Changes between Version 10 and Version 11 of SecurityIssuesFirstDay

Show
Ignore:
Timestamp:
2008/02/12 12:40:07 (17 years ago)
Author:
ots
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • SecurityIssuesFirstDay

    v10 v11  
    66== Motivation == 
    77 
     8Security services enforce access control policies at all levels to provide secure authentication and communication over an open network. 
     9 
     10  * '''Resources protection:''' software (services, WFs, …) availability, computational resources (CPU, storage, …); data access restrictions 
     11  * '''Protection / Sharing of proprietary data''' (in a persistence system). 
     12  * '''Scheduling''': priority based system. 
     13 
    814Scenary: Dynamic access control & secure management over federated resources. 
    915   [attachment:wiki:SecurityIssuesFirstDay:Fig-S1.JPG General security architecture] 
     16 
     17 
     18 
     19== State of the art == 
     20  * Systems: Kerberos / GAS ... 
     21  [attachment:wiki:SecurityIssuesFirstDay:image002.gif Security roles graph] 
    1022 
    1123Simplified use case: 
     
    1527·       Services offering access to sensitive data should do additional authorisation decision requests to some Authorization Service that implements the Data Protection policies and governs the flow of private datasets. 
    1628 
    17  
    18  
    19  
    20   * '''Resources protection:''' software (services, WFs, …) availability, computational resources (CPU, storage, …); data access restrictions 
    21   * '''Protection / Sharing of proprietary data''' (in a persistence system). 
    22   * '''Scheduling''': priority based system. 
    23 Security services enforce access control policies at all levels to provide secure authentication and communication over an open network. 
    24  
    25 == State of the art == 
    26   * Systems: Kerberos / GAS ... 
    27   [attachment:wiki:SecurityIssuesFirstDay:image002.gif Security roles graph] 
     29   [attachment:wiki:SecurityIssuesFirstDay:Fig-S2.JPG MyProxy delegation example] 
    2830 
    2931== Discussion space == 
     
    3234  * Authentication & delegation: Authentication, both of end-user and of infrastructure components, could based on X509 digital certificates. This proven technology is commonly used, for example when connecting to a secure website (https). Certificates are managed through a Public Key Infrastructure (PKI), which deals with the secure creation, validation and revocation of certificates. 
    3335 
    34    [attachment:wiki:SecurityIssuesFirstDay:Fig-S2.JPG MyProxy delegation example] 
    3536 
    3637  * WFs concerns