Abstract
The paper presents proposed Security Architecture for Open Collaborative Environment (OCE) being developed in the framework of the Collaboratory.nl (CNL) project with the intent to build a flexible, customer-driven security infrastructure for open collaborative applications. The architecture is based on extended use of emerging Web Services and Grid security technologies combined with concepts from the generic Authentication Authorization and Accounting (AAA) and Role-based Access Control (RBAC) frameworks. The paper describes another proposed solution the Job-centric security model that uses a Job description as a semantic document created on the basis of the signed order (or business agreement) to provide a job-specific context for invocation of the basic OCE security services. Typical OCE use case of policy based access control is discussed in details.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Security in a Web Services World: A Proposed Architecture and Roadmap, Version 1.0, A joint security whitepaper from IBM Corporation and Microsoft Corporation. April 7 (2002), http://www-106.ibm.com/developerworks/library/ws-secmap/
The Open Grid Services Architecture, Version 1.0, July 12 (2004), http://www.gridforum.org/Meetings/GGF12/Documents/draft-ggf-ogsa-specv1.pdf
de Laat, Gross, G., Gommans, L., Vollbrecht, J., Spence, D.: RFC 2903, Experimental, Generic AAA Architecture (August 2000), ftp://ftp.isi.edu/in-notes/rfc2903.txt
Vollbrecht, J., Calhoun, P., Farrell, S., Gommans, L., Gross, G., de Bruijn, B., de Laat, C., Holdrege, M., Spence, D.: RFC 2904, Informational, AAA Authorization Framework (August 2000), ftp://ftp.isi.edu/in-notes/rfc2904.txt
Role Based Access Control (RBAC) – NIST (April 2003), http://csrc.nist.gov/rbac/
eXtensible Access Control Markup Language (XACML) Version 1.0 - OASIS Standard (February 2003), http://www.oasis-open.org/committees/download.php/2406/oasis-xacml-1.0.pdf
Keahey, K., Welch, V.: Fine-Grain Authorization for Resource Management in the Grid Environment, http://www.fusiongrid.org/research/papers/grid2002.pdf
Lorch, M., Kafura, D., Shah, S.: An XACML-based Policy Management and Authorization Service for Globus Resources. Grid 2003, November 17 (2003), http://zuni.cs.vt.edu/publications/grid-authz-policy-mgmt-wip03.ps
Web Services Architecture, W3C Working Draft, August 8 (2003), http://www.w3.org/TR/ws-arch/
Web Services Security Framework by OASIS, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss
Security Assertion Markup Language (SAML) v1.0 - OASIS Standard (November 2002), http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
A grammar for Policies in a Generic AAA Environment, http://www.ietf.org/internet-drafts/draft-irtf-aaaarch-generic-policy-03.txt
Web Services Policy Framework (WS-Policy). Version 1.1, http://msdn.microsoft.com/ws/2002/12/Policy/
Web Services Policy Attachment (WS-PolicyAttachment). Version 1.1, http://msdn.microsoft.com/ws/2002/12/PolicyAttachment/
XACML profile for Web-services (WSPL), http://www.oasis-open.org/committees/download.php/3661/draft-xacml-wspl-04.pdf
Web Services Federation Language (WS-Federation) Version 1.0, July 8 (2003), http://msdn.microsoft.com/ws/2003/07/ws-federation/
Liberty Alliance Phase 2 Final Specifications, http://www.projectliberty.org/specs/
Yu, D.: Virtual Organisations in Computer Grids and Identity Management. Elsevier Information Security Technical Report 9(1), 59–76 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Demchenko, Y. et al. (2005). Security Architecture for Open Collaborative Environment. In: Sloot, P.M.A., Hoekstra, A.G., Priol, T., Reinefeld, A., Bubak, M. (eds) Advances in Grid Computing - EGC 2005. EGC 2005. Lecture Notes in Computer Science, vol 3470. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11508380_60
Download citation
DOI: https://doi.org/10.1007/11508380_60
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26918-2
Online ISBN: 978-3-540-32036-4
eBook Packages: Computer ScienceComputer Science (R0)