Making the Grid Pay Economic Services - Pricing and Payment William Lee London e-Science Centre Imperial College London Introduction In the Grid, we want to “Decouple hosting and software provision to enable shared and flexible access to resource across multiple administrative domains” London e-Science Centre Imperial College London From Sharing to Trading Accessing shared grid resources without any pre-existing trust relationship. Why should I trust that service? Why should the service trust you? How services differentiate themselves? London e-Science Centre Imperial College London Four Fundamental Steps in a Trade Introduction Discovery / Semantic Grid Price Agreement Negotiation as a process to agree a price Settling a Contract Ends negotiation process with a monetary commitment Executing a Trade Service Invocation Usage Logging Monetary Transaction London e-Science Centre Imperial College London Negotiate and pay for access to a single service Application Service Provider Software Provider Hosting Provider Payment Provider PaymentPortType Check Payment AppSpecificPortType NegotiationPortType Invoke Service Negotiate Price and QoS Authorise Payment Client London e-Science Centre Imperial College London NegotiationPortType Activity Diagram Client NegotiationPortType AppSpecificPortType Price:(Integer, 10,2000) Param1:(Float, 1, 100) Param2:(Set, {a, b, c}) getNegotiableTerms() Param1 > 20 and Param1 < 40 and Param2 = {a} negotiate(Proposal) Param1 = 30 and Param2 = {a} Price = 400 Once all terms have been instantiated and client satisfies Signed document containing agreed terms Send Agreement in SOAP header as ticket NegotiableTerms Proposal Reasoning on internal constraints and objectives … negotiate(Proposal) Commit on the last proposed terms in the session Proposal commit() Agreement Sessional Activities serviceOp() London e-Science Centre Imperial College London Making Service Negotiable Decorator Pattern negotiate() serviceOp() commit() NegotiationPortType AppSpecificPortType Assert agreed usage London e-Science Centre Imperial College London Current Design Proposals are defined as constraints on terms. Commit operation can carry payment information to specify client’s monetary commitment. Session information is carried by a unique id element in the proposal document. Might consider other Web Service standards for session. London e-Science Centre Imperial College London Payment Service Requirements Abstraction, Abstraction, Abstraction Realisation with multiple Payment Systems Identity Delegation Commodity Security Extensive use of WS-Security, XMLSignature Resists Replay Attack London e-Science Centre Imperial College London PaymentPortType Activity Diagram PaymentInfo S: Client Client ChargeableService PaymentPortType commit(PaymentInfo) authoriseTransaction(PaymentInfo) PaymentInfo S: Client, Service Acknowledgement Agreement Terms, ID# , PaymentInfo S: PaymentProvider, Service ID# , PaymentInfo S: PaymentProvider serviceOp() Agreement carried in SOAP header S: PaymentProvider, Service, Client completeTransaction(PaymentInfo) ID# S: Client, Service London e-Science Centre Imperial College London PaymentPortType getPaymentSystem Input: None Output: informational document on supported payment system Faults: None authoriseTransaction Input: Account Information, Amount, max transactions, expiry Output: signed acknowledgement of transaction ID# Faults: FromAccountDoesNotExist, ToAccountDoesNotExist, SignatureFailed, InsufficientFund completeTransaction Input: signed transaction ID# Output: none Faults: SignatureFailed, InsufficientFund, TransactionAlreadyComplete, TransactionDoesNotExist, TransactionHasExpired, etc.. London e-Science Centre Imperial College London Foiled Attacks Charging without Permission Service invocation requires client signed authorisation, which the PaymentProvider recognises Replay Once and only once. Invocation includes transaction ID# + signed timestamp. Service detects replay by keeping a cached list of recent messages. PaymentProvider knows maximum number of transactions, allows micro-payment. London e-Science Centre Imperial College London Current Implementation WS-Security JAX-RPC Handler NegotiationPortType Reasoning Engine / Human Operator RDBMS AppSpecificPortType NegotiationStrategy Instrumented NegotiationSessionStore Service Logic to Term Assertion ensure terms are API not violated AgreementStore London e-Science Centre Imperial College London Current Implementation WS-Security JAX-RPC Handler PaymentPortType AccountPortType BACS, VISA, etc.. PaymentPortTypeImpl London e-Science Centre Imperial College London AccountEJB How ‘standard’ is the service? Interface Design WSDL to describe interface - WS-I (1) SOAP for messaging (1) WS-Security to sign message body with client/service certificate (2) XML-Signature and XML-Encryption to sign and encrypt payment information (1) Risk: Low London e-Science Centre Imperial College London Service Dependencies Implementation Java J2EE 1.4 Specification Currently using Sun Application Server v.8.0. Follow standard J2EE API and deployment model to achieve high portability across compliant containers. Take advantage of persistence and security role mapping. RDBMS: storing agreement Verisign TSIK toolkit: WS-Security London e-Science Centre Imperial College London AAA & Security What authentication mechanism do you use? WS-Security X509 Certificate Profile What authorisation mechanism do you use? J2EE Role-based System What accounting mechanism do you use? Java Logging Does service interaction need to be encrypted? Yes London e-Science Centre Imperial College London The Shape of Things to Come Evaluation of monetary Payment Systems Complex pricing strategy Tradable contracts Composition of Chargeable Services Workflow Optimisation Compensation if the service does not deliver? Brokering - e-Science North West True decoupling of software and hosting London e-Science Centre Imperial College London Conclusion Economic Services enable a public shared resource grid. Not just a scheduling mechanism. Discovery and Introduction can reuse existing WS standards. Settlement and Execution requires session feature. Can use any off-the-shelf specifications once available. London e-Science Centre Imperial College London A Market for Computational Services UK core e-Science Programme project Explore interface and protocols for trading grid services Funded by the Department of Trade and Industry Collaborators London e-Science Centre e-Science Centre North West Southampton e-Science Centre UK Grid Support Centre Astrophysics at LJM http://www.lesc.ic.ac.uk/markets London e-Science Centre Imperial College London