Difference between revisions of "Data e-Infrastructure Policy-oriented Security Facilities"
From Gcube Wiki
m (→Key Features) |
(→Subsystems) |
||
Line 34: | Line 34: | ||
GCube Policy Oriented Security Facility is composed by the following subsystems: | GCube Policy Oriented Security Facility is composed by the following subsystems: | ||
− | [[GCube Security Handler]] | + | *[[GCube Security Handler]] |
+ | **[[SOA3 Connector]] | ||
− | [[SOA3 Authentication Module]] | + | *[[SOA3 Authentication Module]] |
+ | **[[SOA3 Authentication Service]] | ||
− | [[SOA3 Authorization Module]] | + | *[[SOA3 Authorization Module]] |
+ | **[[SOA3 Authorization Service]] | ||
− | [[SOA3 User Management Module]] | + | *[[SOA3 User Management Module]] |
+ | **[[User Management Service]] | ||
+ | **[[UserManagement REST API]] | ||
==Notes== | ==Notes== | ||
<references/> | <references/> |
Revision as of 17:20, 3 May 2013
Contents
Overview
The goal of Data e-Infrastructure Policy-oriented Security Facilities is to protect gCube infrastructure resources from unauthorized accesses. The facilities, composing a complete security module, are built on SOA3.
Service Oriented Authorization, Authentication and Accounting (SOA3) is a security framework providing security services as web services, according to Security as a Service (SecaaS) research topic [1]. It is based on standard protocols and technologies, providing:
- an open and extensible architecture
- interoperability with external infrastructures and domains, obtaining, if required, also so-called Identity Federation
- total isolation from gCore: zero dependencies in both the directions
Key Features
- Security as a Service
- Authentication and Authorization provided by web services called by resource management modules
- Flexible authentication model
- the user is not requested to have personal digital certificates
- Attribute-based Access Control
- a generic way to manage access: access control decisions are based on one or more attributes
- Support to different categories of attributes
- user related attributes (e.g. roles, groups) and environment related attributes (e.g. time, date)
- Modularity
- SOA3 is composed by different modules: each module has a well-defined scope and provides well-defined services
- Support to standards
- all the operations delivered by the facilities are built atop of recognized standards
- High performance
- the design and architectural choices have been made paying great attention to performances
Subsystems
GCube Policy Oriented Security Facility is composed by the following subsystems: