Advertisement

Security Architecture for Open Collaborative Environment

  • Yuri Demchenko
  • Leon Gommans
  • Cees de Laat
  • Bas Oudenaarde
  • Andrew Tokmakoff
  • Martin Snijders
  • Rene van Buuren
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3470)

Abstract

The paper presents proposed Security Architecture for Open Collaborative Environment (OCE) being developed in the framework of the Collaboratory.nl (CNL) project with the intent to build a flexible, customer-driven security infrastructure for open collaborative applications. The architecture is based on extended use of emerging Web Services and Grid security technologies combined with concepts from the generic Authentication Authorization and Accounting (AAA) and Role-based Access Control (RBAC) frameworks. The paper describes another proposed solution the Job-centric security model that uses a Job description as a semantic document created on the basis of the signed order (or business agreement) to provide a job-specific context for invocation of the basic OCE security services. Typical OCE use case of policy based access control is discussed in details.

Keywords

Security Architecture Role Base Access Control Security Assertion Markup Language Community Authorisation Service Authorisation Service 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Security in a Web Services World: A Proposed Architecture and Roadmap, Version 1.0, A joint security whitepaper from IBM Corporation and Microsoft Corporation. April 7 (2002), http://www-106.ibm.com/developerworks/library/ws-secmap/
  2. 2.
    The Open Grid Services Architecture, Version 1.0, July 12 (2004), http://www.gridforum.org/Meetings/GGF12/Documents/draft-ggf-ogsa-specv1.pdf
  3. 3.
    de Laat, Gross, G., Gommans, L., Vollbrecht, J., Spence, D.: RFC 2903, Experimental, Generic AAA Architecture (August 2000), ftp://ftp.isi.edu/in-notes/rfc2903.txt
  4. 4.
    Vollbrecht, J., Calhoun, P., Farrell, S., Gommans, L., Gross, G., de Bruijn, B., de Laat, C., Holdrege, M., Spence, D.: RFC 2904, Informational, AAA Authorization Framework (August 2000), ftp://ftp.isi.edu/in-notes/rfc2904.txt
  5. 5.
    Role Based Access Control (RBAC) – NIST (April 2003), http://csrc.nist.gov/rbac/
  6. 6.
    eXtensible Access Control Markup Language (XACML) Version 1.0 - OASIS Standard (February 2003), http://www.oasis-open.org/committees/download.php/2406/oasis-xacml-1.0.pdf
  7. 7.
    Keahey, K., Welch, V.: Fine-Grain Authorization for Resource Management in the Grid Environment, http://www.fusiongrid.org/research/papers/grid2002.pdf
  8. 8.
    Lorch, M., Kafura, D., Shah, S.: An XACML-based Policy Management and Authorization Service for Globus Resources. Grid 2003, November 17 (2003), http://zuni.cs.vt.edu/publications/grid-authz-policy-mgmt-wip03.ps
  9. 9.
    Web Services Architecture, W3C Working Draft, August 8 (2003), http://www.w3.org/TR/ws-arch/
  10. 10.
    Web Services Security Framework by OASIS, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss
  11. 11.
    Security Assertion Markup Language (SAML) v1.0 - OASIS Standard (November 2002), http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
  12. 12.
    A grammar for Policies in a Generic AAA Environment, http://www.ietf.org/internet-drafts/draft-irtf-aaaarch-generic-policy-03.txt
  13. 13.
    Web Services Policy Framework (WS-Policy). Version 1.1, http://msdn.microsoft.com/ws/2002/12/Policy/
  14. 14.
    Web Services Policy Attachment (WS-PolicyAttachment). Version 1.1, http://msdn.microsoft.com/ws/2002/12/PolicyAttachment/
  15. 15.
  16. 16.
    Web Services Federation Language (WS-Federation) Version 1.0, July 8 (2003), http://msdn.microsoft.com/ws/2003/07/ws-federation/
  17. 17.
    Liberty Alliance Phase 2 Final Specifications, http://www.projectliberty.org/specs/
  18. 18.
    Yu, D.: Virtual Organisations in Computer Grids and Identity Management. Elsevier Information Security Technical Report 9(1), 59–76 (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Yuri Demchenko
    • 1
  • Leon Gommans
    • 1
  • Cees de Laat
    • 1
  • Bas Oudenaarde
    • 1
  • Andrew Tokmakoff
    • 2
  • Martin Snijders
    • 2
  • Rene van Buuren
    • 2
  1. 1.Advanced Internet Research GroupUniversiteit van AmsterdamAmsterdamThe Netherlands
  2. 2.Telematica InstituutEnschedeThe Netherlands

Personalised recommendations