120 research outputs found
Using SAML and XACML for Complex Resource Provisioning in Grid Based Applications
This paper presents ongoing research and current results on the development of flexible access control infrastructure for complex resource provisioning (CRP) in Grid-based applications. The paper proposes a general CRP model and specifies major requirements to the Authorisation (AuthZ) service infrastructure to support multidomain CRP, focusing on two main issues â policy expression for complex resource models and AuthZ session support. The paper provides suggestions about using XACML and its profiles to describe access control policies to complex resources and briefly describes proposed XML based AuthZ ticket format to support extended AuthZ session context. Additionally, the paper discusses what specific functionality can be added to the gLite Java Authorisation Framework (gJAF), to handle dynamic security context including AuthZ session support. The paper is based on experiences gained from major Grid based and Grid oriented projects such as EGEE
Dynamic deployment of web services on the internet or grid
PhD ThesisThis thesis focuses on the area of dynamic Web Service deployment for grid and
Internet applications. It presents a new Dynamic Service Oriented Architecture
(DynaSOAr) that enables the deployment of Web Services at run-time in response to
consumer requests.
The service-oriented approach to grid and Internet computing is centred on two
parties: the service provider and the service consumer. This thesis investigates the
introduction of mobility into this service-oriented approach allowing for better use of
resources and improved quality of service. To this end, it examines the role of the
service provider and makes the case for a clear separation of its concerns into two
distinct roles: that of a Web Service Provider, whose responsibility is to receive and
direct consumer requests and supply service implementations, and a Host Provider,
whose role is to deploy services and process consumers' requests on available
resources. This separation of concerns breaks the implicit bond between a published
Web Service endpoint (network address) and the resource upon which the service is
deployed. It also allows the architecture to respond dynamically to changes in service
demand and the quality of service requirements. Clearly defined interfaces for each
role are presented, which form the infrastructure of DynaSOAr. The approach taken
is wholly based on Web Services.
The dynamic deployment of service code between separate roles, potentially running
in different administrative domains, raises a number of security issues which are
addressed. A DynaSOAr service invocation involves three parties: the requesting
Consumer, a Web Service Provider and a Host Provider; this tripartite relationship
requires a security model that allows the concerns of each party to be enforced for a
given invocation. This thesis, therefore, presents a Tripartite Security Model and an
architecture that allows the representation, propagation and enforcement of three
separate sets of constraints.
A prototype implementation of DynaSOAr is used to evaluate the claims made, and
the results show that a significant benefit in terms of round-trip execution time for
data-intensive applications is achieved. Additional benefits in terms of parallel
deployments to satisfy multiple concurrent requests are also shown
Towards a secure service provisioning framework in a Smart city environment
© 2017 Elsevier B.V. Over the past few years the concept of Smart cities has emerged to transform urban areas into connected and well informed spaces. Services that make smart cities âsmartâ are curated by using data streams of smart cities i.e., inhabitantsâ location information, digital engagement, transportation, environment and local government data. Accumulating and processing of these data streams raise security and privacy concerns at individual and community levels. Sizeable attempts have been made to ensure the security and privacy of inhabitantsâ data. However, the security and privacy issues of smart cities are not only confined to inhabitants; service providers and local governments have their own reservations â service provider trust, reliability of the sensed data, and data ownership, to name a few. In this research we identified a comprehensive list of stakeholders and modelled their involvement in smart cities by using the Onion Model approach. Based on the model we present a security and privacy-aware framework for service provisioning in smart cities, namely the âSmart Secure Service Provisioningâ (SSServProv) Framework. Unlike previous attempts, our framework provides end-to-end security and privacy features for trustable data acquisition, transmission, processing and legitimate service provisioning. The proposed framework ensures inhabitantsâ privacy, and also guarantees integrity of services. It also ensures that public data is never misused by malicious service providers. To demonstrate the efficacy of SSServProv we developed and tested core functionalities of authentication, authorisation and lightweight secure communication protocol for data acquisition and service provisioning. For various smart cities service provisioning scenarios we verified these protocols by an automated security verification tool called Scyther
EMI Security Architecture
This document describes the various architectures of the three middlewares that comprise the EMI software stack. It also outlines the common efforts in the security area that allow interoperability between these middlewares. The assessment of the EMI Security presented in this document was performed internally by members of the Security Area of the EMI project
User centric community clouds
With the evolution in cloud technologies, users are becoming acquainted with seamless service provision. Nevertheless, clouds are not a user centric technology, and users become completely dependent on service providers. We propose a novel concept for clouds, where users self-organize to create their clouds. We present such an architecture for user-centric clouds, which relies on self-managed clouds based on doctrine and on identity management concepts
- âŠ