260 likes | 369 Views
The GOLD Project http://gigamesh.ncl.ac.uk. Dr. Panos Periorellis School of Computing Science, University of Newcastle Upon Tyne North East E-Science Centre. Talk Structure. Gold Project Introduction Architecture Basic Elements Security Access control Coordination Regulation
E N D
The GOLD Project http://gigamesh.ncl.ac.uk Dr. Panos Periorellis School of Computing Science, University of Newcastle Upon Tyne North East E-Science Centre
Talk Structure • Gold Project Introduction • Architecture • Basic Elements • Security • Access control • Coordination • Regulation • Information Management • Conclusions
GOLD Project http://gigamesh.ncl.ac.uk • EPSRC eScience Pilot project, Started 1st February 2004, Funding of £2.2m • The Project investigates GRID technologies for the development of infrastructure to support virtual organisations. • Software technology supporting collaborative partnerships in the chemicals industries • Strong business focus • Addressing fundamental and practical issues • Requirements led by the industrial partners • Research focus on • Security, Trust for V.O. • Contract Management, transactions, workflows to support V.O. • Web Services and related standards
GOLD software; What is it about • Middleware to enable the creation and operation of virtual organisations. • Gold provides a set of generic services that allow us to securely, plan and manage virtual organisations. • The infrastructure is used to support all the activities of the chemical development life cycle. • Solutions are SOA/web service based, using several WS* standards
Interests for the Research Community • Thorough requirements engineering process in close collaboration with industrial partners and academic in order to identify the core architectural elements of virtual organisations. • Demonstrated how the VO infrastructure enables the evolution of the chemical development life cycle • Extensive experimentation with WS-* Standards to deal with web service management, orchestration, coordination and security including working implementation of WS Security, SAML, XACML, WS Policy, WS-Eventing, WS-Notification….others. • Future Research ideas.
GOLD Architecture • The GOLD Middleware architecture has primarily been derived through the application of Soft Systems Modelling. • Some of the early findings suggested that the infrastructure needs to be flexible, adaptable and capable of coping with the dynamic characteristics of VOs. • GOLD middleware offers a set of services that can be used to assist in the formation, operation and termination of virtual organisations. • The aim of the project and the proposed architecture is to offer VO developers the flexibility to configure the VO according to their requirements without imposing too many constraints or imposing what and how it should be done.
GOLD Architecture • The security element is paramount encompasses mechanisms for secure access to resources, secure information exchange user authentication and authorisation. • The co-ordination element emphasises the need for planning within a VO. • The Regulation aspect of the architecture aims to ensure that entities who interact within a VO are able to exercise their rights and that, at the same time, they meet their obligations to one another and to any relevant regulatory body. • The quantity of information generated in a virtual organisations is significant. This information needs to be stored such that it is available to, and searchable by, correctly authenticated and authorised VO participants.
Security - Authentication • Authentication describes the process of securely establishing and verifying identities of network subjects which may take the form of users, agents, registered services or components. • Single Sign on and Federation mechanisms have been developed and demonstrated to show how the crossing of organisational boundaries can be achieved without requesting from the user to login more than once. • Additional issues to consider include data protection and privacy, extend of validity of a federated identity, Accountability • Related Technologies used are WS Security, SAML, Signatures, Encryption and others.
Security - Authorization • Authorization requires a common language for expressing policies to be shared amongst all VO participants. • The dynamic nature of virtual organizations makes it necessary for any VO infrastructure to support a mechanism that deals with dynamic rights activation and de-activation. • The degree of granularity which refers to the level of detail for which one can define access rights is very important. • Rights should not be automatically assumed upon role assignment. Instead they should be granted gradually, as the workflow progresses, prohibiting access to parties that may be part of a workflow but are not fulfilling their obligations.
Security - AuthZ Policy Εnforcement Point Policy, Decision Point XACML Response XACML Request Request Εntry Point Decision XACML Policies Request P Policy, Storage Point Policy, Verification Point P XACML Policy Entry Interface P1 P3 P2
XACML Policy Verification How can we ensure that policies expressed by various VO participants are free from conflicts ? How can we ensure that the workflow will not throw any exceptions due to missing policies? True Properties XACML Policies VDM Model VDM Interpreter VDM Properties Workflow Description Workflow VDM Converter XACML VDM Converter False Properties
Further Access Control Research • Expression of Access Control Policies • Obligations • Rule1 (Researcher, ExpenseClaimForm, Write) • Rule2 (Supervisor, ExpenseClaimForm, Sign) • Automatic extraction of policies from workflow descriptions
GOLD Coordination • Coordination is the means of ensuring that all interested/involved VO participants are informed of their obligations and the obligations of others as they are dispatched. • GOLD has adopted the WS-Eventing standard which defines typical subscription management operations such as subscribe, unsubscribe and renew. Event sources notify events to their subscriber event sinks by sending a SOAP message to a Web service endpoint specified by the subscriber. • GOLD uses a notification broker to route event messages from event sources to event sinks and to reduce subscription management responsibilities at each participant.
GOLD Regulation • Regulation helps govern interactions between parties, ensuring that participants’ rights (in terms of the resources they are allowed to access) are properly granted and that obligations are properly dispatched (such as making resources available to others). This is achieved by the use of contracts and contract enforcement mechanisms as well as monitoring mechanisms for auditing and accountability. • the GOLD Middleware records all activities to monitor for compliance with the regulatory regime. Furthermore, critical interactions between VO participants should be non-repudiable (no party should be able to deny their participation) and the auditing and monitoring functions must be fair (misbehaviour should not disadvantage well-behaved parties). • Contract enforcement is achieved by translating a contract expressed in natural language in a formal language such as Promela. Verification of the contract will ensure that there are no ambiguities in the formal contract. The series of message exchanges that the Promela version of the contract will reveal can be used to guide and at the same time monitor the business interaction.
GOLD Storage • The storage element addresses the need to store, manage and access information. In addition there is a requirement to be able to determine how a piece of information was derived. • The Information Management and Repository services meet this need by providing configurable information storage and logging/auditing functionality. • VOs must control and manage the exchange of information between the participants, and the role of the Information Management service in the GOLD Middleware is to support this exchange in three ways: • to ensure a common structure and meaning for information shared across the VO • to provide information services and tools to support the controlled exchange of information according to the policies and contracts that are in place within the VO • to extract value from the information stored during the lifetime of a VO.
GOLD Storage cont. • To support the information management requirements of VOs the GOLD Middleware provides an Information Model that defines the structure and meaning of information shared by its participants. This model can be divided into three categories: • Generic - represents information that is required by all VOs. This includes descriptions of the VO structure, the participants, the tasks being performed, security policies etc. The services that make up the generic GOLD VO infrastructure (i.e. those comprising the security, coordination and regulation architectural elements) all exchange information defined in this category of the information model. • Domain specific - within a particular domain, there are types of information that are generic across a broad range of VOs. • Application specific - information in this category represents specialist information describing a particular domain.
Achievements • Publications • Regular Demonstrations at e-Science Meeting • Drawn interest from Chemical Development industry • Future Research Projects
Conclusions • Virtual organisations bring together a number of independent entities with the aim to collaborate in achieving a common goal. • GOLD middleware offers a set of services that can be used to assist in the formation, operation and termination of virtual organisations. The aim of the project and the proposed architecture is to offer VO developers the flexibility to configure the VO according to their requirements without imposing too many constraints or imposing what and how it should be done. • We touched on 4 fundamental architectural elements and discussed in turn how they could be implemented. Adhering to certain principles regarding privacy and trust we devised a security policy for authorisation and authentication that is based primarily on current WS standards.
Questions ? GOLD Website gigamesh.ncl.ac.uk
Requirements • Identity Management. • Hiding identity when participating in certain tasks • Privacy (handling certain tasks) • Access Control • Limited/Controlled Sharing resources • Authorisation available at Service’s side • Confidentiality and Data Integrity • Independent auditing • Audit trails for each transaction • Portable Trust • Flexibility for both authorisation and authentication (various tokens)
WS-* standards/specifications • Authentication • Single Sign-on • SAML Tokens and protocols, certificates • WS Security to carry authentications tokens • Authorisation • XACML to express resource related policies • Single policy repository to store XACML policies • Service interface to express policies (Policy Entry Point) • Audit • Non repudiation protocols for audit trails. • Audit messages are stored centrally and at service side. Trails can be constructed both by VO participants and GOLD • Exploring standards/specifications such as WS-RM, WS-R, XKMS, DSS • Integrity and Confidentiality • Use of XML signature, XML Encryption and PKI to ensure message integrity and privacy
Regulating interactions A key problem in Virtual Organisations is the regulation of interactions between autonomous organisations who do not unguardedly trust each other. To address this problem we are investigating: 1. the use of executable contracts for the enforcement of business terms and conditions that govern an interaction 2. monitoring of service delivery with respect to Service Level Agreements 3. non-repudiable auditing for accountability and acknowledgement of actions in the context of an interaction Formal Model of Virtual Organisation Company 1 Contract monitoring QoS Monitoring Counter example scenario Company 3 Company 2 Workflow Enactment Non-Repudiable service interactions Security, Trust and Regulation in Virtual Organisations Monitoring and analysing information flow within Virtual Organisations Information Flow Query A key problem in VOs is the monitoring and analysis of the flow of information around the VO as it forms, operates, and dissolves. With a formal model of a Virtual Organisation, which includes the information held by each company, the security policies that are in force at each site and the permitted channels of communication between the companies, we can Company 3 information Business Processes Counter example SAFE 1. ask questions about the confidentiality or otherwise of items of information within the model. If a confidential item is released we can 2. generate the counter example scenario which led to this violation of policy, and 3. feed this back into the formal model. This process will allow us to provide assurance to a user that the security policies in place are adequate to meet the goals of the individual organisations. Fair, validated, non-repudiable message delivery with Web services The following shows our flexible framework to support fair non-repudiable interactions supported by a trusted delivery. The implementation is based on Web service standards. Message validation supports up-calls for contract monitoring and enforcement. In GOLD we are using ws-* standard technologies to implement authentication and authorisation. XACML and SAML are used to enable us to provide a standard way of communicating security and trust related policies as well as creating and consuming security assertions. GOLD provide the related services that allows a party to make a request for a particular resource. If request is granted the party will be directed across the organizational boundary of that resource using SAML assertions. Assertion consumers within the organizational boundary will make the final decision upon receipt of the SAML assertion
Notification diagram explained • Event source - is a local enterprise application and/or service that generates events. (Note other components also act as event sources for the relay of event messages.) • Event sink - is a local enterprise application and/or service that consumes events. (Note other components also act as event sinks for the relay of event messages.) • WS Eventing Broker Service - is the broker service for routing event messages. When a broker service is used, subscription management is handled by the broker. Event sinks subscribe to pre-defined topics managed by the broker and event sources publish messages on the those topics. The broker sends any messages from event sources on a given topic to event sinks that have subscribed for messages on the topic. • Thus the sources and sinks do not communicate directly and only need to be aware of the broker service. • WSMSPublisher - is a bridge for the publication of messages from local enterprise messaging clients (currently JMS clients) to remote WS-Eventing endpoints. So the publisher is a sink for JMS messages on specified topics and a source of WS-Eventing messages for remote WS- Eventing clients. Local administrators can configure WSMSPublisher to send all messages on a topic to a one or more WS-Eventing endpoints (typically one or more broker servivces). In addition, the WSMSPublisher provides a WS-Eventing Subscription Manager interface that allows remote clients to subscribe directly to the publisher. • These remote clients may or may not be event brokers. • WSMSSubscriber - is a bridge for subscription to remote WS-Eventing sources that then relays messages from those sources to JMS for delivery to local messaging clients. So the subscriber is a sink for WS-Eventing messages and a source of JMS messages. Local administrators configure the WSMSSubscriber to subscribe to remote event sources (these may be broker services, WSMSPublishers or simple event sources). Any messages received from these sources are then relayed via JMS to local event sinks that have subscribed to the relevant JMS topic. • Enterprise MOM Service (JMS) - is the local JMS service implementation. We provide adaptors that isolate vendor-specific aspects of JMS administration such as topic creation. These adaptors conform to the same interface for the administration operations that WSMSPublisher and WSMSSubscriber need to perform. Thus WSMSPublisher and WSMSSubscriber can adapt to different JMS implementations.