270 likes | 289 Views
This thesis proposal aims to develop a universal collaboration framework integrating mobile and non-mobile collaborative applications in a single environment to address access control policies, group coordination, and user interaction challenges in heterogeneous computing setups.
E N D
Designing Universal Framework for Building Collaborative Applications in Heterogeneous Computing Environment Kangseok Kim kakim@cs.indiana.edu Computer Science Department Indiana University
Motivation and Research objectives Problem statement Literature Survey Research Issues Research Designs Milestones Contributions Outline of PhD Thesis Proposal
Shared whiteboard with annotation on both mobile and non-mobile device
Motivation and Research Objectives I • Heterogeneous community collaboration • Most heterogeneous community collaboration systems cannot communicate with each other. • e.g. H.323 <-> AG, AG <-> SIP • We need wider range of collaboration by building integrated collaboration environment, which combines collaborative applications as well as other collaboration into a single easy-to-use environment. • Universal collaboration and access • Mean capability of multiple users to link together with disparate access modes to access collaborative systems. • Make systems more usable and more useful, and enable people to work together with others remotely.
Motivation and Research Objectives II • Access control in collaboration system • Access control policy in heterogeneous community collaboration systems has not been adequately addressed. • Access control policies and mechanisms are needed to restrict unauthorized access to a variety of protected information and resources. • Group coordination support • As the number of collaborating users increases, a user may have to contend with other users for access to the collaboration elements. • To maintain consistent shared state at application level, we need to control competing accesses and mitigate race conditions for shared resources.
What is a generic solution to build integrated collaboration environment which combines mobile and non-mobile collaborative applications as well as Heterogeneous community collaboration into a single easy-to-use environment? Problem Statement
Literature Survey (1)Conferencing Technologies • H.323 • ITU standard for exchange of voice, video, and data • SIP (Session Initiation Protocol) • Light-weight generic signaling protocol of interactive communication sessions between users designed by IETF. • AG (Access Grid) • Designed for group-to-group collaboration across high-performance networks initiated by Argonne National Lab • VRVS (Virtual Rooms Videoconferencing System) • A web oriented collaboration system for videoconferencing and collaborative work over IP networks.
Access Matrix Authorization is performed by operations that subjects are allowed to objects RBAC (Role Based Access Control) Privileges (permissions) to use resources are connected to a role and not to a specific user PERMIS (Privilege and Role Management Infrastructure Standards) Role based PMI (Privilege Management Infrastructure) CAS (Community Authorization Service) Implement RBAC using an authorization server Literature Survey (2)Access Control Schemes
Research Issues I • Designing a framework for controlling sessions, accesses, and floors for heterogeneous community collaboration on mobile devices as well as non-mobile devices • Handle collaboration (Session control) • Heterogeneous control protocols have to be translated into general control protocol • The general session control protocol manages session users and resources in communities • Access control • Scalable, dynamic, fine-grained access control
Research Issues II • Group coordination (Floor control) • An approach to deal with race conditions in resource sharing for system and shared state consistency at application level • Fault-tolerant role in collaboration system • A recovery approach from failure-prone system • Design issues for building applications on mobile devices • An approach to overcome technical limitation occurring as porting applications from desktop computers (moderate screen size) to mobile devices (small screen size)
Research Designs (1)XGSP (XML based General Session Protocol) • Our lab’s conference collaboration framework for integrating multiple heterogeneous communities • General session protocol defined in XML to handle collaboration • Built on both mobile and non-mobile devices • XGSP current capabilities • Manage membership • Maintain connectivity • Organize sessions • Support collaborative applications • Support heterogeneous communities (H.323, SIP) • XGSP missing / desired futures • Integration access and floor control mechanism into XGSP framework • Fault-tolerant role capability
Conference Calendar Conference Manager Application Registry Node manager User Accounts user roster session roster Service / Message System application Instance 0 User node application Instance 1 Chair node User node User node Research Designs (1)XGSP (XML based General Session Protocol) Framework Components • Conference manager • Registries of all scheduled conferences • Registries of collaborative applications • User accounts • Policies • Node manager • User interface for XGSP conference management service • Factories for all kinds of applications • XGSP conference control • Conference management service • Application management service • Access control service • Floor control service
Research Designs (2)XRBAC (XML Role Based Access Control) • Define policies in XML to enable only authorized users to access protected collaboration environments • Authorization is performed by explicitly conference chair or implicitly a user authorized by predefined policies • Performed dynamically at runtime by activation rules or statically by predefined policies • Fine-grained control • Allow a user of a group in a role to access resources at certain time • Allow groups of users to access resource attributes • Push and pull policy mode • Push mode • policies are passed to a user by conference manager at conference join time • this lead to policy consistency • Pull mode • policies are retrieved from internal store of a user node at access time • Benefits • easy of understanding, management, scalability, and dynamic fine-grained control
Activation / Deactivation Service Activation / Deactivation Service Access Decision Service Access Decision Service Pull Policies Pull Policies Local Policy Store Local Policy Store Authentication Service Authentication Service Research Designs (2) Architectural design of Integrating XRBAC service into XGSP Framework Conference Manager Push Policies Push Policies Decision Response Service / Message System Access Request Chair node User node KMC (Key Management Center)
Milestones • Designed and built general conference control framework on both mobile device (cell phone) and non-mobile device • Define general session protocol in XML (XGSP) • Designed and implemented collaborative applications on both non-mobile and mobile device (cell phone) • Define definitions and rules of collaboration roles • Define access control policies • Define role-based access control policies in XML (XRBAC) • Integrate access control mechanism into collaboration system • Integrate floor control mechanism into collaboration system • Define floor control policies in XML (XFLOOR) • Design and Implement fault-tolerant role mechanism
Contributions • Provides an approach for heterogeneous community collaboration • A mechanism that makes systems more usable and more useful to maximize the use of various collaborative capabilities to collaborator • Provides an approach for universal collaboration and access with mobile devices like cell phone • A mechanism that users can access collaborative systems independent of their access device and their physical capabilities • Provides an approach for access control on collaboration system • A mechanism that only authorized users can access to a variety of protected information and resources • Provides an approach for maintaining system and shared state consistency at application level • A mechanism that users allow to attain exclusive control without access conflicts on shared resources in static or dynamic fine-grained control
Literature Survey (1)H.323 • ITU standard for exchange of voice, video, and data • A set of standards for group communication • TCP call setup and control • UDP for audio/video
Literature Survey (2)SIP (Session Initiation Protocol) • Designed by IETF. • Light-weight generic signaling protocol of interactive communication sessions between users • Defines how to establish, maintain, and terminate Internet sessions including multimedia conferences. • Provides basic functions such as user location resolution, capability negotiation, and call management. • Designed in a text format and took request/response protocol style like HTTP. • Difference : SIP is used for human-to-human communication and to locate individual users
Literature Survey (3)AG (Access Grid) • A project initiated by Argonne National Lab • Designed for group-to-group collaboration across high-performance networks. • A form of collaborative technology that uses synchronous communications. • Uses IP multicast for audio/video
Literature Survey (4)VRVS (Virtual Rooms Videoconferencing System) • A web oriented collaboration system for videoconferencing and collaborative work over IP networks. • Composed of two different parts • web server : users’ interface to connect to videoconferences and launch AV applications • reflector : a specific software to distribute information (audio, video, and data) to collaborating users to Interconnect each user to a Virtual Room
Authorization is performed by operations that subjects are allowed to objects Access Control List (ACL) expressed by columns Capability list expressed by rows Shortcomings doesn’t allow fine-grained access control to object attributes File 1 Alice Bob File 2 Alice File 3 Bob Alice Alice File 1 File 2 File 3 Bob File 1 File 3 Literature Survey (5)Access Matrix ACL Capability List
Privileges (permissions) to use resources are connected to a role and not to a specific user roles are assigned to users (role assignment) and access permissions are assigned to roles (permission assignment) Benefit scalable – because users can be easily reassigned from one role to another Shortcomings lacks ability to specify fine-grained control on individual users in certain roles and on individual resource instances Read Submit Role Users Target policy Roles Permissions Role assignment Permission assignment Users Literature Survey (6)RBAC (Role Based Access Control)
Authentication Service Submit Access Request Present Access Request User Target AEF Decision Request Decision Application Gateway PERMIS PMI API ADF Retrieve Policy and Role ACs LDAP Literature Survey (7)PERMIS (Privilege and Role Management Infrastructure Standards) • Role based PMI • Policies are written in XML and stored as X.509 AC (Attribute Certificate) residing in an LDAP directory • Access control enforcement function (AEF) • Authenticate user and ask ADF if the user is allowed to perform the requested action on target resource • Access control decision function (ADF) • Access LDAP to retrieve authorization policy and role AC for the user and make a decision based on these
delegate decision role to administrator Resource Resource Resource CAS Server Community 1. issue request 2. issue CAS credential with capability User User User 4. response 3. access request with issued CAS credential Literature Survey (8)CAS (Community Authorization Service) • Implement RBAC using an authorization server (CAS server) • Fine-grained access control can be delegated to administrator of community • Shortcomings • single point of failure of CAS server • lack of dynamic change (permission) at runtime