Difference between revisions of "Data e-Infrastructure Policy-oriented Security Facilities"
From Gcube Wiki
Manuele.simi (Talk | contribs) (→Overview) |
Manuele.simi (Talk | contribs) (→Overview) |
||
| Line 1: | Line 1: | ||
== Overview == | == Overview == | ||
| − | The | + | The goal of Data e-Infrastructure Policy-oriented Security Facilities is to protect gCube infrastructure resources from unauthorized accesses. The facilities, composing a complete security module, are built on SOA3. |
''Service Oriented Authorization, Authentication and Accounting'' (SOA3) is a security framework providing ''security services'' as web services, according to ''Security as a Service'' ('''SecaaS''') research topic <ref>https://cloudsecurityalliance.org/research/secaas/</ref>. It is based on standard protocols and technologies, providing: | ''Service Oriented Authorization, Authentication and Accounting'' (SOA3) is a security framework providing ''security services'' as web services, according to ''Security as a Service'' ('''SecaaS''') research topic <ref>https://cloudsecurityalliance.org/research/secaas/</ref>. It is based on standard protocols and technologies, providing: | ||
*an open and extensible architecture | *an open and extensible architecture | ||
| − | * | + | *interoperabilty with external infrastructures and domains, obtaining, if required, also so-called ''Identity Federation'' |
| − | *total | + | *total isolation from gCore: zero dependencies in both the directions |
== Key Features == | == Key Features == | ||
Revision as of 14:14, 26 March 2012
Contents
Overview
The goal of Data e-Infrastructure Policy-oriented Security Facilities is to protect gCube infrastructure resources from unauthorized accesses. The facilities, composing a complete security module, are built on SOA3.
Service Oriented Authorization, Authentication and Accounting (SOA3) is a security framework providing security services as web services, according to Security as a Service (SecaaS) research topic [1]. It is based on standard protocols and technologies, providing:
- an open and extensible architecture
- interoperabilty with external infrastructures and domains, obtaining, if required, also so-called Identity Federation
- total isolation from gCore: zero dependencies in both the directions
Key Features
- Security as a Service
- authentication and Authorization are web services called by resource management modules
- Username/password authentication model
- the user is not requested to maintain personal digital certificates
- Attribute Based Access Control
- the most general way to manage accesses: access control decisions are based on one or more attributes
- Support to different categories of attributes
- user related attributes (e.g. roles, groups...) and environment related attributes (e.g. time, date...)
- Modularity
- SOA3 is composed by different modules: each module has a well defined functionality and provides well defined services
- Support to standards
- all the operations performed by the facilities are standard based
- High performance
- the design and architectural choices have been made with great attention to performance
Subsystems
GCube Policy Oriented Security Facility is composed by the following subsystems:
