Difference between revisions of "Core-facilities"

From Gcube Wiki
Jump to: navigation, search
(Data Infrastructure Policy-oriented Security Facilities)
 
(5 intermediate revisions by 3 users not shown)
Line 7: Line 7:
 
== Data Infrastructure Management Facilities ==
 
== Data Infrastructure Management Facilities ==
 
This area realizes the [[Data e-Infrastructure Management Facilities]]. In particular, the following pages describe specific services:
 
This area realizes the [[Data e-Infrastructure Management Facilities]]. In particular, the following pages describe specific services:
* [[Information System]]
+
* [[gCore Based Information System]]
 
* [[VRE Management | Resource and VRE Management]]
 
* [[VRE Management | Resource and VRE Management]]
* [[Messaging_Infrastructure |Messaging Infrastructure]] ('''to update''')
+
* [[Messaging_Infrastructure |Messaging Infrastructure]]
 
* [[Utilities and Common Libraries]]
 
* [[Utilities and Common Libraries]]
  
 
== Data Infrastructure Policy-oriented Security Facilities ==
 
== Data Infrastructure Policy-oriented Security Facilities ==
This area realize the [[Data e-Infrastructure Policy-oriented Security Facilities]]. In particular, the following pages describe specific services:
+
This area realize the [[Data e-Infrastructure Policy-oriented Security Facilities]]. The components implement the '''Security As A Service''' Model (''Secaas'') and are based on ''Service Oriented Authorization, Authentication and Accounting'' (SOA3) framework.
  
* <strike>[[Virtual Organisation Management]]</strike> ('''obsolete and not complete''')
+
GCube security model is based on the ''application of security policies for limiting the accessing to services''. Basing on this statement, the main entities characterising the security domain are the following:
 +
* '''Actors''', i.e. the ''subjects'' to be authenticated and authorized. In the most of cases they are the ''human users'' registered on a gCube based Portal or on Federated domains. In other cases the ''subjects'' are services that have to perform some batch operations by using any associated identity: in these cases the credentials are X509 Certificates and the authorization policies are based on the attributes of associated service profiles
 +
* '''Actions''', i.e. the ''operations'' that the ''subjects'' can or cannot perform. In gCube context they are ''service categories'', defined by service name and service class: this means that groups of users (or services) can be authorized to use some ''service categories'' 
 +
* '''Resources''', i.e. the ''objects'' of authorization queries, in other words on ''what'' the ''subject'' can or cannot perform the ''operation''. In gCube context ''resources'' are ''service instances'', i.e. the actual deployment of the service on a certain node. A service instance is identified by the attributes of the Node on which it is deployed.
 +
* '''Policies''', i.e. the statements defining which ''service instances'' a certain ''subject'' can use.
 +
 
 +
The following pages describe specific services:
 +
 
 +
<!-- * <strike>[[Virtual Organisation Management]]</strike> ('''obsolete and not complete''') -->
 +
* [[Resource_Accounting|Resource Accounting]]
 
* [[SOA3_Authentication_Service|SOA3 Authentication Service]]
 
* [[SOA3_Authentication_Service|SOA3 Authentication Service]]
 
* [[SOA3_Authorization_Service|SOA3 Authorization Service]]
 
* [[SOA3_Authorization_Service|SOA3 Authorization Service]]
* [[User_Management_Service|User Management Service]]
 
 
* [[SOA3_Policy_Management_Service|SOA3 Policy Management Service]]
 
* [[SOA3_Policy_Management_Service|SOA3 Policy Management Service]]
 +
* [[User_Management_Service|User Management Service]]
  
 
== Workflow Management Facilities ==
 
== Workflow Management Facilities ==

Latest revision as of 14:09, 19 October 2016


This set of services realize the GCube Core-facilities which are organised in the following categories.

Data Infrastructure Management Facilities

This area realizes the Data e-Infrastructure Management Facilities. In particular, the following pages describe specific services:

Data Infrastructure Policy-oriented Security Facilities

This area realize the Data e-Infrastructure Policy-oriented Security Facilities. The components implement the Security As A Service Model (Secaas) and are based on Service Oriented Authorization, Authentication and Accounting (SOA3) framework.

GCube security model is based on the application of security policies for limiting the accessing to services. Basing on this statement, the main entities characterising the security domain are the following:

  • Actors, i.e. the subjects to be authenticated and authorized. In the most of cases they are the human users registered on a gCube based Portal or on Federated domains. In other cases the subjects are services that have to perform some batch operations by using any associated identity: in these cases the credentials are X509 Certificates and the authorization policies are based on the attributes of associated service profiles
  • Actions, i.e. the operations that the subjects can or cannot perform. In gCube context they are service categories, defined by service name and service class: this means that groups of users (or services) can be authorized to use some service categories
  • Resources, i.e. the objects of authorization queries, in other words on what the subject can or cannot perform the operation. In gCube context resources are service instances, i.e. the actual deployment of the service on a certain node. A service instance is identified by the attributes of the Node on which it is deployed.
  • Policies, i.e. the statements defining which service instances a certain subject can use.

The following pages describe specific services:

Workflow Management Facilities

This area realize the Workflow Management Facilities. In particular, the following pages describe specific services: