110 likes | 256 Views
Secure Workflow Repository for Askalon. Malik Muhamamd Junaid Maximilian Berger Thomas Fahringer Distributed and parallel Systems Group University of Innsbruck Austria. Oct, 13, 2009. Krakow, PL. Outline. Motivation Workflow Hosting Environment Secure Workflow Repository (SWFR)
E N D
Secure Workflow Repository for Askalon Malik Muhamamd Junaid Maximilian Berger Thomas Fahringer Distributed and parallel Systems Group University of Innsbruck Austria Oct, 13, 2009. Krakow, PL.
Outline • Motivation • Workflow Hosting Environment • Secure Workflow Repository (SWFR) • Architecture • Components • Security and Reliability • Advancement • Conclusion
Introduction • Workflows are vital to Grid based applications. • Increasing complexity of these applications is making the workflow design difficult, • Leading to a need for: • Workflow Sharing and Reuse • Workflow security • Workflow Version Management • Workflow Modification History
ASKALON Workflow Storage • Workflow Represented using AGWL based on XML • Workflow storage is based on Filesystem • Open access to all users • Manual version history • No Workflow Modification History • No ownership record for workflows
Secure Workflow Repository(SWFR) • SWFR is designed and implemented to address these issues: • Features: • Decentralized Service oriented implementation • Secure Client Service communication for workflow transactions • Extended Role Based Access Control • Automated Version Control • Comprehensive wokflow update history • Complete Ownership information
Architecture of the SWFR Workflow Design Tool (client) Workflow Repository (Service) Event Handler Authentication & Authorization Module Repository Requests (Events) Design Tool Workflow Repository Storage, Retrieval & Session Management Session Manager Version Management Module
Security using Extended-RBAC Role based Access Control (RBAC) Role Hierarchy Permissions User Assignment Permission Assignment Users Operations objects Roles Rights Delegation Extended Role based Access Control (E-RBAC) for Grid Workflows
Security using Extended-RBAC • Layered Security Architecture: • Request Handle performs Decryption of the incoming request based on the session information • User Authentication based on Session and credential information • Authorization check based on Roles and Exceptional rights • Information Retrieval from the Repository • Encryption using session information Request Handler Decryption 1 Session Authentication 2 Authentication (RBAC) 3 Authorization (E-RBAC) 4 Repository Access 5
Schema Diagram for the SWFR state name xmlid rev_Id rev_nr time_st chg_id change chg_type 1 * 1 * workflow has has revision change 1 rights has rights * * u_perm owner * * gp_perm 1 * 1 * * * has is_in * User Wf_info Group u_id email u_name name cred wf_inf_id count Time_st full_rev gid Gp_name
Automatic Version Management • Version Management Module: • Keeps track of the Existing Workflows in the Repository • Applies Version Increment to the Updated workflows • Automatic Minor updates for the workflow modifications • User directed explicit major version updates
Conclusion • SWFR Provides a better solution for workflow management • It can be easily integrated into larger systems. • Secure communication makes it safe for SOA • Decentralized database makes it fast and efficient • Layered Extended Role based access provides multi level of security. • Fine grained access control is possible because of exceptional rights delegation • Automatic version management helps in tracking changes and finding updated version easily.