Changes between Version 3 and Version 4 of SecurityIssuesFirstDay

Timestamp:

2008/02/12 12:09:15 (16 years ago)

Author:

ots

Comment:

--

SecurityIssuesFirstDay

@@ -7 +7 @@
 
 Scenary: Dynamic access control & secure management over federated resources.
+
+Simplified use case:
+·       After registration the user connects to the portal and creates delegated credentials on a MyProxy repository. Delegation is achieved by the use of so called proxy credentials. 
+·       Through the portal the end user uses the different services (including WFs). When a service is called, the user is authenticated through the proxy certificates managed by the MyProxy service.
+·       Services can depend on a central authorisation service to determine whether or not the user is allowed to perform a certain operation or whether he is allowed to see specific data. 
+·       Services offering access to sensitive data should do additional authorisation decision requests to some Authorization Service that implements the Data Protection policies and governs the flow of private datasets.
+
+
+
+
   * '''Resources protection:''' software (services, WFs, …) availability, computational resources (CPU, storage, …); data access restrictions
   * '''Protection / Sharing of proprietary data''' (in a persistence system).
@@ -19 +29 @@
   * Authorization levels
   * Interchanging protocols (formats)
-  * Authentication protocols
+  * Authentication & delegation: Authentication, both of end-user and of infrastructure components, could based on X509 digital certificates. This proven technology is commonly used, for example when connecting to a secure website (https). Certificates are managed through a Public Key Infrastructure (PKI), which deals with the secure creation, validation and revocation of certificates.
+
   * WFs concerns
   * Profiling offer deployment (specific to the user rights)