Role-Based Access Control for the Open Grid Services Architecture - Data Access and Integration (OGSA-DAI)

Grid has emerged recently as an integration infrastructure for the sharing and coordinated use of diverse resources in dynamic, distributed virtual organizations (VOs). A Data Grid is an architecture for the access, exchange, and sharing of data in the Grid environment. In this dissertation, role-based access control (RBAC) systems for heterogeneous data resources in Data Grid systems are proposed. The Open Grid Services Architecture - Data Access and Integration (OGSA-DAI) is a widely used framework for the integration of heterogeneous data resources in Grid systems. However, in the OGSA-DAI system, access control causes substantial administration overhead for resource providers in VOs because each of them has to manage the authorization information for individual Grid users. Its identity-based access control mechanisms are severely inefficient and too complicated to manage because the direct mapping between users and privileges is transitory. To solve this problem, (1) the Community Authorization Service (CAS), provided by the Globus toolkit, and (2) the Shibboleth, an attribute authorization service, are used to support RBAC in the OGSA-DAI system. The Globus Toolkit is widely used software for building Grid systems. Access control policies need to be specified and managed across multiple VOs. For this purpose, the Core and Hierarchical RBAC profile of the eXtensible Access Control Markup Language (XACML) is used; and for distributed administration of those policies, the Object, Metadata and Artifacts Registry (OMAR) is used. OMAR is based on the e-business eXtensible Markup Language (ebXML) registry specifications developed to achieve interoperable registries and repositories. The RBAC systems allow quick and easy deployments, privacy protection, and the centralized and distributed management of privileges. They support scalable, interoperable and fine-grain access control services; dynamic delegation of rights; and user-role assignments. They also reduce the administration overheads for resource providers because they need to maintain only the mapping information from VO roles to local database roles. Resource providers maintain the ultimate authority over their resources. Moreover, unnecessary mapping and connections can be avoided by denying invalid requests at the VO level. Performance analysis shows that our RBAC systems add only a small overhead to the existing security infrastructure of OGSA-DAI

Supporting Semantically Enhanced Web Service Discovery for Enterprise Application Integration

The availability of sophisticated Web service discovery mechanisms is an essential prerequisite for increasing the levels of efficiency and automation in EAI. In this chapter, we present an approach for developing service registries building on the UDDI standard and offering semantically-enhanced publication and discovery capabilities in order to overcome some of the known limitations of conventional service registries. The approach aspires to promote efficiency in EAI in a number of ways, but primarily by automating the task of evaluating service integrability on the basis of the input and output messages that are defined in the Web service’s interface. The presented solution combines the use of three technology standards to meet its objectives: OWL-DL, for modelling service characteristics and performing fine-grained service matchmaking via DL reasoning, SAWSDL, for creating semantically annotated descriptions of service interfaces, and UDDI, for storing and retrieving syntactic and semantic information about services and service providers

Combining SAWSDL, OWL-DL and UDDI for Semantically Enhanced Web Service Discovery

UDDI registries are included as a standard offering within the product suite of any major SOA vendor, serving as the foundation for establishing design-time and run-time SOA governance. Despite the success of the UDDI specification and its rapid uptake by the industry, the capabilities of its offered service discovery facilities are rather limited. The lack of machine-understandable semantics in the technical specifications and classification schemes used for retrieving services, prevent UDDI registries from supporting fully automated and thus truly effective service discovery. This paper presents the implementation of a semantically-enhanced registry that builds on the UDDI specification and augments its service publication and discovery facilities to overcome the aforementioned limitations. The proposed solution combines the use of SAWSDL for creating semantically annotated descriptions of service interfaces and the use of OWL-DL for modelling service capabilities and for performing matchmaking via DL reasoning

Towards a virtual research environment for paediatric endocrinology across Europe

Paediatric endocrinology is a medical specialty dealing with variations of physical growth and sexual development in childhood. Genetic anomalies that can cause disorders of sexual development in children are rare. Given this, sharing and collaboration on the small number of cases that occur is needed by clinical experts in the field. The EU-funded EuroDSD project (www.eurodsd.eu) is one such collaboration involving clinical centres and clinical and genetic experts across Europe. Through the establishment of a virtual research environment (VRE) supporting sharing of data and a variety of clinical and bioinformatics analysis tools, EuroDSD aims to provide a research infrastructure for research into disorders of sex development. Security, ethics and information governance are at the heart of this infrastructure. This paper describes the infrastructure that is being built and the inherent challenges in security, availability and dependability that must be overcome for the enterprise to succeed

Adaptive service discovery on service-oriented and spontaneous sensor systems

Service-oriented architecture, Spontaneous networks, Self-organisation, Self-configuration, Sensor systems, Social patternsNatural and man-made disasters can significantly impact both people and environments. Enhanced effect can be achieved through dynamic networking of people, systems and procedures and seamless integration of them to fulfil mission objectives with service-oriented sensor systems. However, the benefits of integration of services will not be realised unless we have a dependable method to discover all required services in dynamic environments. In this paper, we propose an Adaptive and Efficient Peer-to-peer Search (AEPS) approach for dependable service integration on service-oriented architecture based on a number of social behaviour patterns. In the AEPS network, the networked nodes can autonomously support and co-operate with each other in a peer-to-peer (P2P) manner to quickly discover and self-configure any services available on the disaster area and deliver a real-time capability by self-organising themselves in spontaneous groups to provide higher flexibility and adaptability for disaster monitoring and relief

Business integration models in the context of web services.

E-commerce development and applications have been bringing the Internet to business and marketing and reforming our current business styles and processes. The rapid development of the Web, in particular, the introduction of the semantic web and web service technologies, enables business processes, modeling and management to enter an entirely new stage. Traditional web based business data and transactions can now be analyzed, extracted and modeled to discover new business rules and to form new business strategies, let alone mining the business data in order to classify customers or products. In this paper, we investigate and analyze the business integration models in the context of web services using a micro-payment system because a micro-payment system is considered to be a service intensive activity, where many payment tasks involve different forms of services, such as payment method selection for buyers, security support software, product price comparison, etc. We will use the micro-payment case to discuss and illustrate how the web services approaches support and transform the business process and integration model.

Web Service Discovery in the FUSION Semantic Registry

The UDDI specification was developed as an attempt to address the key challenge of effective Web service discovery and has become a widely adopted standard. However, the text-based indexing and search mechanism that UDDI registries offer does not suffice for expressing unambiguous and semantically rich representations of service capabilities, and cannot support the logic-based inference capacity required for facilitating automated service matchmaking. This paper provides an overview of the approach put forward in the FUSION project for overcoming this important limitation. Our solution combines SAWSDL-based service descriptions with service capability profiling based on OWL-DL, and automated matchmaking through DL reasoning in a semantically extended UDDI registry