1 / 16

Agenda

Agenda. Service Centric Systems and Identity Management Example: the business trip service Abstract Delegation The Delegation Framework SeCSE Composition Language The SCENE Platform Solution Architecture Conclusion. Service Centric Systems and Identity Management. Services.

dorothy-williamson
Download Presentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Agenda • Service Centric Systems and Identity Management • Example: the business trip service • Abstract Delegation • The Delegation Framework • SeCSE Composition Language • The SCENE Platform • Solution Architecture • Conclusion

  2. Service Centric Systems and Identity Management Services Trust domains

  3. Trip planner Example: the business trip service Service Provider Telecom provider Telecom provider Make phone call Make phone call

  4. Services requiring IdM in the example • Both the calendar and the phone call services are likely to require • some access control • some delegation mechanism • Phone call service: preliminarily established agreements with some telecom providers according to a pay per use policy • Calendar: depends on the identity of the user

  5. Abstract Delegation • Build an abstraction layer that takes care of delegation by addressing the following requirements: • User Control • Separation of concerns • Dinamicity • Impersonation excludes user control and is not a form of delegation

  6. Abstract Delegation Delegator (Client) Delegatee Service Resource (Personal Service) Service, “Credential” “Accesses” Configures “Policy” Creates “Credential”

  7. The Delegation Framework

  8. Delegation Browser The Delegation Framework • Delegation Selector SeCSE Delegation Framework offers a unified API and unified user experience for delegation

  9. SeCSE composition language Event: bindingEvent Condition: action=check for conflicts userProfile.Calendar not empty Action: bind check for conflict to userProfile.Calendar.checkIfBusy Process Binding Rules Preference Constraint Event: bindingEvent Condition: action=confirm commitments Action: bind confirm commitments to same as check for conflict

  10. SCENE Architecture

  11. Integration of the delegation framework within SCENE

  12. Delegation: Current Trend Application-specific Delegation “Delegation Systems” Delegation Abstraction Google calendar Yahoo calendar SecPal AuthZ STS Exchange This work OAuth Telco location service ACL Car GPS Active Directory Groove Liberty (SSO) Messenger XACML (PEP/PDP) Skype … Shared/cloud STS Principle: delegator can delegate access to resource Principle: resources adapt to Standardized system. Principle: there are multiple systems  delegator has to be flexible.

  13. Conclusions • Our Delegation Approach does not require specific design effort to developers of a composed service • Our approach allow users to keep their personal services under control, but, at the same time, allow composed services to access personal services in a controlled way • The approach can coexist with others, for instance, based on the federation of trust domains.

  14. Future work • Continue experimenting with various application cases to verify the generality of our approach. • Integration of other IdM solutions in our architecture to be able to address as many IdM cases as possible

More Related