Difference between revisions of "Authorization Framework"
| Line 1: | Line 1: | ||
The gCube Authorization framework is a token based authorization system in a gCube-based infrastructure. | The gCube Authorization framework is a token based authorization system in a gCube-based infrastructure. | ||
This framework in compliant with the [https://en.wikipedia.org/wiki/Attribute-based_access_control Attribute-based access control (ABAC)] that defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. | This framework in compliant with the [https://en.wikipedia.org/wiki/Attribute-based_access_control Attribute-based access control (ABAC)] that defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. | ||
| + | ABAC defines access control based on attributes which describe: | ||
| + | * the requesting entity (either the user or the service), | ||
| + | * the targeted resource (either the service or the resource), | ||
| + | * the desired action (read, write, delete, execute), | ||
| + | * and environmental or contextual information (either the VRE or the VO where the operation is executed). | ||
| + | |||
== The model == | == The model == | ||
Revision as of 16:26, 15 February 2016
The gCube Authorization framework is a token based authorization system in a gCube-based infrastructure. This framework in compliant with the Attribute-based access control (ABAC) that defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. ABAC defines access control based on attributes which describe:
- the requesting entity (either the user or the service),
- the targeted resource (either the service or the resource),
- the desired action (read, write, delete, execute),
- and environmental or contextual information (either the VRE or the VO where the operation is executed).
Contents
The model
Token based authorization
The token is a string generated on request by the Authorization service for identification purposes and associated with every entity belonging to a gCube-based infrastructure (users or services). The token is passed in every call and is automatically propagated in the lower layers.
The Policy Language
Examples
The System Architecture
Configuration Overview
The service runs on a smartgears node.
It relies on a postgresSQL instance to store the created tokens.
