Title Grid-Middleware Workshop
Chair Yasuo Okabe & Kento Aida

To provide awareness on the latest middleware developments that are taking place today.  This session has a specific focus on GRID middleware and identity and access management issues.  Subject areas that have been considered

1.GRID authentication, authorisation and accounting;
2.Identity Access Management;
3.Public Key Infrastructures and the GRID;
4.The convergence of GRID and Higher education access controls;
5.Support for location independent access controls to the GRID to support roaming users or access via remote systems.
Target Audience All those responsible for developing, implementing supporting applications (esp. Grid Apps) and those who want to access and make use of them via a secure, scalable and user-friendly way.
Expected No. of Participants 40
Session Chair & Speakers

Session 1: Chair Professor Okabe

14:00 – 14:10 “Welcome” Professor Okabe (Kyoto University & APAN Middleware Chair)


 14:10 – 14:40 “Federated access to Grid resources: SAML using Shibboleth – Keith Hazelton”

Abstract: How can Grid resources be made available to a broader community of users? One path is to adopt a federated approach to identity and access management. The OASIS SAML standard defines ways to request and send assertions of authentication and authorization information between identity providers and resource managers. This presentation will provide an overview of active projects in this area, emphasizing toolkits that support the use of SAML with Grids. The discussion will highlight Shibboleth and related efforts, primarily those based in the US and the UK. PKI aspects of the federation problem will also be addressed.


Biography: Keith Hazelton is IT Architect at the University of Wisconsin-Madison. He is a member of the Internet 2 Middleware Architecture Council for Education (MACE), chair of the MACE-Dir Working Group, and a member of the Net@Edu PKI Working Group sponsored by Internet 2 and Net@Edu. He is a frequent participant and sometimes presenter at Common Solutions Group (CSG) and Committee on Institutional Cooperation (CIC) meetings and workshops.

14:40 – 14:55 “Introduction of NAREGI-CA"
Speaker: Toshiyuki Kataoka, National Institute of Informatics

Abstract: NAREGI the Japanese national science grid project developed PKI software to issue certificate for grid system. This presentation will address issues and policies related to the interoperability between NAREGI and other projects. Furthermore, enhancement of linked function with the campus CA in order to operate at universities will be introduced.

14:55 – 15:10 "Grid security in NAREGI project"
Speaker: Shinichi Mineo, National Institute of Informatics Abstract: ?NAREGI the Japanese national science grid project is doing research and development of grid middleware to create e-Science infrastructure in CSI( Cyber Science Infrastructure) concept. This presentation will provide issues and future plans regarding grid security including VO management for interoperability of grid projects.

15:20 – 15:30 Session Q&A


Session 2: Chair Professor Okabe (Kyoto University & APAN Middleware Chair)


15:50 – 16:20 "Using OGRO to implement OCSP certificate validation in the Globus Toolkit 4" - Jesus Luna, Oscar Manso, Manel Medina - Technical University of Catalonia (Computer Architecture Department) Barcelona, Spain.

 Abstract: Nowadays the computational Grid uses X.509 digital certificates for a wide variety of

security-related tasks, ranging from user authentication to job execution’s delegation.  However to ensure a comprehensive security context these credentials need to be validated so that revoked, suspended and any other compromised certificate will not be allowed to access Grid resources. To achieve such tasks great interest is being given to the Online Certificate Status Protocol (OCSP) from workgroups like the Global Grid Forum, where currently the “OCSP Requirements for Grids” document is being written.  Such recommendation presents the requirements particularly needed by relying parties (i.e. transport protocols, support to multiple revocation sources, OCSP Responder Discovery, etc.) and OCSP Servers (i.e. high performance, operation modes, interoperability with multiple Grid PKIs, etc.) to provide OCSP validation services to the computational Grid.  In order to better understand the practical implications of such recommendations we deployed a Grid-OCSP infrastructure for the Globus Toolkit 4 –GT4- using CertiVeR’s OCSP Responder and the newly developed Open GRid Ocsp API –OGRO-. By being Open Source and 100% Java, OGRO has been fully integrated into the Java Commodity Grid Kit and the WSRF Grid Services Container -GT4’s Java core-.  This presentation presents their experiences of using OGRO.




Medina, Manel. Barcelona, 1952.

PhD in Computer Architecture. Universitat Politecnica de Catalunya - Barcelona, 1981. 

He was co-editor of the European Electronic Signature Standarization Initiative (EESSI) and has participated in numerous security related projects (i.e. DEDICA-IST, CertiVeR-TEN Telecom, PERMIS-IST. ICEESPRIT and VINo-e CPPC).

Currently is full time professor at the Universitat Politecnica de Catalunya, esCERT CTO and SafeLayer CTO –Barcelona, Spain.



Manso, Oscar. Barcelona, 1968.

PhD in Computer Science. Dublin City University –Republic of Ireland, 1999.

He is currently the Technical Director of CertiVeR S.L., Barcelona, Spain and a part-time lecturer at the Dept. of Computer Architecture of Universitat Politecnica de Catalunya. Dr. Manso collaborates with the GGF’s CAOPS-WG, and his current research interests are focused on the development of new applications for e-signature and PKI infrastructures.



Luna, Jesus. Mexico, 1972.

MSc in Computer Science. Monterrey Technological Institute.-Mexico City, 2002

Currently he is studying a PhD in Computer Architecture at the Universitat Politecnica de Catalunya (Barcelona, Spain). Mr. Luna actively participates with the GGF’s CAOPS-WG, and his research interests are PKI, Grid security and applied cryptography.


16:20 – 16:50 “K* Grid Middleware package  KM1-R1” - Jaegyoon Hahm, Researcher, Grid Computing Research Team, Supercomputing Center, KISTI

Abstract: The Grid is one of the new information and communication technologies that enables us to use all kinds of resources such as high performance computers and storage  that are connected by the high speed networks simultaneously. This presentation addresses the Grid middleware package called KMI-R1 (K*Grid Middleware Initiative - Release 1, http://kmi.moredream.org/) developed under the K*Grid project in Korea. The K*Grid project is an initiative in Grid researches supported by MIC (Ministry of Information and Communication), Republic of Korea and started in 2002. The main objective of the project is to provide an extremely powerful research environment to both industry and academia sectors in Korea. To achieve its objective, we are constructing a Tera-scale Grid infrastructure in production level with the advanced Grid technologies.


Biography: Jaegyoon Hahm is a researcher in Grid Computing Research Team, Supercomputing Center, KISTI (Korea Institute of Science and Technology Information), Korea. He has been involved in K*Grid project since he joined the Supercomputing Center of KISTI in 2002. He has mainly participated in development of a middleware toolkit called "MoreDream" and a K*Grid service package called "KMI-R1 (K*Grid Middleware Initiative - Release 1)". His current research interests includes Grid computing, Grid middleware, and parallel/distributed computing.


16:50 – 17:20 “European efforts towards a global AA infrastructure” – Dr Diego Lopez, RedIRIS


Abstract: The European landscape, in what relates to cultural and political matters, makes the interoperability of authentication and authorization infrastructures (AAIs) especially appealing. During the recent years, the European NRENs have worked together in establishing technologies and agreeing policies to pave the way for a seamless AAI connecting research and academia worldwide. Two of the more ambitious efforts in this direction have been TACAR and eduGAIN.

TACAR is a result of the activities of TF-EMC2 (a working group on middleware under the auspices of TERENA) and is intended to act as a trusted source of PKI data, enabling the establishment of trust links among different PKIs in a lighter way than a pure CA hierarchy, while maintaining procedures much simpler than a bridge CA approach.

TACAR is an excellent complement to the PMA approach used by Grid infrastructures worldwide and has become the trusted repository for EUGridPMA, and is in the process of becoming so for IGTF as well.

eduGAIN is an approach to identity federation interoperation initiated under the GEANT2 project (in charge of building the coming incarnation of the European academic and research network infrastructure). It provides thecnology to support the concept of confederation as a loosely coupled federation of federations, and to dynamically establish trust links among components of the (disjoint) participating federations.

In the near future, eduGAIN will provide a set of confederation policies, in which the project group will begin its work once the development of the first version of eduGAIN is accomplished.

Biography: Diego Lopez received his MS from the University of Granada in 1985, and his PhD degree from the University of Seville in 2001. In 1985, he joined the Conformance Test Division of Telefonica I+D, where he worked in several projects related to the deployment of WANs within Spain and Europe. In 2000, he joined RedIRIS (the Spanish National Research and Educational Network), where he is currently the responsible for the Middleware and Services Area.  Dr. Lopez is the chairman of the TF-EMC2 (Task Force on European Middleware Coordination and Collaboration) and one of the European liaisons to Internet2 MACE (Middleware Architecture Committee for Education). His direct activities cover middleware components in the areas of mobility, authentication/authorization, content delivery, grid computing and federation of services.


17:20-17:30  General discussion on middleware and current status of work in the APAN region

Remarks(including Special arrangements if Any) (1) Room set up in classroom style with two Projectors
(2) Room with wireless internet access.
(3) SIP/H.323 Video Conferencing Facility for remote participation and remote speakers

Last Updated 19 July 2006