Referee 1 ******************************************* E: Referee Comments (For Author and Editor) ------------------------------ There are some major inconsistencies within the paper based on Figure 1. Box C2 says "Legion Grid Portal" but figure heading states the architecture of the Legion Grid portal. Which would imply that the whole figure is the legion grid portal. The authors must decide what the Legion Grid Portal is. Throughout the paper it seems to be used for a component as well as the architecture. II.A. At this point the reader asks is this just a wrapper around legion commands. If so, explain what legion commands are out there as many may not know about them. Point out where to get a comprehensive overview of all supported legion commands. A Table would help. The question arises if I can list objects that are not owned by the user. This would indicate a violation in privacy. This must be pointed out, Page 3: Users "should" : are you doing it or not? Be more specific. References to other information services such a s SNIPE or MDS seem missing. Such tolls are provided for example by Hotpage. What about references, II.D The term Amber is used but not defined. III. Major contradiction in first sentence: How can the Legion Grid portal contain a component that is called a Legion Grid Portal (C2). This is recursive and must not be possible in this case. Avoid the wording "special portals" why not problem specific portals, wouldn’t that be more precise? Page 3: I asked myself here how you deal with exceptions. Page 3: The mix of PhP and CGI does not look like a well designed system to me. Why not just use php or cgi/perl. It seems a hack to me. It almost looks like that because php was at hand you did php but kept other parts in cgi since you did not want to touch them. Maybe it would be better to focus on the architectural components instead of the implementation. Page 3: I believe it may be important to not just have command line wrappers but also components that connect directly with other Grid services. Page 3: The comment about Globus and the distributed filesystem is unclear. Instead explicitly describe who your portal can make use of Globus. Also I believe that many would be curious if you have such an integrated portal Legion/or Globus working. How does the architecture figure change? Isn’t ther a more general architecture than the one you describe? How can we integrate with Hotpage, Fig. 2: all over sudden the component C2 is now called CGI Perl Script Page 5: "perhaps by logging in" I do not understand this how this works and who you get credentials on a logging in basis? Page 5: "detailed knowledge about Legion" Which steps do not require detailed knowledge, which require me to get that knowledge, and where can I obtain that knowledge quickly. I like to see more details on the legion handler. Page 5: second column: Are you confident that caching of proxys similar to the Globus MyProxy mechanism is secure? Your architecture must include a complete secure and separate machine behind a very secure firewall with nothing on it other than the cache. Using a cgi based mechanism probably forces you to this solution. Page 5: I do not believe that the way the session id is created seems unbreakable. Page 5: you use crontab, but what about running the server on windows. Another point is that the use of html/cgi portals encourages the use on shared terminals. How can you make sure to remove your contents on them? Page 9. handlers are complex. Actually, many cs programs are complex, instead describe how it is done. Do you mean they use asynchronicity? Page 11: by now I am asking myself why not have the whole portal done in php? Page 12, section Security: Though you try following the given GCE format, you have mentioned the security already so many times before that this section looks like a repetition. But I acknowledge the fact that it is difficult not to do so based on the template given. Maybe it is better not just to follow the template and try to better group certain descriptions based on a better architecture figure you provide. Again, no reference or proof is given why one would not be able to obtain the session ID. Page 13: Passing a password as part of a command line to the legion system that can be viewed with ps makes me very uncomfortable using the system. I recommend changing this while using or developing a different method. Page 14: explain better what in implicit and explicit task is. F: Presentation Changes Change the IEEE style to the concurrency style Quality of the images is week, use vector graphics not gif. I applaud the author on the use of she instead of he! make sure if this is consistent with the whole paper. The term grid is almost always spelled "Grid" Page 5: "Since the passage of time " We implemented a cache for this reason . We are ablt to perform the following Figures should be reduced in final print. But good that I can read them here ! Page 8: "likely to be used often" -> commonly used Page 8: I do not like the constant repetition of the "a user may elect " why not simply make a list with the options. Many if the screenshots could be grouped together, thus not interrupting the text so much. Reduce the size of the screenshots by not showing so much redundant information. Simply make the area displayed smaller. Page 17: describe more about the error modes. This seems important but leaves the reader puzzled. Page 17: running application in a non-blocking or asynchronous mode is a necessity in Grid programming. Missing: section about user requirements that motivate portal, how many users use the portal, , what lessons do you have learned while using the portal in real live. Page 18: In the future direction the authors should look at nimrod. There are to view references. Referee 2 ******************************************* E: Referee Comments (For Author and Editor) The paper describes a general purpose grid portal and two application specific portals built using the Legion grid infrastructure as middleware. The portal does not cover to a full extent the Legion system capabilities, however it provides an easy to use interface to Legion users that can be seen as a web interface to a distributed file system. The implementation relies on CGI perl scripts that execute Legion command line tools. Thus, the approach is very simple due to the unavailability of Legion APIs. Fundamental capabilities for a grid portal like job submission, monitoring and data transfer are provided, however the presentation does not cover sufficiently how the scheduling is done, how data transfers are performed (FTP, UNIX RCP, something else ?) and if transfers exploits security mechanisms. Security is a great concern in grid environments, and should be improved in the Legion grid portal. Another drawback is the impossibility to access directly (only indirect, implicit access is allowed) some Information services. F: Presentation Changes The paper is written in a clear, concise style; it is easy to read and well organized. The majority of the figures need to be changed because not readable. These are figures 1,5,7,9,11,12,13. Sections III.C.3, III.C.4 should be shortened. Sections IV.B, IV.C, IV.D need additional details. Referee 3 ******************************************* E: Referee Comments (For Author and Editor) ------------------------------ Good paper following the structure of the GCE WG. I recommend only a few formal changes below. F: Presentation Changes May figures do not print clearly, esp. 5, 7, 9, 11-14 Some of the figures take too much space for the information they contain. Gig. 3 and 9 could be shrunk, Fig. 4, 15-17 should show only a relevant subset of the test information.