Changes between Version 21 and Version 22 of SPIDocs

Timestamp:

Sep 24, 2014 11:16:35 AM (10 years ago)

Author:

faber

Comment:

--

SPIDocs

@@ -34 +34 @@
   A realization is the binding of resources to an experiment.  Users can inspect and modify such bindings in carrying out their experiments.
 
-We describe each of these in more detail below.
+We describe each of these in more detail below.  They are interrelated and the descriptions link to one another in this document.  We intend for readers to jump between sections to help intuition.
 
 === The Implementation ===
@@ -305 +305 @@
 
 ||= Permission Name =||= Meaning =||
-|| ADD_USER || Request that a user be added to the project or confirm a request by a user to join the project ||
-|| CREATE_CIRCLE ||Create a new circle in the project's namespace (a name prepended by ''projectid'':)||
-|| CREATE_EXPERIMENT ||Create a new experiment in the project's namespace (a name prepended by ''projectid'':) ||
-|| CREATE_LIBRARY || Create a new library in the project's namespace (a name prepended by ''projectid'':) ||
-|| REMOVE_USER || Remove a user from the project.  Any objects they have created in the project's namespace remain ||
+|| ADD_USER || This user may request that a user be added to the project or confirm a request by a user to join the project ||
+|| CREATE_CIRCLE || This user may create a new circle in the project's namespace (a name prepended by ''projectid'':) ||
+|| CREATE_EXPERIMENT || This user may create a new experiment in the project's namespace (a name prepended by ''projectid'':) ||
+|| CREATE_LIBRARY || This user may create a new library in the project's namespace (a name prepended by ''projectid'':) ||
+|| REMOVE_USER || This user may remove a user from the project.  Any objects they have created in the project's namespace remain ||
 
 
@@ -316 +316 @@
 A user creates a project using the `createProject` operation on the `Projects` [wiki:SPIDocs#Services service].  Mechanically, the procedure to create a project is very similar to [wiki:SPIDocs#CreatingNewUsers creating a user].  An application will:
 
- * User the `getProfileDescription` operation on the `Projects` service to get an empty project profile
+ * Call the `getProfileDescription` operation on the `Projects` service to get an empty project profile
  * Gather data from the user to fill in the project description, including non-optional fields and proper formatting
  * Call the `createProject` with a project name from the user and that user as the project's owner.  (Administrators can create projects owned by other users).
@@ -366 +366 @@
 The key distinction between the two kinds of user groups is that a project confers access to the testbed resources in the large based on delegation of trust.  A circle confers rights to specific experiments and libraries.  Project membership is a prerequisite to accessing the testbed at all; circle memberships control access to specific abstraction instances inside the testbed.
 
-Once the testbed administration has palced their trust in a user through the project abstraction, they are free to collaborate without any further significant administrative oversight through the circles system.
+Once the testbed administration has placed their trust in a user through the project abstraction, they are free to collaborate without any further significant administrative oversight through the circles system.
 
 Projects and circles are related.  Each project has a linked circle that contains all the users who are members of the project.  The system keeps that circle and project membership synchronized.  One can think of assigning the rights to manipulate experiments and libraries to projects as existing Emulab code does.  Under the covers it is the linked circle that conveys the rights.
@@ -391 +391 @@
 
 ||= Permission Name =||= Meaning =||
-|| ADD_USER || Request that a user be added to the project or confirm a request by a user to join the project ||
-|| REALIZE_EXPERIMENT ||Allocate resources to an experiment and carry it out so that it is accessible to the members of this circle ||
-|| REMOVE_USER || Remove a user from the project.  Any objects they have created in the project's namespace remain ||
+|| ADD_USER || This user may yequest that a user be added to the project or confirm a request by a user to join the project ||
+|| REALIZE_EXPERIMENT ||This user may allocate resources to an experiment and carry it out so that it is accessible to the members of this circle ||
+|| REMOVE_USER || This user may remove a user from the project.  Any objects they have created in the project's namespace remain ||
 
 The `REALIZE_EXPERIMENT` permission means that a user can carry out an experiment under this circle.  This means members of the circle will:
@@ -402 +402 @@
 ==== Creating A Circle ====
 
-A user creates a circle using the `createCircle` operation on the `Circless` [wiki:SPIDocs#Services service].  Mechanically, the procedure to create a project is very similar to [wiki:SPIDocs#CreatingNewUsers creating a user] or [wiki:SPIDocs#CreatingAProject project].  An application will:
-
- * User the `getProfileDescription` operation on the `Circles` service to get an empty circle profile
- * Gather data from the user to fill in the project description, including non-optional fields and proper formatting
+A user creates a circle using the `createCircle` operation on the `Circles` [wiki:SPIDocs#Services service].  Mechanically, the procedure to create a project is very similar to [wiki:SPIDocs#CreatingNewUsers creating a user] or [wiki:SPIDocs#CreatingAProject project].  An application will:
+
+ * Call the `getProfileDescription` operation on the `Circles` service to get an empty circle profile
+ * Gather data from the user to fill in the circle profile, including non-optional fields and proper formatting
  * Call the `createCircle` with a project name from the user and that user as the project's owner.  (Administrators can create projects owned by other users).
 
@@ -446 +446 @@
 
 These are documented below.
+
+== Experiments ==
+
+The ''experiment'' abstraction encapsulates the [wiki:SPIDocs#TheFundamentalAbstractions layout, procedure, data requirements, and constraints] on an activity a researcher using to play with ideas or test a hypothesis. An experiment is realized by DETERLab into an environment that meets those requirements.  Realizing an experiment allocates resources in the testbed and grants access to the members of the [wiki:SPIDocs#Circles circle] in which the experiment is realized.
+
+Experiments are the unit of testbed activity that are shared between users for understanding ideas and reproducing results.
+
+The layout, procedure, data requirements and constraints on an experiment are sub-abstractions of an experiment called ''aspects''.  An experiment does not necessarily contain all aspects.  When a researcher first comes to DETERLab, their models and ideas are likely to be loosely defined.  We expect them to realize experiments that have only layout aspects.  As their ideas become more concrete and their results more stable, the other aspects become more fleshed out.
+
+The SPI treats aspects as first class objects that can be directly manipulated.  Users can add or remove them from experiments, and aspects interact with one another.  One can specify a data gathering or procedure aspect that is inconsistent with the layout aspect, and the SPI will find the discrepancy.
+
+Internally, aspects are plug-in modules of code, written to a well-defined interface, that cooperate to
+
+ * Generate experiment realizations
+   * Build layouts for experimentation and data gathering
+   * Control virtualization and simulation implementations
+   * Create layouts in the underlying hardware
+ * Orchestrate experiments
+   * Carry out procedures
+   * Collect data from experiments
+ * Present data
+   * Collect datasets
+   * Visualize ongoing and completed experiments
+
+To support the ongoing research in all these areas, and in areas we do not know about yet, the aspect interfaces are open, and the SPI implementation can easily import code written to it.  We expect to add SPI interfaces to dynamically add an aspect implementation to a running testbed.
+
+Because research on individual aspects is ongoing, the SPI presents fairly generic interfaces to them.  Each aspect is specified by a type, sub-type and name.  The operation of the aspect is controlled by a data block (often a file) attached to the (type, sub-type, name). The meanings of sub-types, names, and the interpretation of data blocks within aspects are controlled by the aspect.  Below we present a worked example of the layout aspect that illustrates this.
+
+Experiments also have [wiki:SPIDocs#Profiles profiles] attached to them so that other users can understand the purpose and goals of a project without investigating the aspects in detail.
+
+==== Experiment Names ====
+
+Like [wiki:SPIDocs#CircleNames circles], experiments are named within the scope of either a user (prefixed by userid) or project (prefixed by projectid).  The right to create an experiment in a project is controlled by the `CREATE_EXPERIMENT` [wiki:SPIDocs#ProjectPermissions project permission].
+
+==== Experiment Permissions ====
+
+As with other abstractions, access to experiments is controlled by permissions.  These permissions are assigned to circles rather than individual users.  Because each user is the sole member of an immutable circle named ''userid'':''userid'' permissions can be assigned per-user by assigning to that circle.  Similarly, assigning to the ''projectid'':''projectid'' circle assigns permissions to all members of a project.
+
+The permissions relevant to project are:
+
+||= Permission Name =||= Meaning ||
+|| MODIFY_EXPERIMENT || Circle members can change aspects of an experiment ||
+|| MODIFY_EXPERIMENT_ACCESS || Circle members can change the permissions of other circles ||
+|| READ_EXPERIMENT || Circle members can read experiment aspects and information bout access control ||
+
+Experiments are realized in circles.  A user may realize an experiment - alloate resources to it and set it running - if that user holds the `REALIZE_EXPERIMENT` [wiki:SPIDocs#CirclePerimssions permission] to the circle and the `READ_EXPERIMENT` permission to the experiment.
+
+==== Creating A New Experiment ====
+
+A user creates a circle using the `createExperiment` operation on the `Experiments` [wiki:SPIDocs#Services service].  Mechanically, the procedure to create a project is very similar to [wiki:SPIDocs#CreatingACircle creating a circle] or [wiki:SPIDocs#CreatingAProject project], though aspect data is also included.  An application will:
+
+ * Call the `getProfileDescription` operation on the `Experiments` service to get an empty experiment profile
+ * Gather data from the user to fill in the experiment profile, including non-optional fields and proper formatting
+ * Call the `createExperiment` with an experiment name from the user and that user as the experiment's owner.  (Administrators can create projects owned by other users).  Additionally, initial aspect definitions and initial access control lists may be specified.
+
+When `createExperiment` returns the experiment can be further manipulated.  An experiment with no access control lists and no aspects is a valid experiment.   Experiment owners always implicitly have all permissions to the experiment as well as the rights to control ownership and profile contents. 
+
+Because we expect some researchers to build some experiments incrementally from scratch, experiments are very liberal about their contents.  While an experiment with no access control lists and no aspects is valid, it is not very interesting to realize it until it has some aspects.
+
+A user can also specify all the experiment aspects and access control lists when `createExperiment` is called.
+
+==== Adding and Changing Experiment Aspects ====
+
+A user that is a member of a circle that has the `MODIFY_EXPERIMENT` [wiki:SPIDoc#ExperimentPerimissions permission] on an experiment can add or remove aspects from that experiment.  The operation to add aspects is `addExperimentAspects` in the `Experiments` service.  Changing existing aspects is done through `changeExperimentAspects`.
+