of workflow management and centralizes on its inside-execution in self-governing way in practice. Grid-oriented workflow would be an ad hoc workflow system that centralizes on globally distributed and large-scale resource sharing. Workflow inside virtual organization becomes one of the important enabling technologies supporting grid applications [7]. In accordance with those characteristics listed above, a prototype of certificatedriven automatic workflow system will be explored supporting grid-oriented workflow implementation, upon which the time model discussed in section underlie the implementation of logical control in resource access and the validity of certificate is just determined by the relation of temporal dependency of service invocation. The typical scenario of grid-oriented workflow system can be illustrated as follows: 1 Server-level or proxy-level workflow segments delegate their certificate granting to workflow engine; 2 Invocation of services and functions among workflow segments are awakened through certificate granted by workflow engine; 3 The period of certificate’s validity reflects the lifetime of cooperative, and guarantees the QoS in time; 4 Workflow segments are task- or goal-driven autonomous process and the workflow engine play the part of nerve center in workflow system. Here, grid-oriented workflow execution is initiated by server-based workflow engine that control workflow execution by navigating the workflow specifications according to pre-defined workflow model. Fig.2 demonstrates the enactment of the prototype in service computing paradigm. Some details indicated by the arrow diagram are depicted as follows. Step1: Proxy-based workflow segment hand over the routines of certificate release to workflow engine that acts as the certificate authority in later workflow executed. User and service identified via a certificate that contains information vital to identifying and authenticating the user or service.

Certificate-Driven Grid Workflow Paradigm Based on Service Computing

159

Server- or proxy-based workflow segment Step 1

2 Step 2

Grid-based workflow engine 5

Step 3

Step 4

4 3 1

Task finished

yes

no Step 5

Fig. 2a. Performance Analysis of a GridOriented and Certificate-Driven Workflow System

Fig. 2b. Flow Diagram of Logical Execution in Accordance with Fig.2.a

Fig. 2. A Grid-Oriented and Certificate-Driven Workflow System in Self-Governing Fashion

Step2: According to the pre-defined workflow model and the executed stage of a task, the workflow engine invokes process service through certificate granting for some resource access. Process segment or activity is wakened by the certificate. Accordingly, the validity of the certificate indicates the executed time of the task. Step3: After granting a certificate, a duplicated content of the certificate is sent to the resource or service host for identifying and authenticating the future logging or visiting. Step4: According to the certificate and its security level, the certificate holder could get the access to the needed resource or invoke some service across the borders of different security domains in order to achieve the local goals. Step5: If a task is not finished in the period of validity, the resource access is forbidden, the actor must apply for an added time and then repeat step 2 after granted. Otherwise, the task is finished in the scheduled time. Please note that this step is needed if there has an unexpected requirement during workflow execution in resource access or service invoking across the borders of different security domains. The invocating process among these steps is certificate-driven. The lines indicate those steps listed above with arrow demonstrated in Fig.2, respectively. In concise way, the logical execution of the steps listed above can be formalized as shown in Fig.2.b. For achieving the object, the grid-oriented workflow engine demonstrated in Fig.2 should contain some basic items related to service definitions as below:

160

W. Dou et al.

1 Workflow model oriented toward web-based application 2 Resource pool indexing the available resource supporting workflow execution 3 Directory-based resource location mechanism and workflow peer location mechanism 4 A certificate authority (CA) for certificate granting 5 Trigger mechanisms initiated by service invoking or ECA rules. 6 Delegation capability supporting dynamic process data transportation, agent application, and other proxy-based issues in access control. Note that workflow engine discussed in this paper plays the part of a centrally managed security mechanism by taking over the security issue in certificate granting, those routines are carried out among workflow segments directly.

4 Conclusions For current state-of-the-art, how to enhance the adaptability of a workflow system in organization-across application is the key factor for meeting ever-changing requirements of business applications. The approach presented in this paper underlies the organization-across workflow based on service computing paradigm. For future research, we will apply the service-computing paradigm to the implementation of dependable, adaptive and web-service oriented workflow system. Acknowledgement. This paper is based on the Project 60303025 supported by NSFC, and Jiangsu Provincial NSF research funds (No. BK2004411 and No. BK2005208). Besides, it is partially supported by a grant of the Research Grants Council of Hong Kong (Project No. HKUST6167/04E).

References 1. J.Q.Li, Y.S.Fan, and M.C.Zhou.Timing Constraint Petri nets and Their Application to Schedulability Analysis of Real-Time System Specifications. IEEE Transactions on System, Man, and Cybernetics-Part A:System and Humans, 2003, 33(2):179-193. 2. E.A.Stohr and J.L.Zhao. Workflow Automation: Overview and Research Issues. Information System Frontiers, 2001, 3(3):281-296. 3. Dickson K.W.Chiu, S.C.Cheung, et al. Workflow View Driven Cross-Organization Interoperability in a Web Service Environment. Information Technology and Management, 2004, 5(3-4):221-250. 4. D.D.Roure and J.A.Hendler. E-Science: The Grid and the Semantic Web. IEEE Intelligent Systems, 2004, 19(1):65-71. 5. Steve Graham, et al. Building Web Services with Java™: Making Sense of XML, SOAP, WSDL, and UDDI. Sams Publishing, Dec.12, 2001. 6. Chang Xu, S.C. Cheung, Xiangye Xiao, Semantic Interpretation and Matching of Web Services, Proceedings of the 23rd International Conference on Conceptual Modeling (ER 2004), Shanghai, P.R. China, Nov 2004. 7. M.Bubak, et al. Workflow Composer and Service Registry for Grid Applications. Future Generation Computer Systems, 2005, 21(1):79-86.