Difference between revisions of "Data e-Infrastructure Policy-oriented Security Facilities"

Revision as of 10:24, 22 March 2012

Overview

Data e-Infrastructure Policy-oriented Security Facilities protect gCube infrastructure resources from unauthorized accesses. The facilities, composing a complete security module, are built on SOA3.

SOA3 (Service Oriented Authorization, Authentication and Accounting) is a security framework providing security services as web services, according to Security as a Service (SecaaS) research topic ^[1].

SOA3 is based on standard protocols and technologies, it provides:

• an open and extensible architecture
• possibility to interoperate with external infrastructures and domain, obtaining, if required, also Identity Federation
• total separation from gCore: zero dependencies in both the directions

Key Features

Security as a Service

Authentication and Authorization are services called by resource management modules in order to secure the resources

Username/password authentication model

The user is not requested to maintain personal digital certificates

Attribute Based Access Control

The most general way to manage accesses: the access control is performed basing the decision on one or more attributes

Support to different categories of attributes

User related attributes (e.g. roles, groups...) and environment related attributes (e.g. time, date...)

Modularity

SOA3 is composed by different modules: each module has a well defined functionality and provides well defined services

Support to standards

All the operation performed by the facilities are standard based

High performance

The design and architectural choices have been made with great attention to the performance

Subsystems

GCube Policy Oriented Security Facility is composed by the following subsystems:

GCube Security Handler

SOA3 Authentication Module

SOA3 Authorization Module

SOA3 User Management Module

Notes

1. ↑ https://cloudsecurityalliance.org/research/secaas/