3rd International Workshop on Science Gateways for Life Sciences (IWSG 2011), 8-10 JUNE 2011 The DECIDE Science Gateway V. Ardizzone1,3,*, R. Barbera1,2,3 , A. Calanducci1,3, M. Fargetta1,3, G. La Rocca3, S. Monforte3, F. Pistagna3, R. Rotondo3, D. Scardaci3 1Consorzio COMETA, Via S. Sofia 64, 95123 Catania, Italy. 2Department of Physics and Astronomy of the University of Catania, Viale A. Doria 6, 95125 Catania, Italy. 3Italian National Institute of Nuclear Physics, Division of Catania, Via S. Sofia 64, 95123 Catania, Italy. ABSTRACT funded by the European Union under its Seventh Framework Pro- Motivation: The present paper reports on the architecture and the gram, is to design, implement, and validate a dedicated e- present implementation of the Science Gateway developed in the Infrastructure relying on the Pan-European backbone GÉANT context of the DECIDE project. The motivation of the work is to ena- [GEANT] and the National Research and Education Networks ble e-Health for European citizens irrespective of their social and (NRENs) and on the European Grid Infrastructure EGI.eu [EGI] financial status and their place of residence, providing them with and the National Grid Initiatives (NGIs) and based on the research access to a high-quality early diagnostic and prognostic service for infrastructure of neuGRID. the Alzheimer Disease and other forms of dementia, based on the Over this e-Infrastructure, a production quality service will be pro- European research network and Grid infrastructure. vided around the clock for the computer-aided extraction of diag- nostic disease markers for AD and schizophrenia from medical images. DECIDE will offer access to a big distributed reference 1 INTRODUCTION databases (850 and 2,200 datasets from normal and neurological The field of medical imaging has developed enormously in the past subjects, respectively), large distributed computing and storage 20 years. Image databases made of thousands of medical images resources (more than 1,000 CPU cores and 70 TB of storage), and are now available to be used as a reference for individual diagno- intensive image processing tools: sis. At the same time, sophisticated and computationally intensive x Automated segmentation of hippocampal volume from struc- algorithms have been developed that can extract information from tural magnetic resonance images to support the diagnosis of medical images invisible to the naked eye. In particular, brain dis- AD; eases are ready to benefit from such applications. Highly prevalent x Voxel-based statistical analysis of 18F-FDG positron emis- and burdensome chronic conditions such as Alzheimer Disease sion tomography (PET) and Tc99-ECD single photon emis- (AD) and other neurodegenerative and neurodevelopmental disor- sion tomography (SPECT) to assess patterns of brain hypo- ders can be diagnosed early with image-based markers of structural metabolism and hypo-perfusion to support the diagnosis of and functional brain changes, allowing early pharmacological or AD; rehabilitative interventions. Each year, 1.4 million Europeans will x Spectral-based statistical analysis of electroencephalographic develop a form of dementia (one every 24 seconds) and it is be- studies, used for the extraction of quantitative electrophysio- lieved that currently there are7.3 million Europeans living with logical markers to support the diagnosis of AD; dementia and about 35.6 million people worldwide. In addition, x Pattern recognition analysis of functional neuroimaging stud- that number is estimated to nearly double over the next 20 years to ies, already assessed for the extraction of class-related bi- 65.7 million people in 2030. In 2008, the total cost of illness of omarkers in the classification of schizophrenic patients with dementia disorders in the European Union was estimated to 160 18FDOPA PET and extended for functional 18F-FDG-PET billion Euro of which 56% were costs of informal care. Because of in neurodegenerative dementia. the ageing population and increasing pressures on public finances, dementia will become one of the major challenges in the next dec- DECIDE applications and tools are exposed to the end users (neu- ades for the sustainability of national health systems. rologists, physicians, and scientists in general) through a Science Unfortunately, neuroinformatics advancements require high com- Gateway [Wilkins-Diehr 2007, Wilkins-Diehr 2008]. putational and storage resources as well as large reference image In this paper the DECIDE Science Gateway is presented from the datasets of normal persons, confining their use to advanced aca- technical and technological point of view. The paper is organized demic hospitals and research centres equipped with appropriate as follows. Section 2 describes the architecture of the DECIDE human expertise and computational facilities. infrastructure and the methods and technologies used to build its Aim of the Diagnostic Enhancement of Confidence by an Interna- application portal. Section 3 reports on the implementation done so tional Distributed Environment (DECIDE) project [DECIDE], co- far and the first results obtained. Conclusions are drawn in Section 4. *Corresponding author; email: valeria.ardizzone@ct.infn.it. Copyright © 2011 for the individual papers by the papers’. Copying permitted only for private and academic purposes. This vo lume is published and copyrighted by its authors. 3rd International Workshop on Science Gateways for Life Sciences (IWSG 2011), 8-10 JUNE 2011 2 METHODS of neurology. Four different diagnostic/prognostic algorithms are The DECIDE platform is built on top of three fundamental pillars: planned to be provided as services in the DECIDE Science Gate- network connectivity, Grid computing resources and domain- way. They are based on advanced approaches for the enhancement specific scientific applications (see Figure 1). The network connec- of diagnostic confidence and on complex images or data pro- tivity brings together different type of structures (clinical and re- cessing. Mainly, their goal is to provide doctors at peripheral hos- search centers and academic research institutions) with a custom- pitals with service tools for determining clinical markers for the ized interconnection among all partner sites and granting high early diagnosis of neurological and psychiatric disorders (neuro- speed/large bandwidth and reliable access to the Grid infrastruc- degenerative diseases and schizophrenia) together with its prog- ture. The Grid infrastructure is used as a collaboration tool among nostic relevance: partners as a technological glue to harmonize and unify develop- x GridSPM [Castiglioni 2009]: specifically designed for ments and as an elastic pool of computing and storage resources SPECT and PET neurological clinical images, provides a where to host large volumes of data and perform their analyses. statistical analysis on a single-subject, based on Statisti- The Grid of DECIDE relies on the European GÉANT network and cal Parametric Mapping (SPM) for the early diagnosis of provides partner sites with direct links to their NRENs. DECIDE Alzheimer Disease and other neurodegenerative diseas- applications refer to four different diagnostic/prognostic algorithms es; which are based on advanced approaches to handle complex imag- x GridANN4ND [Turkheimer 2006, Bose 2008]: concerns es and aim at enhancing diagnostic confidence. Neuroimaging the analysis of PET biomarkers in Neurological and Psy- markers will be extracted by the techniques listed in the previous chiatric Disorders and provides a single-subject classifi- section, comparing the neuroimaging data of the patients to large cation of suspected patients through the use of an Artifi- reference database shared by the hospitals interconnected by the e- cial Neural Network; Infrastructure. The DECIDE services will be validated in cutting- x GridMRISeg [Morra 2008]: implements an automatic edge clinical conditions and the diagnosis of schizophrenia will algorithm for the subcortical segmentation of single- also be addressed. subject MRI brain images for hippocampal volume esti- mation, using the auto context model (ACMAdaboost) developed by LONI [LONI]; x GridEEG [Babiloni 2001, Babiloni 2009, Blinowska 2010]: based on a comparison of pathological versus normal subjects, implements EEG processing algorithms with the aim of detecting early symptoms of AD and dis- tinguishing different forms of degenerative impairment. Moreover, the project will design and implement a multimodal im- aging repository, to include MRI, PET and EEG datasets and made them available for exploitation to the data analysis software at the basis of the diagnostic/prognostic service. Medical data ownership remains of the Physicians who contribute with his medical data to the medical repository, uploading data and reports with their rele- vant authorization rights. No free download of medical data from the DECIDE repository will be possible, but is allows external ex- perts to use the medical data within the repository through the Fig. 1. Multi-layered architecture of the DECIDE platform. DECIDE diagnostic/prognostic service. DECIDE is focused on supporting neurologists and physicians in- volved in the assessment of neurodegenerative diseases in the di- 3 RESULTS agnosis and prognosis and aims at enhancing users confidence by As described in the previous section, and visually explained in improving the reliability of the required analysis and by integrating Figure 2, DECIDE aims to use e-Infrastructures to allow medical different clinical approaches. It has been conceived to target a non- experts to build a production quality service, running around the technical medical audience and tries to support the daily needs of clock, which allows doctors to execute algorithms on data coming neurologists while dealing with their patients, going well beyond from different diagnostic instruments in order to determine brain the world of research. markers for the early diagnosis of AD and other forms of dementia. The vertical approach to e-Health adopted by DECIDE ensures the requirements of the neurological community to be taken into ac- count from the very beginning in the design of application services to ensure full usability in a real clinical environment. The use of four different medical acquisition data (Magnetic Resonance Imag- ing - MRI, Positron Emission Tomography - PET, Single Photon Emission Computed Tomography - SPECT, and Electroenceph- alography - EEG) allows combining complementary diagnostic approaches on neurodegenerative disease diagnosis, enabling syn- ergies between different clinical domains and possibly supporting correlation studies among different clinical approaches in the field Copyright © 2011 for the individual papers by the papers’. Copying permitted only for private and academic purposes. This vo lume is published and copyrighted by its authors. 3rd International Workshop on Science Gateways for Life Sciences (IWSG 2011), 8-10 JUNE 2011 Storage System for on-the-fly data encryption/decryption [Scardaci 2007] which has proven to be robust and scalable [Scardaci 2009] and uniquely providing the requested features. gLibrary is a robust, secure and easy-to-use system to handle wide- spread digital assets stored on a distributed Grid infrastructure. All entries in gLibrary are organized according to their type: a list of specific attributes describe each kind of asset to be managed by the system. These are the same attributes that can be queried by users. Assets are associated with the proper type in the registra- tion/upload process. An asset catalogued as a given subtype inher- its the attributes of its parent type. Of course, types are defined ac- cording to the users' needs and taking into account the assets they want to manage. The flexibility and extensibility offered by this system allow different communities to adopt gLibrary for many cataloguing purposes. Input files can be read from local disks, net- Fig. 2. Pictorial view of the DECIDE infrastructure and services. work shared folders, HTTP/FTP servers, etc. and replicated to one or more storage elements on which the user is authorized to write. gLibrary can also manage assets already present on Grid resources, This section describes the elements of the DECIDE infrastructure through direct access to File Catalogues. A fine-grained authoriza- and its services and shows the results obtained so far (the project tion mechanism is used to set permissions: each asset, type and started on the 1st of September 2010). Separate sub-sections are category has a set of ACLs that restricts its usage, allowing asset devoted to the e-Infrastructure and to the Science Gateway. owners to grant access to selected groups or just a single user. Us- ers can view in the browsing interface only those entries, types and categories for which they are granted access privileges. 3 .1 The e-Infrastructure As of today, the DECIDE Grid infrastructure is made of ten sites (see Figure 3). Six of them, all officially belonging to EGI, consti- tute the production infrastructure while four constitute the pre- production infrastructure where the algorithms are developed and tested before being fully deployed. One of the sites (FBF) is also a site of the Grid infrastructures of the neuGRID [neuGRID] project with which DECIDE will be interoperable in terms of services, data and applications. Fig. 4. Architecture of the gLibrary system. gLibrary is built on top of the Lite middleware and uses the follow- ing services (see Figure 4), all deployed on the DECIDE infra- structure: Fig. 3. Layout of the DECIDE Grid infrastructure. x The Storage Elements (SEs) that provide uniform access to data storage resources. They can be single disks, large disk arrays or tape-based Mass Storage Systems; On all the sites of DECIDE, the latest version of the gLite middle- x The AMGA Metadata Catalogue [AMGA] that stores ware [gLite] is deployed and all of its most common services are metadata describing the contents of Grid files, allowing users installed and running. A dedicated instance of the Virtual Organi- to search for entries based on their descriptions; sation Membership Service (VOMS) is also available. x The LCG File Catalog (LFC) that maps logical filenames on- Besides the standard gLite middleware, two additional Grid ser- to the physical locations of replicas of a file stored in one or vices based on gLite are also deployed: the gLibrary framework for more Storage Elements; Grid-based digital repositories [Calanducci 2007] and the Secure Copyright © 2011 for the individual papers by the papers’. Copying permitted only for private and academic purposes. This vo lume is published and copyrighted by its authors. 3rd International Workshop on Science Gateways for Life Sciences (IWSG 2011), 8-10 JUNE 2011 x The Virtual Organization Membership Service (VOMS) that allows a detailed definition of users’ privileges and roles ac- cording to abstract entities called “Virtual Organizations” (VOs); x The Information Service (IS) that provides information about Grid resources and their status; in particular, the IS is used to discover the SEs available for a given VO. Even if at the moment gLibrary is very gLite-centric, it can easuly be easily integrated with other storage technologies, such as cloud platforms, as far as they provide some kind of URL for referring to files and support common transfer protocols such as HTTP/HTTPS, FTP, GSIFTP, etc.. One competitor of gLibrary is the gCube framework (www.gcube- system.org) developed in the context of the DILIGENT and D4SCIENCE projects. gCube provides many features but at the cost of an increased complexity in the initial setup, deployment and management of repositories. gLibrary currently provides less features with respect to gCube but it does it through a very easy-to- Fig. 5. Example of Secure Storage commands (lcg-scr). This command use and intuitive interface, hiding almost completely to the users uploads and encrypts a file on a storage element doing the following ac- tions: 1) a new random secret key is generated; 2) the key and the ACL are the complexity of the underlying infrastructure. saved on the keystore; 3) the input file is encrypted inside user trusted envi- The Secure Storage System provides users with suitable and sim- ronment; 4) The encrypted file is uploaded on the Grid Storage Element. ple tools to save confidential data in storage elements owned by an external organization in a transparent and secure way, hiding the complexity of the operations necessary to ensure data privacy, in- The Secure Storage service stores user files in a Storage Element tegrity and availability. The core component of the Secure Storage in an encrypted format. An authorized user could in principle is the keystore, a new grid element used to store and retrieve the download a file from a Storage Element breaking the access policy users’ keys in a seure way. The keystore has to be installed inside but, in any case, he/she would not be able to decrypt it because the data owner’s trusted environment and not accessible from the he/she does not own the key needed to do it. Then, data access external world to guarantee a good security level. The Secure Stor- control of the Secure Storage Service is based on the policy to ac- age Service has been designed to be integrated in the gLite mid- cess the keys on the keystore. Indeed, a user needs to get the prop- dleware and it is made of the following components: er decryption key from the keystore to access data in a clear for- x Command Line Applications: commands integrated in the mat. gLite User Interface to encrypt and upload, decrypt and The Secure Storage Service authorization model has been designed download files on the storage elements; to be integrated in the gLite middleware using the standard creden- x An Application Program Interface: the API allows the de- tials (proxy certificates with VOMS extensions) used in this envi- veloper to write programs able to manage confidential data ronment. In this way, users can exploit Secure Storage using their using the Secure Storage service; gLite credentials without the need to install new security software. x The Keystore: a new grid element used to store and retrieve The keystore implements an authentication procedure based on the the users’ keys in a secure way; information stored in the user’s proxy (user Distinguished Name x The Secure Storage Framework: is a component of the ser- and VOMS attributes). It provides or denies the key needed to de- vice, internally used by the other components. It provides en- crypt the data using an Access Control List (ACL) mechanism. An cryption/decryption functions and other utility functions. It ACL is associated to each decryption key and it can be made of takes care of interaction with the Grid Data Management one or more distinguished names (DNs) and/or one or more VOMS System. attributes. It extracts the DN and VOMS attributes from the X.509 proxy certificate and checks if the user is authorized. The keystore As an example, one of the Secure Storage commands is graph- provides users with the decryption key only if their DNs or VOMS ically explained in Figure 5. attributes contained in their proxy match with an entry in the ACL of the key. 3 .2 The Science Gateway This section describes the architecture and present status of the DECIDE Science Gateway. As shown in Figure 3, the Science Gateway is built within the Liferay framework and container [Lif- eray] and it is fully compliant with the JSR 268 (“portlet 2.0”) standard. Separate sub-sections are devoted to the various func- tional aspects of the portal. Copyright © 2011 for the individual papers by the papers’. Copying permitted only for private and academic purposes. This vo lume is published and copyrighted by its authors. 3rd International Workshop on Science Gateways for Life Sciences (IWSG 2011), 8-10 JUNE 2011 adopted by several Certification Authorities such as those of UK, 3.2.1 Authentication and Authorization The Netherlands, and Italy. Robot certificates are nowadays suc- The most important requirement of the DECIDE Science Gateway cessfully used, for instance, to automate Grid service monitoring, was to ease the access to the distributed computing and storage distributed data collection systems, and identify a responsible for resources by the largest possible community of (Grid non-expert) unattended services one wants to share with all the members of a clinicians through a set of well defined and domain specific appli- specific VO. From a security point of view, robot certificates are cations. In order to meet this requirement, authentication and au- usually stored on board of tamper-resistant devices such as smart- thorisation mechanisms have been conceived to provide a smooth cards. This improves the security and avoids any fraudulent use of access to the applications still preserving the security level re- the private keys. quested by the distributed e-Infrastructure and the typology of the In order to let physicians involved in the DECIDE project to access sensible information (clinical data) managed. Indeed, the neurolog- the computing and storage Grid resources through the Science ical data stored in the Science Gateway have extra requirements in Gateway, a new Grid authentication mechanism based on the use terms of security, anonymity and confidentiality. It must always be of robot certificates available on smart cards has been designed. clearly defined who can access which images for his/her own anal- The solution implemented (see Figure 6) extends the native Java™ ysis. Therefore, several web and Grid technologies have been Cryptographic Token Interface Standard (PKCS#11) [PKCS#11] adopted and deployed to ensure that the authentication and authori- with the Java CoG Kit [von Laszewski 2001] and the Bouncy Cas- sation mechanisms fulfil the stringent requirements and imple- tle [Bouncy Castle] APIs in order to implement a “lightweight” ments the expected roles and corresponding privileges. crypto-utility which may be used by generic Grid users, client ap- Moreover, in order not to confuse inexperienced users with differ- plications, Grid portals and/or Science Gateways to access robot ent sets of credentials, another design requirement was to have in certificates stored on smartcards and generate a proxy with VOMS place a Single Sign On (SSO) mechanism across all services a giv- extensions. en user is entitled (i.e., has the right) to use. The above requirements have been fulfilled by the adoption of the Shibboleth System [Shibboleth] for authentication and the Security Assertion Markup Language (SAML) to implement the SSO. Shibboleth allows institutions wishing to include the DECIDE Sci- ence Gateway as one of the resources of their users to simply and easily create an Identity Provider (IdP). When a user tries to use one of the DECIDE applications available on the Science Gateway, he/she is re-directed to the IdP of his/her own institute and the IdP is responsible for the identification of the user, generally through a pair of username and password. If the authentication by the IdP is successful, the control is returned to the Science Gateway which the user is automatically logged in. Currently, the portal is part of GrIDP federation, a new federation operated by Consorzio COMETA to manage several web portals. Nevertheless, a formal request to join the IDEM federation [IDEM], one of the biggest Shibboleth federations available. pro- vided by GARR, and including many Italian universities and re- search centres, has also been submitted. Once a user is authenticated, the authorisation system verifies Fig. 6. Overview of how the new “lightweight” crypto-library works. his/her credentials and the Scientific Board of DECIDE grant au- thorisations. A centralised LDAP server provides the authorisa- tions by associating users with roles so a user can perform on the The core of the new library is represented by the eTokenServer Science Gateway all the activities designed for the roles he/she is Java class, a multithreaded server which accepts all the requests associated with. coming from a list of authorized clients and manages a list of robot Once the user is authenticated and authorised to run one the certificates kept in the USB token. The client requests are satisfied DECIDE applications, the last step to be done is the creation of a by the TokenClient Java class. With this class, users, client appli- proxy certificate to secure Grid transactions. Usually, this requires cations, Grid portals and/or Science Gateways can send requests to the user to have a personal X.509 digital certificate and be regis- the eTokenServer for browsing the available X.509 certificates or tered in the VOMS of a given Virtual Organisation. Furthermore, generate Grid proxies with VOMS extensions. To improve the se- he/she also has to have his/her certificate loaded in the web brows- curity between clients and server, the SSL protocol is used to se- er which is very often a solution prone to security breaches. The cure the communications. adoption of personal certificates to access e-Infrastructures has Using this library it is possible to grant different VO attributes demonstrated to be difficult by non-expert users and represents a (roles and privileges) to the user depending on the application/task limiting factor to the rapid spreading of this technology in new sci- he/she wants to execute. The association of this grant is handled by entific domains where computer science is not a basic knowledge. the Science Gateway which takes care of providing the users with A notable step forward to make the access to Grid infrastructures a valid temporary proxy. as much transparent and as smooth as possible, has recently been The main difference with Grid portals available in other projects is achieved with the introduction of robot certificates, also referred as the use of two different security systems linked together by the portal certificates. The advantages introduced by this new kind of portal, providing users with an easy access to resources without the digital certificates are manifold and they have currently been need of personal certificates. From a security point of view, the Copyright © 2011 for the individual papers by the papers’. Copying permitted only for private and academic purposes. This vo lume is published and copyrighted by its authors. 3rd International Workshop on Science Gateways for Life Sciences (IWSG 2011), 8-10 JUNE 2011 authentication method is delegated to the institutions that can im- x Ensures operating system independency: most of the provid- plement very restricted approach. It is also possible to have even ed adaptors are written in pure Java and are tested both on better authentication methods than PKI certificates, e.g. mixing MS Windows and Linux operating systems. different approaches like password, biometrical, IP and so on. Ad- ditionally, the communication between the IdPs and the portal is As shown in Figure 7, middleware interfaces are exposed to end encrypted so the authentication step provides a security level at users through standard portlets embedded in the Liferay container. least comparable with other approaches. Grid transactions are secured by proxy certificates created by the On the other hand, the LDAP-based authorisation allows users to robot server described in the previous sub-section while data man- use the services provided by the portal. Actually, users cannot ac- agement services are used through the Representational State cess the resources but they have to demand to specific components Transfer (REST) functions of the gLibrary framework described in the communication with the services. Since users cannot access Section 3.1. without Shibboleth-based verification and the available services do not provide direct access to resources, it is almost impossible for users to perform malicious operations through the portal. However, in order to avoid any abuse, a pro-active logging system registers all users’ activities and matches these with the jobs regis- tered in the gLite Logging and Bookkeeping (LB) service. This information allows identifying all the operations ensuring the non- repudiability of Grid transactions which is one of the fundamental requirements of the Grid Security Infrastructure (GSI). Finally, the global security mechanism provides a safe environ- ment, at least comparable to a full PKI, where medical data can be managed without security or confidentiality problems. 3.2.2 Interface to Grid services Once authenticated to the Science Gateway, and authorized to run one of the DECIDE algorithms, users can choose one of the appli- Fig. 7. Schematic view of the main components of the DECIDE Science cations and start the procedure to submit an analysis job. The typi- Gateway. cal scenario that has been agreed with the physicians working in the project is the following: x The user fills a web form on the Science Gateway defining 3.2.3 User interface the input parameters of the application; As already mentioned above, the graphic front-end of the DECIDE x Input files to be analyzed by the selected algorithm are trans- Science Gateway has been developed using the Liferay portal ferred to the Science Gateway; framework and portlet container. Liferay is currently the most used x A job, described using the Job Description Language of gLite, framework to build Science Gateways in the “Grid world” and is automatically created and submitted to the DECIDE Grid ships with more than sixty portlets that can be easily combined infrastructure together with the input files; (mashed-up) to build complex and appealing e-collaboration envi- x The user is notified when the job is submitted and from then ronments. Other 200+ portlets are available in the repository of the on he/she can monitor its status through a dedicated portlet of Liferay community. the Science Gateway; As an example, Figure 8 shows the input page of the GridSPM ap- x When the job finishes, the user receives an email from the plication available on the DECIDE Science Gateway. Science Gateway containing the output of the job. The back-end engine that implements the above described scenario and interacts with the gLite Grid services behind the Science Gateway front-end has been written in pure Java using the jLite API [jLite] called through the functions of the jSAGA library [jSAGA]. jLite is a Java library providing simple API for access- ing gLite-based Grid infrastructures. It is intended for Java devel- opers who would like to avoid dealing with the complexities of the gLite middleware and want to reduce time and effort needed to build cross-platform Grid applications. jSAGA is a Java imple- mentation of SAGA (Simple API for Grid Applications) [Goodale 2011] standard specification defined by the Open Grid Forum [OGF]. jSAGA: x Enables uniform data management and execution manage- ment across existing grid infrastructures; x Makes extensions easy: adaptor interfaces are designed to minimize coding effort for integrating support of different middleware (besides gLite, the Globus Toolkit [Globus] and UNICORE [UNICORE] are also supported); Copyright © 2011 for the individual papers by the papers’. Copying permitted only for private and academic purposes. This vo lume is published and copyrighted by its authors. 3rd International Workshop on Science Gateways for Life Sciences (IWSG 2011), 8-10 JUNE 2011 Fig. 8. Input page of the GridSPM application available on the DECIDE The main goal of the DECIDE project is to exploit the e- Science Gateway. Infrastructure paradigm in order to provide a dedicated production quality service for computer-aided diagnosis and research in the To submit a job, users just have to select the patient gender, insert field of neurological diseases. DECIDE builds upon GEANT and the patient age, select the input images and... click a button. EGI with the aim of fulfilling the specific needs of the neuroscie Figure 9 shows a portlet that reminds the input parameters and tific and medical community. This will provide the community shows the status of the submitted jobs. with new diagnostic and research tools, and enable clinicians to When a job ends, the user is notified by email and the output is address new challenges in their domain. sent to him/her as an attachment. Figure 10 shows the notification The service that will be realized by the DECIDE project will be email and one example of job output. exposed to end users as a Science Gateway based on the Liferay portlet container and the gLite middleware and makes use of so- phisticated authentication and authorization mechanism able to ease the access and use still implementing a fine grained control on roles and corresponding privileges. The DECIDE Science Gateway will allow the creation and management of large distributed reposi- tories of medical images with the possibility to encrypt the stored data. The sustainability of DECIDE, at level of infrastructure, is ensured by the fact that all sites forming the production infrastructure be- long to organisations which are members of the National Grid Ini- tiatives established in their countries. At user lever, different initia- tives have been envisaged and already planned to reach long term sustainability. Examples are the training courses, for the accurate use of the DECIDE services, which will be provided during the lifetime of the project. ACKNOWLEDGEMENTS Fig. 9. Input data and status monitoring portlets of the GridSPM applica- The research leading to these results was conducted as part of the tion. DECIDE (Diagnostic Enhancement of Confidence by an Interna- tional Distributed Environment) consortium. For further infor- mation please refer to www.eu-decide.eu. REFERENCES DECIDE. All information about DECIDE, including deliverables and activity reports, can be found on the project website: www.eu-decide.eu. GEANT. All information about GEANT can be found on the website www.geant.net. EGI. All information about the European Grid Infrastructure can be found on the web- site www.egi.eu. LONI. All information about the Laboratory of Neuro Imaging of the University of California at Los Angeles can be found on the website www.loni.ucla.edu. Wilkins-Diehr N. (2007), Special Issue: Science Gateways - Common Co mmunity Interfaces to Grid Resources, Concurrency and Computation: Practice and Expe- rience, 19(6), 743-749. Wilkins-Diehr N., Gannon D., Klimeck G., Oster S., Pamidighantam S. (2008), TeraGrid Science Gateways and Their Impact on Science, IEEE Computer 41(11), 32-41. Castiglioni I. et al. (2009). A Grid-based SPM service (GriSPM) for SPECT and PET neurological studies, Eur J Nucl Med Mol Imaging 36, 1193–1195. Turkheimer F.E., Aston J. A. D., Asselin M. C. and Hinz R. (2006) Multi-resolution Bayesian regression in PET dynamic studies using wavelets, NeuroImage 32, 111- 121. Bose S. K., Turkheimer F. E., Howes O. D., Mehta, M. A. , Cunliffe R., Stokes P. R., Grasby P. M. (2008). The application of an artificial neural network to classifica- tion of schizophrenic patients and healthy controls using [18F] Fluorodopa PET imaging, Schizophrenia Research 106(2-3), 148-55. Fig. 10. End-job notification email and example of output of the GridSPM Morra J. H., Tu Z., Apostolova L. G., Green A. E., Avedissian C., Madsen S. K., application. Parikshak N., Hua X., Toga A. W. , Jack C. R. Jr., Weiner M. W., Tho mpson P. M., Alzheimer's Disease Neuroimaging Initiative (2008). Validation of a fully au- tomated 3D hippocampal segmentation method using subjects with Alzheimer's disease mild cognitive impairment, and elderly controls, Neuroimage 43(1), 59- 4 SUMMARY AND CONCLUSIONS 68, Erratum in Neuroimage 44(4), 1439. Copyright © 2011 for the individual papers by the papers’. Copying permitted only for private and academic purposes. This vo lume is published and copyrighted by its authors. 3rd International Workshop on Science Gateways for Life Sciences (IWSG 2011), 8-10 JUNE 2011 Babiloni F., Carducci F., Cincotti F., Del Gratta C., Pizzella V., Romani G. L, Rossini P. M., Tecchio F., Babiloni C. (2001). Linear Inverse Source Estimate of Com- bined EEG and MEG Data Related to Voluntary Movements, Human Brain Map- ping 14, 197–209. Babiloni C. et al. (2009). Directionality of EEG synchronization in Alzheimer's dis- ease subjects, Neurobiology of Aging 30, 93-102. Blinowska K., Kus R., Kaminski M., Janiszewska J. (2010). Transmission of brain activity during cognitive task, Brain Topography 23, 205-213. neuGRID. All information about neuGRID, including deliverables and activity re- ports, can be found on the project website: www.neugrid.eu. gLite. All information about the gLite middleware, including specification documents and user guides, can be found on the website glite.cern.ch. A. Calanducci et al. (2007), “A Digital Library Management System for the Grid”, Fourth International Workshop on Emerging Technologies for Next-generation GRID (ETNGRID 2007) at 16th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE-2007), GET/INT Paris, France, June 18-20, 2007 Andronico G. et al. (2011), e-Infrastructures for Cultural Heritage Applications, Handbook of Research Technologies and Cultural Heritage: Applications and En- vironments", G. Styliaras, D. Koukopoulos, F. Lazarinis (Eds.), IGI Global 2011, ISBN 978-1-60960-044-0 (hardcover) and 978-1-60960-045-7 (ebook), p. 341- 369. AMGA. All information about the AMGA Metadata Catalogue can be found on the website amga.web.cern.ch/amga. Scardaci D., Scuderi G. (2007), A Secure Storage Service for the gLite Middleware, Proceedings of the Third International Symposium on Information Assurance and Security, p. 261-266. Scardaci D. (2009). Using Secure Storage Service inside the EELA-2 Infrastructures, Proceedings of the Second EELA-2 Conference, p. 167-173. Liferay. All information about the Liferay portal framework can be found on the web- site www.liferay.com. Shibboleth. All information about the Shibboleth Syste m can be found on the website shibboleth.internet2.edu. IDEM. All information about IDEM Federation can be found on the website www.ide m.garr.it/. PKCS#11. All information about the Cryptographic Token Interface Standard, includ- ing the specification documents, can be found on the website www.rsa.com/rsalabs/node.asp?id= 2133. von Laszewski G., Foster I., Gawor J., and Lane P. (2001), A Java Co mmodity Grid Kit, Concurrency and Computation: Practice and Experience, 13(89), 643-662. http://www.mcs.anl.gov/~gregor/papers/vonLaszewski--cog-cpe-final.pdf. Bouncy Castle. All information about Bouncy Castle APIs can be found on the web- site www.bouncycastle.org. jLite. All information about jLite APIs, including source code and user manual, can be found on the website code.google.com/p/jlite. jSAGA. All information about jSAGA, including source code and user manual, can be found on the website grid.in2p3.fr/jsaga. Goodale T. et al. (2011), A Simple API for Grid Applications (SAGA), www.ogf.org/documents/GFD.90.pdf. OGF. All information about the Open Grid Forum and its activities and standards can be found on the website www.ogf.org. Globus. All information about the Globus Toolkit, including source code and user manuals, can be found on the website www.globus.org. UNICORE. All information about the UNICORE middleware, including source code and user manuals, can be found on the website www.unicore.eu. Copyright © 2011 for the individual papers by the papers’. Copying permitted only for private and academic purposes. This vo lume is published and copyrighted by its authors.