BIS-Grid Deployment Descriptor (.bdd)

The deployment descriptor contains all information that are necessary to deploy a workflow on the BIS-Grid Workflow Engine. At the moment there is no tooling to create a new deployment descriptor and therefore we advise to use the example deployment descriptor that is shown below and adjust all parts.

The deployment descriptor is part of the BIS-Grid deployment package .

Sample annotated deployment descriptor

<?xml version="1.0" encoding="UTF-8"?>
<!-- process 
     The attribute name is mandatory and must contain the QName of the workflow incluive its namespace! 
-->
<process xmlns="http://bisgrid.dgrid.de/services/management/deployment"
         xmlns:bpelns="http://jobsubmission"
         xmlns:wsa="http://www.w3.org/2005/08/addressing"
         xmlns:xsd="http://www.w3.org/2001/XMLSchema"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://bisgrid.dgrid.de/services/management/deployment http://bisgrid.d-grid.de/services/management/deployment/BIS-GridDeploymentDescriptor.xsd"
         name="bpelns:jobsubmission">

<!-- bpelDescription 
     defines the name of the .bpel file that includes the workflow description 
-->
    <bpelDescription>
        <location>jobsubmission.bpel</location>
    </bpelDescription>

<!-- partnerLinks
     defines the partner links that are used in the workflow. The name must match the name of the partner link in the WS-BPEL process
     Partner links with "myRole" describe services offered by the workflow engine. The "service" attribute is mandatory and defines the name of the service as it is deployed in the WS-BPEL engine
     Partner links with "partnerRole" describes servicxs used by the workflow. The "endpointReference" attribute is mandatory and defines whether the partner link is 
        static - an wsa:EndpointReference is given at deploy time (see TSSFactoryPLT)
        dynamic - the partner link EPR is assigned during the workflow
-->
    <partnerLinks>
        <partnerLink name="workflowPLT">
            <myRole service="workflowPLTService"/>
        </partnerLink>

        <partnerLink name="TSSFactoryPLT">
            <partnerRole endpointReference="static">
                <wsa:EndpointReference xmlns:s="http://unigrids.org/2006/04/services/tsf">
                    <wsa:Address>https://bisgrid.cit.tu-berlin.de:8080/DEMO-SITE/services/TargetSystemFactoryService?res=default_target_system_factory</wsa:Address>
                    <wsa:ServiceName PortName="TargetSystemFactory">s:TargetSystemFactoryService</wsa:ServiceName>
                </wsa:EndpointReference>
            </partnerRole>
        </partnerLink>

        <partnerLink name="TargetSystemPLT">
            <partnerRole endpointReference="dynamic" />
        </partnerLink>
        <partnerLink name="JobSubmissionPLT">
            <partnerRole endpointReference="dynamic" />
        </partnerLink>
        <partnerLink name="JobSubmissionPLT1">
            <partnerRole endpointReference="dynamic" />
        </partnerLink>
    </partnerLinks>


<!-- references
    references point ro resoruces that are necessary during the workflow execution. This can be XML schema or WSDL files.
      location: the location of the file. relative path to the file in the deployment archive or URL to the internet resource.
      type: is it a file insice the deployment archive or is it an url that must be retrieved from the internet
      namespace: the target namespace of the document
-->
    <references>
        <schema location="http://www.w3.org/2005/08/addressing/ws-addr.xsd" type="url" namespace="http://www.w3.org/2005/08/addressing"/>
        <schema location="http://schemas.ggf.org/jsdl/2005/11/jsdl" type="url"  namespace="http://schemas.ggf.org/jsdl/2005/11/jsdl"/>
        <schema location="JobManagement.xsd" type="file" namespace="http://unigrids.org/2006/04/services/jms" />
        <schema location="TargetSystem.xsd" type="file" namespace="http://unigrids.org/2006/04/services/tss" />
        <schema location="TargetSystemFactory.xsd" type="file" namespace="http://unigrids.org/2006/04/services/tsf" />
        <schema location="bf-2.xsd" type="file" namespace="http://docs.oasis-open.org/wsrf/bf-2" />
        <schema location="r-2.xsd" type="file" namespace="http://docs.oasis-open.org/wsrf/r-2" />
        <schema location="rl-2.xsd" type="file" namespace="http://docs.oasis-open.org/wsrf/rl-2" />
        <schema location="unigridsTypes.xsd" type="file" namespace="http://unigrids.org/2006/04/types" />
        <schema location="wsrf-bp.xsd" type="file" namespace="http://schemas.ggf.org/ogsa/2006/05/wsrf-bp" />
        <wsdl location="JobManagement.wsdl" type="file" namespace="http://unigrids.org/2006/04/services/jms"/>
        <wsdl location="tss.wsdl" type="file" namespace="http://targetSystem"/>
        <wsdl location="TargetSystemFactory.wsdl" type="file" namespace="http://unigrids.org/2006/04/services/tsf"/>
        <wsdl location="workflow.wsdl" type="file" namespace="http://jobsubmission"/>
        <wsdl location="rpw-2.wsdl" type="file" namespace="http://docs.oasis-open.org/wsrf/rpw-2"/>
        <wsdl location="wsrfservice_jobsubmission.wsdl" type="file" namespace="http://wsrfservice"/>
        <wsdl location="TargetSystem.wsdl" type="file" namespace="http://unigrids.org/2006/04/services/tss"/>
        <wsdl location="tssfactory.wsdl" type="file" namespace="http://bisgrid.dgrid.de/wrapper/tssfactory"/>
        <wsdl location="rw-2.wsdl" type="file" namespace="http://docs.oasis-open.org/wsrf/rw-2"  />
    </references>

<!-- serviceDescriptions 
    A service description is used to provide additional information for the invokation of external services. 
      The content of /ServiceAddress/Address/text() is used as index for the desciption. The URL inside this tag must not really exist (then it is used as index and the NewServiceAddress EndpointReference determines the real endpoint).
      Credential: is the id of the Credential configuation that shoud be used for this service
      ServiceType: determies the type of the external service (Credential Configuration must be configured correctly)
        - UNICORE6 - This is a UNICORE 6 service and certificate based authentication is used 
        - GT4 - This is a Globus Toolkit 4 service and WS-Security and Proxy certificates are used for authentication
        - WebService - The service is a WebService supporting no security or just username password authentication
-->   
    <serviceDescriptions>
        <ServiceDescription ServiceType="UNICORE6" xmlns="http://bisgrid.dgrid.de/services/workflow/properties/WorkflowService" xmlns:add="http://www.w3.org/2005/08/addressing">
            <ServiceAddress>
                <add:Address>https://bisgrid.cit.tu-berlin.de:8080/DEMO-SITE/services/TargetSystemFactoryService</add:Address>
            </ServiceAddress>
            <Credential>unicore</Credential>
        </ServiceDescription>
        <ServiceDescription ServiceType="UNICORE6" xmlns="http://bisgrid.dgrid.de/services/workflow/properties/WorkflowService" xmlns:add="http://www.w3.org/2005/08/addressing">
            <ServiceAddress>
                <add:Address>https://bisgrid.cit.tu-berlin.de:8080/DEMO-SITE/services/TargetSystemService</add:Address>
            </ServiceAddress>
            <Credential>unicore</Credential>
        </ServiceDescription>
        <ServiceDescription ServiceType="UNICORE6" xmlns="http://bisgrid.dgrid.de/services/workflow/properties/WorkflowService" xmlns:add="http://www.w3.org/2005/08/addressing">
            <ServiceAddress>
                <add:Address>https://bisgrid.cit.tu-berlin.de:8080/DEMO-SITE/services/JobManagement</add:Address>
            </ServiceAddress>
            <Credential>unicore</Credential>
        </ServiceDescription>
    </serviceDescriptions>

<!-- credentialDescriptions
  A credential descrition describes a credential that is used to send a message to another service
   - Id - the id to find the correct description with information from teh service description
   - The attribute type is mandatory and defines the content of the CredentialDescription. See documentation for more information.
-->
    <credentialDescriptions>
        <CredentialDescription Id="unicore" Type="samldelegation" xmlns="http://bisgrid.dgrid.de/services/workflow/properties/WorkflowService">
                  <CredentialDelegation>EMAILADDRESS=unicore-support@lists.sf.net, C=DE, O=unicore.eu, OU=Testing, CN=UNICORE demo user</CredentialDelegation>
            <ServiceCallKeystoreDescription KeystoreSelection="UNICOREX"/>
        </CredentialDescription>
    </credentialDescriptions>

<!-- AccessRules
   The access rules limits the access rights for the service. The rules must be formulated as XACML 1.0 rules
      It is important the the Resource Part of the AccessRules limit the access to the services that are created exactly for the deployed workflow. Therefore the 
      resource-id must be <workflow deployment name>WorkflowService and respectively the wsresource of the BISGridWorkflowFactories must be <workflow deployment name>Factory
-->
  <accessRules >
    <Rule RuleId="Permit:jobsubmissionWorkflowSerivce_for_user" Effect="Permit" xmlns="urn:oasis:names:tc:xacml:1.0:policy">
          <Description>Access to the jobsubmissionWorkflowSerivce_for_user is granted for authorised users.</Description>
          <Target>
            <Subjects>
              <AnySubject/>
            </Subjects>
            <Resources>
              <Resource>
                <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
                  <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">jobsubmissionWorkflowService</AttributeValue>
                  <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI" MustBePresent="true"/>
                </ResourceMatch>
              </Resource>
            </Resources>
            <Actions>
              <AnyAction/>
            </Actions>
          </Target>
          <Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
              <SubjectAttributeDesignator AttributeId="role" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
            </Apply>
            <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">user</AttributeValue>
          </Condition>
        </Rule>

        <Rule RuleId="Permit:Creation_of_jobsubmissionWorkflows_for_user" Effect="Permit" xmlns="urn:oasis:names:tc:xacml:1.0:policy">
          <Description>Users are allow to create instances of the workflow</Description>
          <Target>
            <Subjects>
              <AnySubject/>
            </Subjects>
            <Resources>
              <Resource>
                <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
                  <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">BISGridWorkflowFactories</AttributeValue>
                  <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI" MustBePresent="true"/>
                </ResourceMatch>
                <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                  <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">jobsubmissionFactory</AttributeValue>
                  <ResourceAttributeDesignator AttributeId="urn:unicore:wsresource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
                </ResourceMatch>
              </Resource>
            </Resources>
            <Actions>
              <AnyAction/>
            </Actions>
          </Target>
          <Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
              <SubjectAttributeDesignator AttributeId="role" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
            </Apply>
            <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">user</AttributeValue>
          </Condition>
        </Rule>
 </accessRules>


</process>