The Access Grid and Workspace Docking

1
The Access Grid and Workspace Docking

• Terry Disz
• disz_at_mcs.anl.gov
• The Futures Lab
• Math and Computer Science Division
• Argonne National Laboratory

2
Access Grid Project Goals

• Enable Group-to-Group Interaction and
  Collaboration
• Connecting People and Teams via the Grid
• Improve the User Experience Go Beyond
  Teleconferencing
• Provide a Sense of Presence
• Support Natural Interaction Modalities
• Use Quality but Affordable Digital IP Based
  Audio/video
• Leverage IP Open Source Tools
• Enable Complex Multisite Visual and Collaborative
  Experiences
• Integrate With High-end Visualization
  Environments
• ActiveMural, Powerwall, CAVE Family, Workbenches
• Build on Integrated Grid Services Architecture
• Develop New Tools to Specifically Support Group
  Collaboration

3
AG Systems Architecture

• Room Instrumentation, Technology, Organizing
  Software
• AG Nodes/Clients
• Edge device management, user interfaces and
  clients
• Gateway services to room oriented resources
• Virtual Venues
• Spatial metaphor and resource organization
• Access control and services management Network
  Services
• Stream processing and network management
• Applications
• Grid Services
• Record and Playback Service

4
An Access Grid Node is a designed space,
targeting group to group interaction. For secure
applications, physical security must be
considered in the design.
Each node sends audio and multiple video streams
(4)
All nodes receive all participants video and
audio streams
5
Access Grid Nodes
6
(No Transcript)
7
AG Nodes Communicate using IP Multicast
Network
Video Multicast Group
Audio Multicast Group
8
AG Nodes discover users and services through the
Venue
Venues provide Scope, Discovery and Persistence
Venue
Services Registry
P2P Service Usage
Services
Services
Services
Services
9
Third Parties can add, and AG Nodes use Peer to
Peer services
Venues provide Scope, Discovery and Persistence
Venue
P2P Service Usage
Discovery
Services Registry
Services
Services
Services
Services
P2P Service Usage
10
User authentication and authorization services
are available
Network
Access Control Matrix
11
Access Grid Software

• VV server package
• AG Node package
• Beacon and utilities
• Docking software
• Voyager package
• Demonstration applications (dppt, vic/vtk)
• Current release AG v1.3

12
Access Grid Documentation Project

• Community wide effort to document the Access Grid
• Based on the Linux documentation project
• Lead by Boston University
• Documentation of software, training and user
  manuals, Best Practices
• http//www.accessgrid.org/agdp/

13
AG Status

• Over 100 Nodes World Wide
• Venue servers in Europe, Asia, North America
• Many meetings every day Ag Schedule
• Weekly Management
• Tech sessions
• Classes
• Seminars
• Site Reviews
• Social (Kids on the Grid, Art events, Beer
  seminar, Maui Sunrise, Montana Wolves)
• No human factors studies completed yet, but
  plenty of anecdotes
• Planning for SCGlobal03
• New software under development

14
Workspace Docking

• Integration of local data and services with other
  AG participants
• Shared Files and documents
• Messaging
• Video
• Audio
• VNC-like desktop control
• Applications
• Answer to the question
• What do you call it when I want to show someone
  something from my computer?

15
Examples

• A user at an AG node wants to show everyone
  present a PDF document
• VNC export desktop
• Shared WEB browser
• Shared XPDF viewer
• A user at an AG node wants to send a private
  message to another user
• Chat invitation
• Mud whisper
• Web send POST-IT
• Private audio channel

16
Examples

• The next presenter at a session wants to
  privately review slides with a user at another
  site.
• Email them, or post Slides to a shared document
  site
• Remotely start and control PPT on others machine
• Review over private chat or audio channel
• A scientist wants to allow other users to control
  a scientific instrument interface on a
  workstation
• XMOVE
• XMX
• VNC

17
Problem DescriptionLet Me Show You This
18
Requirements

• Establish a Trusted Identity
• AG VV Login
• Scoping
• Create an audience
• Discovery
• Find who is present
• Find who has what capability
• Find what machines are available
• Find what services are available

• Security
• Find who has permission to do X
• Give someone permission
• Describe the thing
• XML Schemas
• Services
• Capabilities
• Initiation
• Platform Independent Messaging Environment
• Cause launch of apps on remote machines

19
Assumptions AG Services

• Registration Service
• Users authenticate to a Venue directly or via an
  AG node
• Methods of storing, delegating credentials
• Security
• Authentication Service
• Authorization API
• ACL manipulations, where I have permission
• Secure Communications API
• Discovery
• Identity Discovery API
• Capability/Service API
• AG scoping mechanism
• Persistence Service for Documents/files/etc
• API for accessing, storing

20
Workspace Docking Architecture
Add(classad) Update(classad) Del(Classad) Query(cl
assad)
Server Interface UpLoad(Classad) Delete(classad) C
lassadList RequestMatch(Classad)
Client Side Server Interface UpDate(ClassadList)
21
Workspace Docking Classad(ws classads are always
in the scope of a VV classad)
vv_classad service_ad ws_ad name
mod_date
created_date
filetype
location URL time_to_live
owner_ca
access_list registrant_ip
registrant_dn requirements (ie
other.ws_ad.owner_ca.domain ANL)
Notes Upload doesnt use service_ad
attribute Upload requirements specify
permissions Request classads use ws_ad to create
data elements for the requirements expression
22
(No Transcript)
23
finis
24
Radical Collocation

• Experts/domain specialists physically located
  within a single work place (I.e. Project Room)
  for the duration of a project ( one week to a few
  months)
• Examples space mission control, emergency
  situation rooms, operating theatres, automotive
  repair shop, trading floors, etc.
• Benefits of Collocation
• Constant real-time visual and audio communication
  is possible
• Ad hoc sub grouping is possible
• Multiple simultaneous conversations possible
• Ad hoc sharing of documents, workstations and
  applications
• Complex shared context is created in situ
• Large amount of shared work state is made
  persistent

25
Advanced Collaboration Environments

• Goals
• Use advanced computer mediated communications
  techniques to enhance work environments to enable
  increased productivity for collaborative work.
• Exploit the use of high-performance computing
  technologies (digital media, advanced networking,
  visualization, VR, etc.) to improve the
  effectiveness of large-scale collaborative work
  environments.
• Thoroughly investigate the thesis that network
  based advanced collaboration technology can
  create groupwork productivity benefits comparable
  to that of radical (classical) collocation for
  distributed work.

26
Stages of Collaborative Work

• Awareness
• Interaction
• Cooperation
• Collaboration
• Virtual Organization

Increasing need for persistent collaborative
infrastructure
Can adding the concept of Persistent Shared
Spaces to the current suite of computer supported
collaborative work tools enable the
cost-effective support of virtual organizations.
27
Components of an AG Node
RGB Video
Digital Video
Display Computer
Network
Shared App, Control
NTSC Video
Video Capture Computer
Digital Video
Analog Audio
Audio Capture Computer
Digital Audio
Mixer
Control Computer
RS232 Serial
Echo Canceller
28
Presence and Immersion 1

• Presence
• Concept originally concerned notion of
  Tele-presence
• Remote operation of equipment
• Remote exploration and task oriented work (e.g.
  planets, ocean floor, hazardous areas, surgery)
• The sensation of being there
• Recreate the sensory inputs of a remote location
• Match modalities with human sensory/perception
• Transmit over a network (latency, bandwidth)
• Provide natural way to interact with the remote
  location
• Achieving a sense of presence is a key human
  factor in the effectiveness of remotely piloted
  vehicles, tele-robotics, etc.

29
Presence and Immersion 3

• A users sense of presence depends on
• Coupling communications channels to sensory
  modalities
• Fidelity of the communications channels
• Low latency/lag and high-bandwidth (matched to
  sensory needs)
• The degree of immersion achieved
• Transparency of the human-computer interfaces
• The completeness of the re-created the world
• High-degree of task involvement improves sense of
  immersion
• High-degree of Immersion ? increased presence
• High presence ? increased sense of collocation
• Tele-Immersion combined notions of Tele-Presence
  and Immersion to indicate use of VR over networks

30
Session Startup Multimedia Streams
1. Authenticate Join Venue
2. Check authorization Compute new session
keys Return keys media data
Access Grid Venue
4. Media Metadata Session keys
3. Issue new keys to existing nodes
5. Start media tools Send/Recv media streams
Network
31
AG streams can be encrypted
Encrypted Video Stream
Network
Encrypted Audio Stream
Access Control Matrix
32
Data files can be securely shared.
Access Control Matrix
33
Access Grid Security Basic Tools

• Authentication Verification that a participants
  identity matches his claimed identity
• Authorization Verification that a participant is
  allowed access to the resources he requests
• Privacy Protection (via encryption) of data from
  eavesdropping
• Key Distribution Mechanism for securely sharing
  encryption keys with authorized parties

34
Authentication

• Current AG simple username/password
• Upcoming AG 2
• Each user issued credentials
• Credentials assert the identity of the user
  issued by a trusted authority
• Via proxy credentials, single sign-on possible
• Interoperable with computational Grid credentials

35
Authorization and Privacy

• AG Architecture defines authorization services
• Gate access to resources based on identities (as
  verified by authorization mechanism)
• Privacy enforced by bulk encryption of streaming
  data (audio/video) and data files
• AES (FIPS 197)
• Current AG Audio and Video tools implement AES

36
Key Distribution

• Via central server
• Server picks key
• Clients authenticate with server to retrieve key
• Peer to Peer via shared secrets
• Group-based algorithm computes shared secret from
  which keys are derived
• Perfect Forward Secrecy
• Knowledge of an encryption key does not allow
  determination of a future encryption key
• Required characteristic of key distribution
  mechanisms