3 research outputs found
DE-FG02-04ER25606 Identity Federation and Policy Management Guide: Final Report
The goal of this 3-year project was to facilitate a more productive dynamic matching between resource providers and resource consumers in Grid environments by explicitly specifying policies. There were broadly two problems being addressed by this project. First, there was a lack of an Open Grid Services Architecture (OGSA)-compliant mechanism for expressing, storing and retrieving user policies and Virtual Organization (VO) policies. Second, there was a lack of tools to resolve and enforce policies in the Open Services Grid Architecture. To address these problems, our overall approach in this project was to make all policies explicit (e.g., virtual organization policies, resource provider policies, resource consumer policies), thereby facilitating policy matching and policy negotiation. Policies defined on a per-user basis were created, held, and updated in MyPolMan, thereby providing a Grid user to centralize (where appropriate) and manage his/her policies. Organizationally, the corresponding service was VOPolMan, in which the policies of the Virtual Organization are expressed, managed, and dynamically consulted. Overall, we successfully defined, prototyped, and evaluated policy-based resource management and access control for OGSA-based Grids. This DOE project partially supported 17 peer-reviewed publications on a number of different topics: General security for Grids, credential management, Web services/OGSA/OGSI, policy-based grid authorization (for remote execution and for access to information), policy-directed Grid data movement/placement, policies for large-scale virtual organizations, and large-scale policy-aware grid architectures. In addition to supporting the PI, this project partially supported the training of 5 PhD students
Dynamic deployment of web services on the internet or grid
PhD ThesisThis thesis focuses on the area of dynamic Web Service deployment for grid and
Internet applications. It presents a new Dynamic Service Oriented Architecture
(DynaSOAr) that enables the deployment of Web Services at run-time in response to
consumer requests.
The service-oriented approach to grid and Internet computing is centred on two
parties: the service provider and the service consumer. This thesis investigates the
introduction of mobility into this service-oriented approach allowing for better use of
resources and improved quality of service. To this end, it examines the role of the
service provider and makes the case for a clear separation of its concerns into two
distinct roles: that of a Web Service Provider, whose responsibility is to receive and
direct consumer requests and supply service implementations, and a Host Provider,
whose role is to deploy services and process consumers' requests on available
resources. This separation of concerns breaks the implicit bond between a published
Web Service endpoint (network address) and the resource upon which the service is
deployed. It also allows the architecture to respond dynamically to changes in service
demand and the quality of service requirements. Clearly defined interfaces for each
role are presented, which form the infrastructure of DynaSOAr. The approach taken
is wholly based on Web Services.
The dynamic deployment of service code between separate roles, potentially running
in different administrative domains, raises a number of security issues which are
addressed. A DynaSOAr service invocation involves three parties: the requesting
Consumer, a Web Service Provider and a Host Provider; this tripartite relationship
requires a security model that allows the concerns of each party to be enforced for a
given invocation. This thesis, therefore, presents a Tripartite Security Model and an
architecture that allows the representation, propagation and enforcement of three
separate sets of constraints.
A prototype implementation of DynaSOAr is used to evaluate the claims made, and
the results show that a significant benefit in terms of round-trip execution time for
data-intensive applications is achieved. Additional benefits in terms of parallel
deployments to satisfy multiple concurrent requests are also shown
Recommended from our members
Authentication and privacy in mobile web services
This thesis looks at the issue of authentication and privacy in mobile Web services. The work in this thesis builds on GSM and UMTS security framework to develop security protocols for mobile Web services environment. The thesis initially highlights some core principles of designing security protocols in such environment. The next two chapters look at the core technologies and building blocks in Web services systems and the core security features in mobile networks mainly GSM and UMTS. Registration and authentication were identified as security issues in federated systems. Proposed solutions were developed utilizing XML security mechanisms with SIM card security in GSM environment to address these issues. Also a novel system was proposed in which it is possible for a mobile user to securely authenticate and have full anonymity as far as the service providers are concerned; however it is possible for a trusted authority to reveal the identity of the user if he or she is suspected of illegal activities. The next section analyze in detail the Generic Authentication Architecture from 3GPP. Combining SAML with the Generic Authentication Architecture, we propose a novel "generic mobile Web service platform" for M-Commerce. Various solutions have been proposed to address privacy concern in distributed networks; the Platform for Privacy Preferences is one of the popular proposal, though it has many desirable features, it is not easy to enforce it. We argue that this limitation can be managed in federated system such as the Liberty Alliance framework. In the final chapter we make the case for using timestamp based authentication protocol
in mobile Web service on the ground of efficiency gain