Using Workflow for Dynamic Security Context Management in Grid-based Applications

This paper presents ongoing research and current results on the development of flexible access control infrastructures for complex resource provisioning in grid-based collaborative applications and on-demand network services provisioning. We investigate the use of workflow concepts for the required orchestration of multiple grid resources and/or services across multiple administrative and security domains. In particular, workflow execution and management tools can be used to track security context changes that are dependent on the application domain, execution stage defined policies, or user and/or service attributes. The paper discusses what specific functionality should be added to grid-oriented authorization frameworks to handle such dynamic service-related security contexts. As an example, the paper explains how such functionality can be achieved in the GAAA Authorization framework and GAAA toolkit. Suggestions are given about integration with the Globus Toolkit's authorization framework. Additionally, the paper analyses what possibilities of expressing and handling dynamic security contexts are available in XACML and SAML, and how the VO concept can be used for managing dynamic security associations of users and resources. The paper is based on experiences gained from major grid based and grid oriented projects such as EGEE, NextGrid, Collaboratory.nl and GigaPort Research on Network

[1]  Leon Gommans,et al.  Using Workflow for Dynamic Security Context Management in Grid-based Applications , 2006 .

[2]  Leon Gommans,et al.  AAA Authorization Framework , 2000, RFC.

[3]  Tony Andrews Business Process Execution Language for Web Services Version 1.1 , 2003 .

[4]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[5]  Leon Gommans,et al.  Using Workflow for Dynamic Security Context Management in Complex Resource Provisioning , 2006 .

[6]  Peter M. A. Sloot,et al.  Scientific workflow management: between generality and applicability , 2005, Fifth International Conference on Quality Software (QSIC'05).

[7]  E. F. Michiels,et al.  ISO/IEC 10181-4:1995 Information technology Open Systems Interconnection Security frameworks for open systems: Non-repudiation framework , 1996 .

[8]  Leon Gommans,et al.  Applications drive secure lightpath creation across heterogeneous domains , 2006, IEEE Communications Magazine.

[9]  Leon Gommans,et al.  Using SAML and XACML for Complex Authorisation Scenarios in Dynamic Resource Provisioning , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[10]  Leon Gommans,et al.  Policy Based Access Control in Dynamic Grid-based Collaborative Environment , 2006, International Symposium on Collaborative Technologies and Systems (CTS'06).

[11]  Leon Gommans,et al.  Domain Based Access Control Model for Distributed Collaborative Applications , 2006, 2006 Second IEEE International Conference on e-Science and Grid Computing (e-Science'06).

[12]  Leon Gommans,et al.  VO-based Dynamic Security Associations in Collaborative Grid Environment , 2006, International Symposium on Collaborative Technologies and Systems (CTS'06).

[13]  Leon Gommans,et al.  Job-centric security model for open collaborative environment , 2005, Proceedings of the 2005 International Symposium on Collaborative Technologies and Systems, 2005..