Difference between revisions of "Data e-Infrastructure Policy-oriented Security Facilities"
From Gcube Wiki
m |
|||
Line 1: | Line 1: | ||
== Overview == | == Overview == | ||
− | Policy | + | Data e-Infrastructure Policy-oriented Security Facilities protect gCube infrastructure resources from unauthorized accesses. The facilities compose a complete security module built on SOA3 framework. |
+ | SOA3 (''Service Oriented Authorization, Authentication and Accounting) is a security framework based on the ''Security as a Service'' (SaaS) model. SaaS model, together with the use of standard protocols and technologies provides: | ||
− | + | *an open and extensible architecture | |
− | *to | + | *possibility to interoperate with external infrastructures and domain, obtaining, if required, also ''Identity Federation'' |
− | * | + | *total separation from gCore: zero dependencies in both the directions |
− | + | ||
− | + | == Key Features == | |
− | + | ||
− | + | ||
− | + | ||
− | + | ;Security as a Service | |
+ | :Authentication and Authorization are services called by resource management modules in order to secure the resources | ||
− | + | ;Username/password authentication model | |
+ | :The user is not requested to maintain personal digital certificates | ||
− | ; | + | ;Attribute Based Access Control |
− | : | + | :The most general way to manage accesses: the access control is performed basing the decision on one or more attributes |
− | ; | + | ;Support to different categories of attributes |
− | : | + | :User related attributes (e.g. roles, groups...) and environment related attributes (e.g. time, date...) |
− | ; | + | ;Modularity |
− | : | + | :SOA3 is composed by different modules: each module has a well defined functionality and provides well defined services |
− | ; | + | ;Support to standards |
− | : | + | :All the operation performed by the facilities are standard based |
+ | |||
+ | ;High performance | ||
+ | :The design and architectural choices have been made with great attention to the performance | ||
Line 34: | Line 36: | ||
[[GCube Security Handler]] | [[GCube Security Handler]] | ||
− | [[ | + | [[SOA3 Authentication Module]] |
+ | |||
+ | [[SOA3 Authorization Module]] | ||
[[GCube Policy Definition Module]] | [[GCube Policy Definition Module]] |
Revision as of 17:06, 19 March 2012
Overview
Data e-Infrastructure Policy-oriented Security Facilities protect gCube infrastructure resources from unauthorized accesses. The facilities compose a complete security module built on SOA3 framework. SOA3 (Service Oriented Authorization, Authentication and Accounting) is a security framework based on the Security as a Service (SaaS) model. SaaS model, together with the use of standard protocols and technologies provides:
- an open and extensible architecture
- possibility to interoperate with external infrastructures and domain, obtaining, if required, also Identity Federation
- total separation from gCore: zero dependencies in both the directions
Key Features
- Security as a Service
- Authentication and Authorization are services called by resource management modules in order to secure the resources
- Username/password authentication model
- The user is not requested to maintain personal digital certificates
- Attribute Based Access Control
- The most general way to manage accesses: the access control is performed basing the decision on one or more attributes
- Support to different categories of attributes
- User related attributes (e.g. roles, groups...) and environment related attributes (e.g. time, date...)
- Modularity
- SOA3 is composed by different modules: each module has a well defined functionality and provides well defined services
- Support to standards
- All the operation performed by the facilities are standard based
- High performance
- The design and architectural choices have been made with great attention to the performance
Subsystems
GCube Policy Oriented Security Facility is composed by the following subsystems: