Difference between revisions of "Data e-Infrastructure Policy-oriented Security Facilities"
From Gcube Wiki
Manuele.simi (Talk | contribs) (→Overview) |
(→Subsystems) |
||
| (11 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
| + | <!-- CATEGORIES --> | ||
| + | [[Category: gCube Features]] | ||
| + | <!-- CATEGORIES --> | ||
== Overview == | == Overview == | ||
The goal of Data e-Infrastructure Policy-oriented Security Facilities is to protect gCube infrastructure resources from unauthorized accesses. The facilities, composing a complete security module, are built on SOA3. | The goal of Data e-Infrastructure Policy-oriented Security Facilities is to protect gCube infrastructure resources from unauthorized accesses. The facilities, composing a complete security module, are built on SOA3. | ||
| Line 5: | Line 8: | ||
*an open and extensible architecture | *an open and extensible architecture | ||
| − | * | + | *interoperability with external infrastructures and domains, obtaining, if required, also so-called ''Identity Federation'' |
*total isolation from gCore: zero dependencies in both the directions | *total isolation from gCore: zero dependencies in both the directions | ||
| Line 11: | Line 14: | ||
;Security as a Service | ;Security as a Service | ||
| − | : | + | :Authentication and Authorization provided by web services called by resource management modules |
| − | ; | + | ;Flexible authentication model |
| − | :the user is not requested to | + | :the user is not requested to have personal digital certificates |
| − | ;Attribute | + | ;Attribute-based Access Control |
| − | : | + | :a generic way to manage access: access control decisions are based on one or more ''attributes'' |
;Support to different categories of attributes | ;Support to different categories of attributes | ||
| − | :user related attributes (e.g. roles, groups | + | :user related attributes (e.g. roles, groups) and environment related attributes (e.g. time, date) |
;Modularity | ;Modularity | ||
| − | :SOA3 is composed by different modules: each module has a well defined | + | :SOA3 is composed by different modules: each module has a well-defined scope and provides well-defined services |
;Support to standards | ;Support to standards | ||
| − | :all the operations | + | :all the operations delivered by the facilities are built atop of recognized standards |
;High performance | ;High performance | ||
| − | :the design and architectural choices have been made | + | :the design and architectural choices have been made paying great attention to performances |
| + | |||
| + | ;Resource Usage Tracking | ||
| + | :administrators and users can monitor applications resources usage | ||
== Subsystems == | == Subsystems == | ||
GCube Policy Oriented Security Facility is composed by the following subsystems: | GCube Policy Oriented Security Facility is composed by the following subsystems: | ||
| − | [[GCube Security Handler]] | + | *<strike>[[GCube Security Handler]]</strike> |
| − | + | *<strike>[[SOA3 Authentication Module]]</strike> | |
| − | [[SOA3 Authentication Module]] | + | *<strike>[[SOA3 Authorization Module]]</strike> |
| − | + | *<strike>[[SOA3 User Management Module]]</strike> | |
| − | [[SOA3 Authorization Module]] | + | *<strike>[[Resource Accounting]]</strike> |
| − | + | *[[Accounting]] | |
| − | [[SOA3 User Management Module]] | + | *[[Authorization Framework]] |
==Notes== | ==Notes== | ||
<references/> | <references/> | ||
Latest revision as of 14:33, 27 May 2016
Contents
Overview
The goal of Data e-Infrastructure Policy-oriented Security Facilities is to protect gCube infrastructure resources from unauthorized accesses. The facilities, composing a complete security module, are built on SOA3.
Service Oriented Authorization, Authentication and Accounting (SOA3) is a security framework providing security services as web services, according to Security as a Service (SecaaS) research topic [1]. It is based on standard protocols and technologies, providing:
- an open and extensible architecture
- interoperability with external infrastructures and domains, obtaining, if required, also so-called Identity Federation
- total isolation from gCore: zero dependencies in both the directions
Key Features
- Security as a Service
- Authentication and Authorization provided by web services called by resource management modules
- Flexible authentication model
- the user is not requested to have personal digital certificates
- Attribute-based Access Control
- a generic way to manage access: access control decisions are based on one or more attributes
- Support to different categories of attributes
- user related attributes (e.g. roles, groups) and environment related attributes (e.g. time, date)
- Modularity
- SOA3 is composed by different modules: each module has a well-defined scope and provides well-defined services
- Support to standards
- all the operations delivered by the facilities are built atop of recognized standards
- High performance
- the design and architectural choices have been made paying great attention to performances
- Resource Usage Tracking
- administrators and users can monitor applications resources usage
Subsystems
GCube Policy Oriented Security Facility is composed by the following subsystems:
GCube Security HandlerSOA3 Authentication ModuleSOA3 Authorization ModuleSOA3 User Management ModuleResource Accounting- Accounting
- Authorization Framework
