Difference between revisions of "Data e-Infrastructure Policy-oriented Security Facilities"
From Gcube Wiki
Manuele.simi (Talk | contribs) (Created page with 'This is the template for Facilities Specifications. == Overview == Few lines with a promotional 'flavour', e.g. ''"gCube xxx facilities offer scalable, high-performance, reliab…') |
m |
||
| Line 1: | Line 1: | ||
| − | |||
| − | |||
== Overview == | == Overview == | ||
| − | + | Policy Based Access Control is a very flexible approach focused on the evaluation of ''policies'' based on different kinds of ''attributes'' in order to grant or deny the ''access'' to a ''resource''. | |
| + | |||
| + | The whole Process consists in three atomic operations: | ||
| + | *to establish who can do what | ||
| + | *to grant or deny the permissions | ||
| + | *to guarantee that rules are followed | ||
| + | |||
| + | As a consequence a Policy Oriented Security Module provides the following functionalities: | ||
| + | *policies definition | ||
| + | *decision | ||
| + | *enforcement | ||
| + | |||
| + | GCube Policy Oriented Security Facilities allows to easily and intuitively perform these operations. | ||
== Key Features == | == Key Features == | ||
| − | |||
| − | ; | + | ;Policy Definition Portlet |
| − | : | + | :A portlet providing the possibility to create, read, update and delete policies |
| − | ; | + | ;XACML based Authorization System |
| − | : | + | :Composed by Policy Administration Point, Policy Decision Point and Policy Enforcement Point |
| − | ; | + | ;Dynamic user attributes |
| − | : | + | :The policies are based on roles and on dynamic attributes, e.g. maximum number of accesses made by the user |
| − | ; | + | ;Context attributes |
| − | : | + | :An advanced Policy Information Point provides the possibility to use policies based also on context attributes, such as ''date'' and ''time'' |
| − | |||
| − | + | == Subsystems == | |
| − | + | GCube Policy Oriented Security Facility is composed by the following subsystems: | |
| − | + | ||
| − | + | ||
| − | + | [[GCube Security Handler]] | |
| − | [[ | + | [[GCube Authorization Module]] |
| − | + | [[GCube Policy Definition Module]] | |
Revision as of 15:51, 27 February 2012
Overview
Policy Based Access Control is a very flexible approach focused on the evaluation of policies based on different kinds of attributes in order to grant or deny the access to a resource.
The whole Process consists in three atomic operations:
- to establish who can do what
- to grant or deny the permissions
- to guarantee that rules are followed
As a consequence a Policy Oriented Security Module provides the following functionalities:
- policies definition
- decision
- enforcement
GCube Policy Oriented Security Facilities allows to easily and intuitively perform these operations.
Key Features
- Policy Definition Portlet
- A portlet providing the possibility to create, read, update and delete policies
- XACML based Authorization System
- Composed by Policy Administration Point, Policy Decision Point and Policy Enforcement Point
- Dynamic user attributes
- The policies are based on roles and on dynamic attributes, e.g. maximum number of accesses made by the user
- Context attributes
- An advanced Policy Information Point provides the possibility to use policies based also on context attributes, such as date and time
Subsystems
GCube Policy Oriented Security Facility is composed by the following subsystems:
