Post-3.9.3 Interface Changes Under Consideration

Draft: 22 November 2004

Post-3.9.3 Interface Changes Description Justification Implications Status
1. RFT schema changes:
  1. Make transferCredentialEndpoint optional
  2. Add new fault that is triggered when delegation EPR is not found
Usability enhancement that enables the C GRAM client to provide a transfer credential without requiring the user to provide an explicit specification in the RSL This change introduces wireside incompatibility between 3.9.3 and future versions: rebuild of RFT with new WSDL required Change approved; change appears in 3.9.4. Done.
2. New command-line tool for the Delegation service to generate a transfer credential endpoint [Justification write-up needed] 3.9.3 users would not be affected by this change Denied for 4.0; functionality already available in a Java tool
3. Resynch w/Axis CVS to adopt the new Axis file naming convention for generated files Failure to adopt the new file naming conventions would mean that the Globus Alliance could not commit planned performance improvements to the Axis CVS and that GT would ship with a version of Axis that greatly differed from that in the Axis CVS. Service developers will need to change all references to names of Axis-generated classes.

The changes to the names are pretty straightforward: All underscores are dropped, the first letter of each word within the name is capitalized. If there are collisions between names, the name for the port type will end with _PortType and for the element with _Element. Examples include:

  • _foo.java -> Foo.java
  • _Foo_Bar.java -> FooBar.java
  • _GetMultipleResourceProperties.java -> GetMultipleResourceProperties_Element.java
  • GetMultipleResourceProperties.java ->
  • GetMultipleResourceProperties_PortType.java
(the same name collision rule applies to QueryResourceProperties and SetResourceProperties) 		Change approved; change appears in 3.9.4
4. Ensure that elementFormDefault and attributeFormDefault are defined in all GT WSDLs
  1. To provide consistency in schema definitions across GT WSDLs
  2. To ensure that global elements are namespace-qualified
This change introduces wireside incompatibility between 3.9.3 and future versions: rebuild of code with new WSDL required Change approved; change appears in 3.9.4
5. Substitute the element definition of subscribe-on-create in managed_job_factory_port_type.wsdl with a reference to the one contained in WS-BaseN.wsdl
  1. To use the standard subscription type
  2. To eliminate duplicate element definition
  1. This change introduces wireside incompatibility between 3.9.3 and future versions: rebuild of code with new WSDL required
  2. GRAM clients that use the subscribe-on-create operation will need to replace all references to the original stub class with references to the core schema. Specifically:

    [implementation details for GRAM client developers here]

 Change approved; change appears in 3.9.4
6. Add GT usage measurement interface Request from NSF [Design not complete, so implications for GT users not yet known] Change approved; change appears in 3.9.5
7. Remove non-public interface function from DelegationUtils. The function in question is getTokenFromRequest(RequestSecurityTokenType request) The removal allows us to significantly clean up some of the security code (~ 10 classes can be removed) Users should not be affected Change approved; change appears in 3.9.4
8. Update delegation service to make correct use of WS-Trust This change should make us compliant with the specification. This will make the protocol incompatible with 3.9.3 Change proposed; change deferred to post 4.0
9. Make the secure conversation security code use a security token reference and a security context token instead of the current KeyName element This change will make the protocol WS-I BSP compliant This will make the protocol incompatible with 3.9.3 Change approved; change appears in 3.9.5
10. Change the default security mechanism to transport security (https). This change will result in the following work items:

  1. All clients (Java & C, including web services acting as clients) will need to change their default to transport security (with a fallback to message level security if the address does not indicate a https endpoint)
  2. All secure services should be configured to accept all three available security options (no code change)
  3. The delegation utilities API will need to be changed to accommodate security mechanisms other than message. The function signatures that will change are all three varieties of the delegate(...) method. These will be replaced by a single delegate(...) call that takes as one of its parameters a client security descriptor.
  4. Documentation needs to change to indicate that containers should be started with a https listener.
This change will significantly reduce the messaging overhead This change will require a change in the public delegation service API Change approved; change appears in 3.9.4
11. A container level registry that allows one to discover all WS-Resources currently available in the container. I would propose that this should be done by making factories implement a service group with all the resource created by the factory and a container level resource group that lists all the factory services/WS-Resources. Note that there are tricky performance and scalability issues with this feature. This change was requested for the purpose of being able to manage resources in the container 3.9.3 users would not be affected by this change The proposal to allow discovery of all resources is denied due to scalability limitations of the proposed design; registration of factories and singletons to be supported, however; change appears in 3.9.5
12. A mechanism by which a admin user can destroy any WS-Resources instantiated in a container. Note that this can be done by either defining a administrator user (which would be useful for monitoring of resources as well) and giving that user the right to call destroy() on all the resources or by a service that exposes a destroy(EPR) operation. This change was requested for the purpose of being able to manage resources in the container 3.9.3 users would not be affected by this change Change approved, with the stipulation that the functionality be "off" by default and can only be turned on by and administrator-class person; change deferred to post 4.0
13. A service (container management service?) that exposes the following resource properties:

  • A resource property containing the overall version of the toolkit installation (e.g. 3.9.3)
  • A resource property containing the overall gpt versions of all installed packages.
  • A resource property containing the start time of the container.
This change was requested to aid in remote debugging and to help with systems management tasks. Specific projects requesting this? 3.9.3 users would not be affected by this change Change approved (if easy); change deferred to post 4.0
14. Add a configuration option to manage behavior of RFT Service when a MLST call to a GridFTP server fails. This will allow System Admins to configure RFT to transfer files between old GridFTP servers that don't support MLST. MLST is similar to doing 'ls -lt' on a command line. This change is made so that RFT can be backwards compatible with servers that don't support MLST. This is a schema change. A new element will be added to RFTOptionsType. Change approved; change appears in 3.9.5.Done.
15. Add a command line tool to globus_common called globus-version that returns the version number of the release. Quote from bug 1723: "To allow for a quick determination of the base release supporting the installation." 3.9.3 users would not be affected by this change Change approved; change appears in 3.9.4
16. Change the schema for the rendezvous type to use the xsd int types instead of the xsd integer types for rank, capacity, and tally. The xsd integer types are infinite and are awkward to use in C (openssl bignum) and Java (org.apache.axis.types.NonNegativeInteger); the others are just the language's integer primitives. 3.9.3 users would be affected by this change, but there are no known rendezvous users Change approved; change appears in 3.9.4
17. Add soft-state reliability to RP subscription across all services (core change?). Notification streams are currently unreliable and do not provide the soft-state self-healing semantics we've promoted in the MDS-2 architecture story. By adding periodic resend with upper and lower bounds on notification rate, we can provide convergence to static conditions while still being efficient under dynamic/transient conditions. Could be done as an extension that can be ignored by 3.9.3 users, or could be made mandatory if we think 3.9.3 style is broken. Change proposed; change deferred to post 4.0
18. Make client tools and GRAM utilize soft-state subscription for all state monitoring. This works in tandem with (17) to prevent toolkit components from hanging and deadlocking due to race conditions, transient faults, etc. that may cause recipient to miss an important state change that he is blocked on. Should only improve robustness of components, without changing their interfaces. Change proposed; change deferred to post 4.0
19. Make client tools and GRAM implement fall-back RP polling for all state monitoring. An alternate solution to (18) which does not require (17) to prevent toolkit components from hanging and deadlocking due to race conditions, transient faults, etc. that may cause recipient to miss an important state change that he is blocked on. Should only improve robustness of components, without changing their interfaces. Does not require core changes for notification, but instead requires the same workaround to be employed everywhere it is needed. Generic implementation deferred to post 4.0; appears in 3.9.5 for globusrun-ws.
20. Add "state mask" for life cycle monitoring RP subscriptions in Delegation, ManagedJob, and RFT. Recipients are not always interested in all changes an RP can have, so by expressing interest constraints in the subscription, the overall message traffic can be reduced. Could be done as an extension that can be ignored by 3.9.3 users, or could be made mandatory if we think 3.9.3 style is broken. Change proposed; change deferred to post 4.0
21. Make subscription lifetime bound by "parent". The meaning of a subscription and the resulting notification stream is only defined by its relationship to a resource being monitored, so there is no reason for subscriptions to outlive this parent. By implementing "chained" termination, we can reduce the footprint of the container without requiring more termination messaging overhead from clients. Clients who try to interact with a subscription after the parent resource is terminated will encounter a fault due to the subscription having been terminated automatically. Change proposed; change deferred to post 4.0
22. Add efficient timed-wait RP query interface across all services (core change?). An alternate solution to (17) using what has been referred to in OGSA/OGSI discussions as "one shot subscriptions". Instead of maintaining subscription resources to request asynchronous notification, an operation request is left "open" so that the asynchronous response can be issued in the response message. The recipient can retry on failure and prevent indefinite hanging. Whether this is more or less efficient or scalable depends on many underlying container and binding-level details. Would be done as an extension that can be ignored by 3.9.3 users. Change proposed; change deferred to post 4.0
23. Make use of timed-wait query in client tools and GRAM when waiting for life cycle changes in other resources. Works in tandem with (22) as an alternate solution to (18). See justification for (18). Should only improve robustness of components, without changing their interfaces. Change proposed; change deferred to post 4.0
24. Make client tools and GRAM only monitor states required for sequencing. Notification and monitoring are causing significant loads on the service container and increasing overall latency for client life cycles. By using mechanism proposed in (17)+(20) or (22), toolkit components can reduce this effect to the minimum required for safe function. Would reduce user-visible life cycle information if done in globusrun-ws, which could be overridden with a "verbose" mode that is more expensive. Would reduce client-visible life cycle information if done in services that expose state of other resources through their RPs. Change proposed; change deferred to post 4.0
25. Add "caching index" of DelegationFactory RPs to ManagedJobFactory RPs. Job clients that do automatic delegation must bootstrap information about the DelegationFactory through two levels of indirection. With this change, the number of client-driven round-trips will be reduced. Could be done as an extension that can be ignored by 3.9.3 users. Requires cache validity metadata or other invalidation signal, e.g. subscription, to refresh index. Change proposed; change deferred to post 4.0
26. Add persistent client-side caching of DelegationFactory info to client tools. Can further optimize round-trips addressed in (25) by allowing client tools to store results locally and reuse them instead of always querying. Could be done as an extension that can be ignored by 3.9.3 users. Requires cache validity metadata or other invalidation signal, e.g. reaction to DelegationFactory fault, to refresh cache. Change proposed; change deferred to post 4.0
27. Allow GRAM-generated Delegations to expire by default. Delegated credentials already have limited lifetimes and other limitations to make them "safe enough". By allowing their eventual reclamation to occur via expiry, we reduce the number of round-trips for a typical client. Increases pressure on Delegation resource to be implemented for scalability in the number of Delegations that litter the container. Change approved; change appears in 3.9.5
28. Make GRAM use only one listener to monitor a Delegation shared by multiple jobs. Will reduce the amount of signalling traffic and management footprint for having GRAM monitor Delegations. Should not affect external interface presented to users of GRAM or Delegation services. May require internal Delegation API changes in container. Change approved; change appears in 3.9.5
29. Make GRAM share credential files between a user's jobs when job references same Delegation resource. Will reduce the number of files on disk and the amount of external program overhead and disk I/O for credential creation and refresh. Is one possible approach to (28). Introduces new shared file cache problem like we had with GASS before, e.g. reference counting or other safety to manage lifetime of files shared by different jobs with independent lifetimes. Change approved; change appears in 3.9.5
30. Associate delegated credential file lifetime with Delegation resource. Approach to (29) that does not reintroduce file system cache problem we eliminated with removal of GASS cache. Delegation resource gets extended with GRAM-specific state and some GRAM features for user account and file manipulation are either called from Delegation service code directly or indirectly through some at-termination handler registry. Requires clients to coordinate management of lifetime of shared Delegation resource for all jobs. Change approved; change appears in 3.9.5
31. Add user account/file semantics to DelegationFactory interface. Exposes functionality of (30) through Delegation protocol so that clients could make use of delegated credential files for other purposes not involving GRAM jobs. May require DelegationFactory input schema changes that break compatibility with 3.9.3 users. Change denied.
32. Make globusrun-ws attempt to reuse automatically generated Delegations. To gain benefits of (28)-(30) for average Joe jobs, we need to cause sharing of automated Delegations between multiple jobs. User would not be able to perform different refresh strategies on credentials for different jobs unless he manually overrides sharing behavior. Should not affect interface for naive users of 3.9.3. Change approved; change appears in 3.9.5. globusrun-ws accepts cred file from DS.
33. Make GRAM attempt cleanup at termination even if cleanup is "held". Expiration is used for reclamation/recovery of resources and the cleanup clause is meant to do this for files. Disconnected user will not be able to view output files or other targets of cleanup clause if he is unable to do so before the job expires. Change approved; change appears in 3.9.4.
34. Make globusrun-ws skip release of cleanup "hold" state by default. Works in tandem with (33) to reduce number of round trips for typical jobs. Client can simply abandon jobs after fetching their final output via FTP and assume they will be reclaimed eventually. Appropriately conservative defaults mean that files destined for cleanup will linger in the account longer than with explicit release. This will also lead to more done and inactive job resources lingering in the container until their expiration times are reached. Change proposed; change deferred to post 4.0
35. Prefetch and poll important factory RPs throughout lifetime of container. Reduces variability of query time for "first query" versus rest of queries. Increases load and footprint of container slightly. Change proposed; change deferred to post 4.0
36. Change delegation resources to be soft references. Following tasks will be required to accomplish this:
  • Public API changes:
    • Extend DelegationRefreshListener to implement java.io.Serializable
    • Add public String getId() and public void setId(String listenerId) methods to interface.
    • Add unregister(String listenerId) API to DelegationUtil
  • Code changes:
    • Modify DelegationResource to implement PersistenceCallback to be able to use soft references.
    • Modify addListener in DelegationResource to generate and set listener id.
    • Change removeListener in DelegationResource to identify listeners based off the id.
Moving to soft references results in better scalability. Up to 10K delegations were tested.
  • End users would not be affected.
  • Listeners written for 3.9.3 Delegation Service need to be reworked. In the current toolkit, listeners written in RFT and GRAM module will need to be reworked. Proposed change is to have the listeners be initialized with resource home location and key information so as to be able to identify the resource(s) they are associated with and need to notify.
Change approved; change appears in 3.9.5
37. Add a means to notify listener when delegated credential is destroyed.

Public API change: Add public void credentialDeleted() method to delegation listener interface

 Allows for better clean up of credentials by subscribers, e.g. in GRAM this could be used to remove the credential from the user's account.
  • End users should not be affected.
  • Listeners written for 3.9.3 Delegation Service need to add a implementation (even if it is a no-op) of this function.
Change approved; change appears in 3.9.5
38. Add Service Group registration logic to all GT services (specifically, the MJFS, the RFT factory, CAS and the Index Service). The configuration changes necessary by default and the syntax of the config files to effect these changes should be greatly simplified:
  • The Index Service need only be configured with a parent index (or no change at all if there is no parent index).
  • The other abovementioned services should register by default into the local (in same container) index service. It will be necessary to make these services set to activateOnStartup as part of the manual installation procedure.
Usability improvement to simplify registration configuration Service configuration API would change Change approved; change to appear in 3.9.5
39. Add the following resource properties to all GT services:
  • startup time
  • informal type name
[justification missing] Would introduce wireside incompatibility as exposed RP document would change. Change approved; change deferred to post 4.0
40. Add multiple-source capability to aggregator framework.
At present, each aggregator instance can collect from only one source (those sources providing RP polling; subscription; execution; with others on the table for future development by us or others).
In practice, it turns out that it is desirable to collect information through more than one of these mechanisms into the same aggregator (for example, by collecting information about some services through RP polling, and others through execution of probes).
This change would let the aggregator host multiple sources 		Usability improvement that eases index configuration by removing the need to specify source by default; functionality improvement by allowing multiple source implementations to be used in a single index Index and Trigger Service configuration interface would change (basic configuration would need fewer changes) Change approved; change appears in 3.9.5
41. Make command-line RFT client use BaseClient that core provides. For consistency and also BaseClient in core provides more features. Command-line clients options will change. More options will be provided. Change approved; change appears in 3.9.4
42. Add anonymous authentication support to transport security implementation Allows unauthenticated access to services that currently do not require security (e.g. the index service) No impact on existing users, new feature. Change approved; change appears in 3.9.4
43. Change the StateChangeNotificationMessageType in the managed_job_port_type.wsdl. A fault element will only be included when there is a fault (e.g. set minOccurs=0). This change is being pushed as a fix for an Axis bug. It could be made in the gram java code to avoid a change to the schema (interface), but the schema change makes sense, so it was done there. Another example of the C core tooling being more strict than the java tooling. So this results in an error in the C tooling when job state notifications are received No impact on our java gram client. Only impact is to C GRAM client. Since globusrun-ws is the only one, there is no impact other than to ourselves. Change approved; change appears in 3.9.4
44. add WS-A action elements to the input and output elements of the release operation in the managed_job_port_type_compact.wsdl globusrun-ws gets an error in the C client WS addressing handler, because the WS Addressing header contains an unexpected Action value clients will need to recompile Change approved; change appears in 3.9.5
45. RFT schema change. RFTOptionsType and DeleteOptionsType elements should all have minOccurs="0" maxOccurs="1". This will allow a user to just specify the element they want to override. Currently, when overriding an element *all* elements are expected to be present. Usability clients will need to recompile Change approved; change appears in 3.9.4.Done.
46. RFT schema change. Add a new Resource Property that would calculate and dynamically update estimated time of completion of a transfer request basing on Performance Markers from GridFTP servers. Usability A new command-line client that prints out estimated time to stdout Change Proposed
47. Add configuration option in the server config file to set the allowable USER names for anonymous login. A value of "*" will disable all checks of USER name, a feature needed by my Thomas Ndousse funding. No impact on existing users, new feature. Change approved; change appears in 3.9.5
48. Add pre-auth timeout Allows for a quick failure and avoids DOS attacks by just connecting and not authenticating. The alternative is to wait for the control channel timeout value which is generally much longer No impact on existing users, new feature. Change approved; change appears in 3.9.5
49. Update to latest Axis Update to latest Axis 1.2 code from cvs. Contains a few memory management improvements, a number of bug fixes (some of which are critical for us), and other changes. One significant change that might affect us and our users is the change in the ordering of the arguments in the constructors of generated types. Before no particular order was imposed on the arguments and Axis people claim it was creating problems when different JVM were used (we never really ran into that problem). Now the arguments are sorted alphabetically. The code that creates an instance of some generated type using a constructor with multiple arguments might need to be checked/updated. This does not affect the code that creates an instance of some generated type using a default constructor and sets the values using the individual setter methods. Change approved; change appears in 3.9.5
50. Update to XIO HTTP Driver callbacks Eliminates custom callback type for HTTP metadata reads. Eliminates race condition where operations are cancelled but callbacks may still be issued by XIO HTTP driver. Simplifies HTTP Driver API. Code which uses the XIO HTTP driver will need to replace handle/attr cntls with a read or register_read operation and check the metadata in the data descriptor instead of waiting for a separate callback. Affected Globus components: XIO tests and WSRF C Messaging library. Change approved; change appears in 3.9.5
51. Add server-side recursive delete to GridFTP RFT needs to clean up directory trees. The server is able to recursively delete a directory far more efficiently than the client (which would have to recursively walk the tree, list each directory and delete each file separately) No impact on existing users of the server, new feature. RFT would need changes to make use of the new server feature. Change approved; change appears in 3.9.5
52. Add configuration option to gridftp server to specify target contact string(s) for usage statistics. Need to be able to specify additional or change default target for usage statistics No impact on existing users of the server, new feature. Change approved; change appears in 3.9.5
53. Add support for extended retr and stor to the xio gridftp driver. attr controls need to be added to allow setting parameters for extended retr and stor. There is no way to use extended server modules without this change. No impact on existing API, new feature. Change approved; change appears in 3.9.5
54. GridFTP server: Add configuration options to set authorization mode of the front-end->back-end connection. Currently the IPC connection does the default of NO authorization, options are needed to allow for self, host, or subject modes. No impact on existing users of the server, new feature. Change approved; change appears in 3.9.5
55. RFT: Add smarts to RFT command-line clients to reuse delegated credentials for same user if they are available. Currently RFT cli do not reuse delegated credentials which when reused can significantly improve performance. These changes should not affect current users. They are new features which will be only available to people who use latest client package. Change proposed; change deferred to post 4.0.
56. RFT: Provide cleaner client api for RFT that can be reused This may change the way the current clients work. Parsing of transfer.xfr file should be improved and probably replaced by a simpler properties file. Also provide a simpler client that can do globus-url-copy style transfers. This may change the format of transfer.xfr file and is not backwards compatible to old clients. Change Proposed
57. globusrun-ws in order to submit jobs where the fault type can be detected programmatically, a new command argument is needed to have the fault type displayed along with the normal error message. usability. This will be used by the gram integration test program no impact to users: this is a new argument that can be ignored. Change approved; change appears in 3.9.5
58. Java WS Core: Persistent HTTP connection support for Java client and standalone container. Reuse of HTTPS connections offers significant performance improvement. No major impact to the users as all the changes are done in the lower layers not exposed to the users. The standalone container needs to be rewritten to use the Java 1.4 non-blocking I/O which will make Java WS Core Java 1.4 dependent (at least in terms of the new container) Change Proposed
59. WS A&A: Remove the Globus specific wrapping done in the SAML authorization callout. This change brings the callout in line with the OGSA-Authz SAML callout specification. This change changes the wsdl interface, so any users currently using this callout would have to regenerate their authorization service interface (the endpoint for the SAML callout). To the best of our knowledge the only current user of this interface is PERMIS and it was PERMIS that requested this change. Change Proposed
60. C WS Core: Implement WS-Secure Messaging as a handler. This change includes modifications to the messaging API's handler information structures and defines, and some small changes to parts of the messaging API used by the stubs. These changes are needed to implement WS Secure Messaging as a handler which can easily be added to SOAP invocations. Applications which use the C WS Core will need to be recompiled and relinked. Stubs must be regenerated in order to take advantage of the new functionality. This will be done as part of the 4.0.1 maintenance release. Change Proposed