I enclose 2 Referee reports on your paper. We would be pleased to accept it and could you please send me a new version before November 5 99 Please send a memo describing any suggestions of the referees that you did not address Ignore any aggressive remarks you don't think appropriate but please tell me. I trust you! Thank you for your help in writing and refereeing papers! PS I think you should add material from Erol's Thesis Referee 1 ************************************************************** Subject: C426 JGSI Review 1. Overall ******** This is not a subject I follow, or understand well, so I had a hard time getting the point of the paper. Is it an overview? A review? A report of ongoing research? This paper was imported to Acrobat incorrectly which chopped off a significant fraction of the bottoms of every page. Otherwise, it is an interesting topic, and one which is far broader than Grande applications. 2. Comments for Author(s) ********************* Use of acronyms. A large number of acronyms were used without introduction, ranging from fairly common, such as OO, API, JDBC, CORBA, ORB, to ones more esoteric, like PKI, SSL, and ones I don't know, like HPCC, ASC MSRC, PBS, AVS, OMG. * Missing reference - First sentence, para. 2, page 2, AVS and Khoros should have references. * Repeated word - Third sentence, para. 4, page 2, "complexity" is repeated. * Incorrect plural - Third sentence, para. 4, page 2, should be "...using the industry standard distributed-object..." * Interchanged words - Fourth sentence, para 2, page 3, should be "...in general, with which to..." * Run-on sentence - Fourth sentence, para. 1, page 5, should be "...even the front-end developer. Thus, the Gateway..." * Typo - Third sentence, para. 2, page 5, should be "...(such as Globus) or an external scheduler..." * Repeated word - Fourth sentence, para. 3, page 7, "similar" is repeated. * Incorrect plural - First sentence, para. 2, page 8, should be "...with servlet support..." * Incorrect tense - Sixth sentence, para. 2, page 8, should be "...support is built on..." * Incorrect punctuation - First sentence, para. 2, page 9, comma should be period. * Jumbled sentence - Fourth sentence, para. 2, page 9, the phrase "...connecting included in an application." 3. Comments for Editor(s) ******************** This paper was imported to Acrobat incorrectly which chopped off a significant fraction of the bottoms of every page. Referee 2 ************************************************************* Subject: C426 JGSI Review >a)Overall Recommendation Good work. I recommend it for publication. >b)Words suitable for authors The abstract should emphasize the advantages of this work over competing systems, particularly in the area of security. The first paragraph of section 1 should include a definition of HPCC? The first full paragraph of page 2 should includes references for AVS and Khoros. The second paragraph of section 2 should include a reference for JavaBeans. The third paragraph of section 2 should address what other resources, such as data files, need to be managed. In figure 1, I suggest the following changes: o label which components comprise which tiers o show what kinds of messages and data blow boxes and in what direction o show AKENTI, gateway servers, web servers in the figure I would move the discussion of the gateway security model after discussion of the middle tier, or move it as far forward as possible. The next to last paragraph of the section "Secure CORBA: middle tier security" should contain a reference for the OMG specification. In the last paragraph of the aforementioned section, in the sentence beginning "CORBA is very flexible", change "and support no delegation" to "and supports a no delegation model". In the same sentence, change "composite delegation (the" to " composite delegation model (the". In the aforementioned paragraph, perhaps an argument should be made as to why security unaware applications should use the intersection of privileges. Could figure one and figure 2 be combined in a meaningful way? Perhaps splitting them in two between interfaces and implementations? In paragraph two of section 6, play up the security advantages of your work. In the second sentence of the last paragraph of section 7, change "This work is collaboration" to "This work is in collaboration". Overall comments: o should jini be mentioned? o I think some sort of motivating example would be good. This answers questions like: - Who are the users? - What are the problems with existing systems? - Why is this system better than others? o A figure or bullet listing summarizing the services provided by the various components would be helpful.