Authorization Framework

From Gcube Wiki
Revision as of 15:13, 3 February 2016 by Leonardo.candela (Talk | contribs)

Jump to: navigation, search

The gCube Authorization framework is a token based authorization system in a gCube-based infrastructure. This framework in compliant with the Attribute-based access control (ABAC) that defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together.

The model

Token based authorization

The token is a string generated on request by the Authorization service for identification purposes and associated with every entity belonging to a gCube-based infrastructure (users or services). The token is passed in every call and is automatically propagated in the lower layers.

The Policy Language

Examples

The System Architecture

Configuration Overview

The service runs on a smartgears node.

It relies on a postgresSQL instance to store the created tokens.