Difference between revisions of "Data e-Infrastructure Policy-oriented Security Facilities"

From Gcube Wiki
Jump to: navigation, search
(Overview)
(Key Features)
Line 11: Line 11:
  
 
;Security as a Service
 
;Security as a Service
:Authentication and Authorization are services called by resource management modules in order to secure the resources
+
:authentication and Authorization are web services called by resource management modules
  
 
;Username/password authentication model
 
;Username/password authentication model
:The user is not requested to maintain personal digital certificates
+
:the user is not requested to maintain personal digital certificates
  
 
;Attribute Based Access Control
 
;Attribute Based Access Control
:The most general way to manage accesses: the access control is performed basing the decision on one or more attributes
+
:the most general way to manage accesses: access control decisions are based on one or more '''attributes'''
  
 
;Support to different categories of attributes
 
;Support to different categories of attributes
:User related attributes (e.g. roles, groups...) and environment related attributes (e.g. time, date...)
+
:user related attributes (e.g. roles, groups...) and environment related attributes (e.g. time, date...)
  
 
;Modularity
 
;Modularity
Line 26: Line 26:
  
 
;Support to standards
 
;Support to standards
:All the operation performed by the facilities are standard based
+
:all the operations performed by the facilities are standard based
  
 
;High performance
 
;High performance
:The design and architectural choices have been made with great attention to the performance
+
:the design and architectural choices have been made with great attention to performance
 
+
  
 
== Subsystems ==
 
== Subsystems ==

Revision as of 11:33, 22 March 2012

Overview

Data e-Infrastructure Policy-oriented Security Facilities protect gCube infrastructure resources from unauthorized accesses. The facilities, composing a complete security module, are built on SOA3.

Service Oriented Authorization, Authentication and Accounting (SOA3) is a security framework providing security services as web services, according to Security as a Service (SecaaS) research topic [1]. It is based on standard protocols and technologies, providing:

  • an open and extensible architecture
  • possibility to interoperate with external infrastructures and domain, obtaining, if required, also Identity Federation
  • total separation from gCore: zero dependencies in both the directions

Key Features

Security as a Service
authentication and Authorization are web services called by resource management modules
Username/password authentication model
the user is not requested to maintain personal digital certificates
Attribute Based Access Control
the most general way to manage accesses: access control decisions are based on one or more attributes
Support to different categories of attributes
user related attributes (e.g. roles, groups...) and environment related attributes (e.g. time, date...)
Modularity
SOA3 is composed by different modules: each module has a well defined functionality and provides well defined services
Support to standards
all the operations performed by the facilities are standard based
High performance
the design and architectural choices have been made with great attention to performance

Subsystems

GCube Policy Oriented Security Facility is composed by the following subsystems:

GCube Security Handler

SOA3 Authentication Module

SOA3 Authorization Module

SOA3 User Management Module

Notes

  1. https://cloudsecurityalliance.org/research/secaas/
Retrieved from "https://gcube.wiki.gcube-system.org/index.php?title=Data_e-Infrastructure_Policy-oriented_Security_Facilities&oldid=13845"