Www.consequence-project.eu ICAT Developer Workshop : Consequence Shirley Crompton, ESC, STFC Daresbury Laboratory.

Slides:

Advertisements

Similar presentations

Identity Network Ideals – Heterogeneity & Co-existence

Advertisements

The Next Generation Grid Kostas Tserpes, NTUA Beijing, 22 of June 2005.

Large Scale Knowledge Management across Media Prof. Fabio Ciravegna, Department of Computer Science University of Sheffield

ASPiS - Architecture for a Shibboleth-Protected iRODS System Mark Hedges, Tobias Blanke Centre for e-Research, Kings College London Adil Hasan, Jens Jensen.

I2S2 - Infrastructure for Integration in Structural Sciences Information Model Development Workshop RAL 11 th February 2010

Contrail and Federated Identity Management

IP rights in FP7 PROTECT Study Visit 10th June 2008 (Alicante) IPR-Helpdesk is a constituent part of the IP-BASE project which is financed by the CIP Programme,

CIRAS PROJECT OVERVIEW

Infrastructure layer Massonet Philippe, CETIC RESERVOIR Dissemination Activity Leader John Kennedy, INTEL Infrastructure Leader.

Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.

1 Doctor Fault Management 18 May 2015 Ryota Mibu, NEC.

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

The Crown and Suppliers: A New Way of Working People & Security15:35 – 16:20 Channels & Citizen Engagement Social Media ICT Capability Risk Management.

A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

Cern.ch/knowledgetransfer. Knowledge Transfer | Accelerating Innovation Charlyne Rabe CONTRACTS FOR TECHNOLOGY TRANSFER Charlyne RABE KT Legal Advisor.

Developing an FP6 Proposal and How We Can Help METU - Office of EU Affairs.

Sai-innovations.com. Why we care about IA Review of Information Management statistics published by Gartner shows  Information is doubling every 2 years.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

KMIP Cloud Use Case Kiran Thota – VMware Inc. Saikat Saha – Oracle Corp.

Project Presentation.

Open Source Grid Computing in the Finance Industry Alex Efimov STFC Kite Club Knowledge Exchange Advisor UK CERN Technology Transfer Officer

The Preparatory Phase Proposal a first draft to be discussed.

Project Presentation.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

RTD-B.4 - Regions of Knowledge and Research Potential Regional Dimension of the 7th Framework Programme Regions of Knowledge Objectives and Activities.

OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”

Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)

Technical Assistance Grants to Communities Pipeline Safety Trust Conference New Orleans November 20, 2008 Steve Fischer PHMSA/Office of Pipeline Safety.

DEP350 Windows ® Rights Management (Part 1): Introduction, Concepts, And Technology Marco DeMello Group Program Manager Windows Trusted Platforms & Infrastructure.

Advanced Next gEneration Mobile Open NEtwork Tridentcom th International Conference on Testbeds and Research Infrastructures for the Development.

SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.

The research leading to these results has received funding from the European Community's Seventh Framework Programme (FP7/ ) under grant agreement.

Applicazione del paradigma Diffserv per il controllo della QoS in reti IP: aspetti teorici e sperimentali Stefano Salsano Università di Roma “La Sapienza”

NETWORKED EUROPEAN SOFTWARE & SERVICES INITIATIVE Future research challenges in dependability - an industrial perspective from NESSI Aljosa Pasic Atos.

1 Strategic Plan for Digital Archives Programme DAP PROJECT SCOPE OVERVIEW STATUS.

Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.

Grant Agreement Documents (between Global Fund and Principal Recipient) Workshop for TB Experts Hosted by WHO Stop TB and the Global Fund December 2005.

This document produced by Members of the Helix Nebula Partners and Consortium is licensed under a Creative Commons Attribution 3.0 Unported License. Permissions.

Overview of Issues and Interests in Standards and Interoperability Mary Saunders Chief, Standards Services Division NIST.

Security Protection on Trust Delegated Medical Data in Public Mobile Networks Dasun Weerasinghe, Muttukrishnan Rajarajan and Veselin Rakocevic Mobile Networks.

Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.

NON-COMPULSORY BRIEFING SESSION REQUEST FOR INFORMATION: ICT SECURITY SOLUTIONS RAF /2015/00019 Date: 29 September 2015 Time: 10:00.

EOSDIS User Registration System (URS) 1 GES DISC User Working Group May 10, 2011 GSFC, NASA.

DRAFT EDMC Procedural Directives NOAA Environmental Data Management Committee 12/3/2015 1

Metadata for structural science Workshop on research metadata in context Nijmegen, 7–8 September 2010 Simon Lambert STFC e-Science UK.

A project implemented by the HTSPE consortium This project is funded by the European Union SECURITY AND CITIZENSHIP RIGHT AND CITIZENSHIP

1 reTHINK Deliverables, How To Read reThink deliverables quick starter.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011.

Secure Virtual Enclaves February 4, 2000 Deborah Shands, Richard Yee Jay Jacobs, E. John Sebes.

Jacques Bus Head of Unit, DG INFSO-F5 “Security” European Commission FP7 launch in the New Member States Regional on-line conference 22 January 2007 Objective.

DOE Data Management Plan Requirements

Privilege Management Chapter 22.

XACML Showcase RSA Conference What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n.

Better Data, Better Decisions, Better Government: Digital Accountability and Transparency Act (DATA Act) Implementation Update Christina Ho, Deputy Assistant.

Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,

1 Office of ASG/CITO Crisis Information Management Strategy UNGIWG-11, Geneva 15 March 2011 A written consent by the UN is required to use the information.

© The InfoCitizen Consortium Project Presentation Agent based negotiation for inter- and intra-enterprise coordination employing a European Information.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

CESSDA SaW Training on Trust, Identifying Demand & Networking

Geo Rights Management (GeoRM) Hats and Doors?

Blockchain technology at Change Healthcare

ITDG meeting of of October 2011

High Performance Computing Center – HLRS

Juan Gonzalez eGovernment & CIP operations

PLANNING A SECURE BASELINE INSTALLATION

Access Control What’s New?

Web Service Security support in the SSE Toolbox

Presentation transcript:

ICAT Developer Workshop : Consequence Shirley Crompton, ESC, STFC Daresbury Laboratory

1ICAT Developer Workshop 26 August 2009 Overview Consequence Project –What, who, objectives Sensitive Scientific Data Test Bed –Test Bed Scenario –Problem Definitions Consequence –General Architecture –DSA Components –Test Bed Components

2ICAT Developer Workshop 26 August 2009 FP7 ICT Programme –Call 1 project : secure, dependable and trusted infrastructures Start: 1 Jan 2008 Duration: 36 months Consequence – the Project Data-centric Information Protection

High Demand Test beds 3ICAT Developer Workshop 26 August 2009 Consequence – the Consortium Industrial Innovators Researchers

4ICAT Developer Workshop 26 August 2009 Consequence – Main Objectives Define an architecture within a framework –to enable dynamic management policies –based on data sharing agreements that –ensure end-to-end secure protection –of data-centric information. Implement the architecture in software. Evaluate the technical and business benefits of the implementation and framework via two test beds: –Sensitive scientific data (STFC) –Crisis management data (BAE)

Data Sharing Agreement Lifecycle 5ICAT Developer Workshop 26 August 2009

6 Main Scenario (STFC Test Bed) Researcher Research Manager 1. Discusses grant proposal with 2a. Negotiates between Funding Agency 3. Submits grant with signed agreement to 4. Awards grant to Admin STFC Experi- mental Facility 6. Experiments in 7. Serves data to 8. Exchanges data with 5. Triggers system config by 2b. Consults with Enforcement Phase Agreement Specification, Analysis And Mapping Phase

Smallest document is a single data file 7ICAT Developer Workshop 26 August 2009 ICAT Authorisation Model (RBAC Implemented in Oracle DB)

8ICAT Developer Workshop 26 August Key DS Policies in Research Domain 1.Context condition : ‘… 3-year embargo on experimental data generated at the facility by publicly-funded project …’ 2.Data Integrity + attribute-based desc : ‘ … cannot modify experimental data generated at the facility...’ 3.Consent : ‘ …refined data is limited at all time to users authorised by the data owner/admin’ 4.Derived data – ‘… foreground IP derived from the use of its proprietary data must not be disseminated without its official consent…’ 5.Usage Control – ‘… work using proprietary data must be carried out within the laboratory located in …during office hours’ 6.History + obligation – ‘… permits read access three time for a maximum period of 7 days, after which the doc will be deleted…’ 7.Purpose-awareness – ‘… proprietary data can only be used for the purpose of carrying out the project..’

Policy-based Access/Usage Control 9ICAT Developer Workshop 26 August 2009 Data Sharing Agreement/s Protected Document Is access allowed? Data Host Data Consumer Allow access only while user is in office. Usage Policy Policy Evaluator Consequence- Aware App

10ICAT Developer Workshop Consequence – General Architecture Overview Organization A Policy DSA Enforcement Organization B Policy DSA Enforcement Application Identity/ Context provider Identity/ Context provider

DSA Components (*DSA Policy Mapper) 11ICAT Developer Workshop 26 August 2009 Authoring Authoring Analysis Analysis DSA to Policy mapping Lifecycle manager Lifecycle manager Trust management Trust management DSA DSA to Policy Mapper DSA Policy P DSA The Projection Phase P DSA is equivalent to P 1 DSA º …º P n DSA P 1 DS A P 2 DS A P 3 DS A …………….. P n DS A The Refinement Phase through a refinement function r r(P 1 DSA )‏r(P 4 DSA )‏r(P 3 DSA )‏r(P n DSA )‏ Enforceable Policies

12ICAT Developer Workshop 26 August 2009 ICAT Server-side Components (Publishing) * not all ICAT components/interactions shown ICAT CSDM PEP PDP PIP MD Manager Service Context Delegate IRM Server AuthN DSA Service Consequence Existing New Data Store Pub Licence Data File/s PEP Creates protected doc Session DPO WS api

13ICAT Developer Workshop 26 August Client-side Components (Consuming) iCON PEP PDP Pub Licence Data File/s read/upd protected doc via PEP PIP Context Provider Delegate Light Weight Licensor IRM Server Local Env Provider Consequence Existing New Subj/Attr Provider MD Manager Service If IRM Server is unreachable DPO api Event Delegate Event Processor

14ICAT Developer Workshop 26 August 2009 Consequence Vision Managers draft and sign data-sharing agreements that contain policies which must be enforced when data is accessed and used

15ICAT Developer Workshop 26 August Questions?

ICAT Developer Workshop : Consequence Shirley Crompton, ESC, STFC Daresbury Laboratory