Difference between revisions of "Data e-Infrastructure Policy-oriented Security Facilities"
From Gcube Wiki
(→Overview) |
(→Key Features) |
||
Line 11: | Line 11: | ||
;Security as a Service | ;Security as a Service | ||
− | : | + | :authentication and Authorization are web services called by resource management modules |
;Username/password authentication model | ;Username/password authentication model | ||
− | : | + | :the user is not requested to maintain personal digital certificates |
;Attribute Based Access Control | ;Attribute Based Access Control | ||
− | : | + | :the most general way to manage accesses: access control decisions are based on one or more '''attributes''' |
;Support to different categories of attributes | ;Support to different categories of attributes | ||
− | : | + | :user related attributes (e.g. roles, groups...) and environment related attributes (e.g. time, date...) |
;Modularity | ;Modularity | ||
Line 26: | Line 26: | ||
;Support to standards | ;Support to standards | ||
− | : | + | :all the operations performed by the facilities are standard based |
;High performance | ;High performance | ||
− | : | + | :the design and architectural choices have been made with great attention to performance |
− | + | ||
== Subsystems == | == Subsystems == |
Revision as of 11:33, 22 March 2012
Contents
Overview
Data e-Infrastructure Policy-oriented Security Facilities protect gCube infrastructure resources from unauthorized accesses. The facilities, composing a complete security module, are built on SOA3.
Service Oriented Authorization, Authentication and Accounting (SOA3) is a security framework providing security services as web services, according to Security as a Service (SecaaS) research topic [1]. It is based on standard protocols and technologies, providing:
- an open and extensible architecture
- possibility to interoperate with external infrastructures and domain, obtaining, if required, also Identity Federation
- total separation from gCore: zero dependencies in both the directions
Key Features
- Security as a Service
- authentication and Authorization are web services called by resource management modules
- Username/password authentication model
- the user is not requested to maintain personal digital certificates
- Attribute Based Access Control
- the most general way to manage accesses: access control decisions are based on one or more attributes
- Support to different categories of attributes
- user related attributes (e.g. roles, groups...) and environment related attributes (e.g. time, date...)
- Modularity
- SOA3 is composed by different modules: each module has a well defined functionality and provides well defined services
- Support to standards
- all the operations performed by the facilities are standard based
- High performance
- the design and architectural choices have been made with great attention to performance
Subsystems
GCube Policy Oriented Security Facility is composed by the following subsystems: