Next: 2. Installation
Clarens is a framework for writing grid-enabled web service applications - both
clients and servers. The terms "web service" and "grid" might need some
- Web Services are generally understood to beremote procedure calls
encoded in XML and transported using the http protocol. This name is
rather unfortunate, since the transport protocol is in fact an implementation
choice. Also, web services have nothing to do with web pages as rendered by web
- The term Grid refers to a software and hardware infrastructure that
provides dependable, consistent, pervasive, and inexpensive access to high-end
computational capabilities, according to Foster & Kesselman (1999)
Though vague, the latter definition provides some clues as to the intent of grid
computing: namely the ubiquitous provision and access to computational facilities.
The dependability of these resources as well as the cost of access, and the power
of the computational machinery that is made available are in fact determined
post-facto by physical, economical and implementation factors.
Web services deployed over a wide area network such as the internet provides the
ideal vehicle for implementing and deploying computational grids because of the
ubiquity of access to the internet and its well-standardized infrastructure.
From the above, grid computing is part of the continuing trend of commoditization
of communications protocols at a higher functional level than the internet
protocol (IP) hypertext transfer protocol (HTTP) or information prepresentation
in e.g. extensible markup language (XML).
The original Clarens server described in this document implements web services
using a combination of the Apache  web server and the Python
 language. The choice of programming language was prompted by
its wide use in the CMS experiment at CERN. Since the goal of grid computing is
to provide ubiquitous access, it should be strongly emphasized that these are
merely implementation details, and there is in fact an effort to produce an
equivalent server implementation using the Java  language.
The cornerstone of ubiquitous resource access is a universal identification space.
Users and providers of Clarens services are mutually identified through the use
of cryptographically signed certificates using the X509 directory standard
embedding so-called public keys. Through the wonders of public/private key
encryption , these certificates are used both for identification
and to establish secure communication channels.
Certificates are signed by Certification Authorities (CAs) that vouch for the
indentity of a certificate through some physical verification mechanism. Security
of the system depends of the accuracy of this certification, the secrecy of the
private key used in communications, and dealing with breakdowns in this trust
relationship by quick propagation of certificate revocation information.
In the context of web services, Clarens servers support the widely used
Secure Sockets Layer (SSL) standard for establishing secure communications, but
additionally uses either so-called Cookies or HTTP Basic authentication
to exchange credentials securely. For e complete description of this exchange
mechanism, see section 7. Work is also underway to add support
for the Globus Security Infrastructure (GSI) version of GSSAPI
by the Globus project .
Next: 2. Installation