Making the Grid Pay
Economic Services - Pricing and Payment
William Lee
London e-Science Centre
Imperial College London
Introduction
 In the Grid, we want to
“Decouple hosting and software
provision to enable shared and flexible
access to resource across multiple
administrative domains”
London e-Science Centre
Imperial College London
From Sharing to Trading
 Accessing shared grid resources without any
pre-existing trust relationship.
 Why should I trust that service?
 Why should the service trust you?
 How services differentiate themselves?
London e-Science Centre
Imperial College London
Four Fundamental Steps in a Trade
 Introduction
 Discovery / Semantic Grid
 Price Agreement
 Negotiation as a process to agree a price
 Settling a Contract
 Ends negotiation process with a monetary
commitment
 Executing a Trade
 Service Invocation
 Usage Logging
 Monetary Transaction
London e-Science Centre
Imperial College London
Negotiate and pay for
access to a single service
Application Service
Provider
Software
Provider
Hosting
Provider
Payment
Provider
PaymentPortType
Check Payment
AppSpecificPortType
NegotiationPortType
Invoke Service
Negotiate
Price and QoS
Authorise Payment
Client
London e-Science Centre
Imperial College London
NegotiationPortType Activity Diagram
Client
Price:(Integer, 10,2000)
Param1:(Float, 1, 100)
Param2:(Set, {a, b, c})
Param1 > 20 and
Param1 < 40 and
Param2 = {a}
NegotiationPortType
getNegotiableTerms()
NegotiableTerms
negotiate(Proposal)
Proposal
Param1 = 30 and
Param2 = {a}
Price = 400
Once all terms have
been instantiated and
client satisfies
AppSpecificPortType
Reasoning on internal
constraints and
objectives
…
negotiate(Proposal)
Commit on the last
proposed terms in the
session
Proposal
commit()
Signed document
containing agreed terms
Send Agreement in
SOAP header as ticket
Agreement
Sessional Activities
serviceOp()
London e-Science Centre
Imperial College London
Current Design
 Proposals are defined as constraints on
terms.
 Commit operation can carry payment
information to specify client’s monetary
commitment.
 Session information is carried by a unique id
element in the proposal document. Might
consider other Web Service standards for
session.
London e-Science Centre
Imperial College London
Payment Service Requirements
 Abstraction, Abstraction, Abstraction
 Realisation with multiple Payment Systems
 Identity Delegation
 Commodity Security
 Extensive use of WS-Security, XMLSignature
 Resists Replay Attack
London e-Science Centre
Imperial College London
PaymentPortType Activity Diagram
PaymentInfo
S: Client
Client
ChargeableService
PaymentPortType
commit(PaymentInfo)
authoriseTransaction(PaymentInfo)
PaymentInfo
S: Client, Service
Acknowledgement
Agreement
Terms, ID# , PaymentInfo
S: PaymentProvider, Service
ID# , PaymentInfo
S: PaymentProvider
serviceOp()
completeTransaction(PaymentInfo)
Agreement carried in SOAP
header
S: PaymentProvider, Service,
Client
ID#
S: Client, Service
London e-Science Centre
Imperial College London
PaymentPortType
 getPaymentSystem



Input: None
Output: informational document on supported payment system
Faults: None
 authoriseTransaction



Input: Account Information, Amount, max transactions, expiry
Output: signed acknowledgement of transaction ID#
Faults: FromAccountDoesNotExist, ToAccountDoesNotExist, SignatureFailed,
InsufficientFund
 completeTransaction



Input: signed transaction ID#
Output: none
Faults: SignatureFailed, InsufficientFund, TransactionAlreadyComplete,
TransactionDoesNotExist, TransactionHasExpired, etc..
London e-Science Centre
Imperial College London
Foiled Attacks
 Charging without Permission
 Service invocation requires client signed
authorisation, which the PaymentProvider
recognises
 Replay
 Once and only once. Invocation includes
transaction ID# + signed timestamp. Service
detects replay by keeping a cached list of recent
messages.
 PaymentProvider knows maximum number of
transactions, allows micro-payment.
London e-Science Centre
Imperial College London
Current Implementation
WS-Security JAX-RPC Handler
NegotiationPortType
Reasoning
Engine / Human
Operator
RDBMS
AppSpecificPortType
NegotiationStrategy
Instrumented
NegotiationSessionStore
Service Logic to
Term Assertion ensure terms are
API
not violated
AgreementStore
London e-Science Centre
Imperial College London
Current Implementation
WS-Security JAX-RPC Handler
PaymentPortType
AccountPortType
BACS, VISA, etc..
PaymentPortTypeImpl
London e-Science Centre
Imperial College London
AccountEJB
How ‘standard’ is the service?
 Interface Design
 WSDL to describe interface - WS-I (1)
 SOAP for messaging (1)
 WS-Security to sign message body with
client/service certificate (2)
 XML-Signature and XML-Encryption to
sign and encrypt payment information (1)
Risk: Low
London e-Science Centre
Imperial College London
Service Dependencies
 Implementation
 Java J2EE 1.4 Specification
 Currently using Sun Application Server
v.8.0. Follow standard J2EE API and
deployment model to achieve high
portability across compliant containers.
 Take advantage of persistence and
security role mapping.
 RDBMS: storing agreement
 Verisign TSIK toolkit: WS-Security
London e-Science Centre
Imperial College London
AAA & Security
 What authentication mechanism do you use?
 WS-Security X509 Certificate Profile
 What authorisation mechanism do you use?
 J2EE Role-based System
 What accounting mechanism do you use?
 Java Logging
 Does service interaction need to be encrypted?
 Yes
London e-Science Centre
Imperial College London
The Shape of Things to Come
 Evaluation of monetary Payment Systems
 Complex pricing strategy
 Tradable contracts
 Composition of Chargeable Services
 Workflow Optimisation
 Compensation if the service does not deliver?
 Brokering - e-Science North West
 True decoupling of software and hosting
London e-Science Centre
Imperial College London
A Market for Computational Services
 UK core e-Science Programme project
 Explore interface and protocols for trading grid
services
 Funded by the Department of Trade and Industry
 Collaborators
 London e-Science Centre
 e-Science Centre North West
 Southampton e-Science Centre
 UK Grid Support Centre
 Astrophysics at LJM
 http://www.lesc.ic.ac.uk/markets
London e-Science Centre
Imperial College London