Difference between revisions of "GCube Security Handler"
m (Created page with '{| align="right" ||__TOC__ |} == Overview == '''GCube Security Handler''' is the ''Connector'' between the Authorization Module and the rest of gCube system. In particular it i…') |
|||
| Line 28: | Line 28: | ||
The GCube Handler is the element which intercepts all the requests and passes it to the ''Security Handler''. | The GCube Handler is the element which intercepts all the requests and passes it to the ''Security Handler''. | ||
| + | Currently the Handler has not workflow support yet, but calls only two configurable tasks, one for ''Authentication'' and one for ''Authorization''. The authentication task is used only in particular client configuration: in general in the container the security is assured by TLS+Authorization calling the authorization task which, in turn, calls [[gCube Authorization Module]] | ||
== Deployment == | == Deployment == | ||
GCube Security Handler is a module deployed as library in gCore platform | GCube Security Handler is a module deployed as library in gCore platform | ||
Revision as of 17:55, 2 March 2012
Overview
GCube Security Handler is the Connector between the Authorization Module and the rest of gCube system. In particular it is a gCore module which intercepts the requests for a service and ask the Authorization module if the caller is authorized.
Key features
- Workflow structure
- The architecture of the module is generic: it is potentially possible to configure different task in order to check different security related features. Currently the module uses only a single task to contact, by XACML requests, the Policy Based Security Facilities.
- XML configuration
- The module is configurable by gCube container configuration files
Design
Philosophy
The module represents the connector between the Policy Based Facilities and the rest of gCube infrastructure. It is a flexible and extendible component which is strictly integrated in gCube platform: every request for the container is intercepted and triggers the start of the workflow.
Architecture
The component works like a workflow engine triggered by every request received by the container. Every task of the workflow ends with a response which could be true or false: if all the responses are true, the request is considered authenticated and authorized. If one of these response is false the workflow stops and a security fault is returned. Actually only a task is called: this task contacts the Policy Based Facilities, which, basing on the policies defined, takes a decision on the request and provides the response. The request contains a set of user related attributes (currently, only the VO related Role), a resource value (the name of the service or resource requested) and an action (the method requested).
The GCube Handler is the element which intercepts all the requests and passes it to the Security Handler. Currently the Handler has not workflow support yet, but calls only two configurable tasks, one for Authentication and one for Authorization. The authentication task is used only in particular client configuration: in general in the container the security is assured by TLS+Authorization calling the authorization task which, in turn, calls gCube Authorization Module
Deployment
GCube Security Handler is a module deployed as library in gCore platform
