Presentation is loading. Please wait.

Presentation is loading. Please wait.

CoLaB 22nd December 2005 Secure Access to Service-based Collaborative Workflow for DAME Duncan Russell Informatics Institute University of Leeds, UK.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "CoLaB 22nd December 2005 Secure Access to Service-based Collaborative Workflow for DAME Duncan Russell Informatics Institute University of Leeds, UK."— Presentation transcript:

1 CoLaB 22nd December 2005 Secure Access to Service-based Collaborative Workflow for DAME Duncan Russell Informatics Institute University of Leeds, UK

2 DAME (Distributed Aircraft Maintenance Environment) EPSRC Funded, 3 years. Ended Dec 2004 4 Universities: – University of Leeds - School of Computing and School of Mechanical Engineering – University of Oxford - Dept of Engineering Science – University of Sheffield - Dept of Automatic Control and Systems Engineering – University of York - Dept of Computer Science Industrial Partners: – Rolls-Royce – Data Systems and Solutions

3 Secure Access to Service-based Collaborative Workflow for DAME Access control within a Service Architecture Users collaborating in workflows Across multiple organisations Dynamic policy to define access to workflow and services Illustrated using a Case Study

4 Outline Workflow background Workflow-team Policy DAME Case Study DAME Portal Summary

5 Business Requirements to Workflow Definition Business requirements creates: – Workflow definition – Workflow based access policy Collaborating users are defined as roles

6 (1) Thomas, R. K. (1997) Team-based access control (TMAC): a primitive for applying role- based access controls in collaborative environments. In: Proc. 2nd ACM workshop on Role- based access control, 1997. pp.13-19 Collaborative Workflow and Access Control Workflow and Policy definitions used in the instances User take on roles within the workflow A Workflow-team policy records users in roles 1

7 (2) Liu, P. and Chen, Z. (2004) An Access Control Model for Web Services in Business Process. In: IEEE/WIC/ACM Int. Conf. on Web Intelligence, 2004. pp. 292-298 Collaborative Access to Service Instances Workflows create and invoke service instances Each workflow instance controls access to service instances with its own policy instance 2 The Workflow-team includes service instances and user permissions

8 Access Control to Collaborative Workflow The workflow creates the context Users involved in the workflow are: – Not known before creation – Change during execution Service instances created during the process – May be shared between users – Become temporary assets during the workflow lifetime Role-based access control (RBAC) simplifies administration – Policy can be generalised by role An active workflow creates a context that requires fine grained access control

9 Workflow Definition

10 Workflow-team Policy Architecture

11 Secure Workflow-team Static Workflow & Service Policies – Restrictions to actions on Workflow & Services By Subject Attribute (role, organisation) Dynamic Workflow-team Policy – Defines team members – As users with role permissions – Access permission to service instance – Temporary policy for active workflow (instance)

12 DAME System Aircraft Engine Diagnostics – Expert system & decision support – Predictive maintenance scheduling Distributed Resources – Data sources e.g. aircraft engines – Signal & Case data processing services Distributed Users – Maintenance staff at airport (for Airline) – Engine experts at Rolls Royce and DS&S On-demand Requirements – Diagnostics response within turn-around time Virtual Organisation (VO)

13 DAME Virtual Organisation

14 DAME Diagnosis Workflow

15 DAME Architecture Team templates Team instances Controlled access to workflow instances Presentation Tier Business Tier Service Tier Browser Portal Role database Case database Workflow Manager Workflow Credential Feature Visualization Feature Detection CBR Workflow Advisor Engine Data Store Broker White Rose Grid Pattern Matching Resource Tier Engine Model

16 DAME Portal

17 DAME Portal Tools

18 (3) Mendling, J., et al.(2004) An Approach to Extract RBAC Models from BPEL4WS Processes. In: Proc. of the 13th IEEE Int. WET ICE 2004 Future Workflow-team Architecture Investigate issues with standardization – WS-BPEL, SAML, XACML 3 – Automating the definition of access policies from business requirements Compare with recent developments – CAS, VOMS, Shibboleth, PERMIS Applications in BROADEN – (Business Resource Optimisation for After-market and design On Engineering Networks) – Follow-on project – Industrial implementation of DAME

19 Questions? Secure Access to Service-based Collaborative Workflow for DAME Duncan Russell duncanr@comp.leeds.ac.uk This research is funded by the Engineering and Physical Science Research Council (EPSRC), e–Science Programme, Contract No. GR/R67668/01

Download ppt "CoLaB 22nd December 2005 Secure Access to Service-based Collaborative Workflow for DAME Duncan Russell Informatics Institute University of Leeds, UK."

Similar presentations

Supporting further and higher education 19th APAN Meetings in Bangkok Innovative Uses of Pervasive Broadband Network Is adoption of technology running.

Supporting further and higher education 19th APAN Meetings in Bangkok Innovative Uses of Pervasive Broadband Network Is adoption of technology running.
Grids for Complex Problem Solving, 29 January 2003 Grid based collaborative working in large distributed organisations

Grids for Complex Problem Solving, 29 January 2003 Grid based collaborative working in large distributed organisations
Pattern Matching against Distributed Datasets within DAME Andy Pasley University of York.

Pattern Matching against Distributed Datasets within DAME Andy Pasley University of York.
Rolls-Royce supported University Technology Centre in Control and Systems Engineering UK e-Science DAME Project Alex Shenfield

Rolls-Royce supported University Technology Centre in Control and Systems Engineering UK e-Science DAME Project Alex Shenfield
VO Support and directions in OMII-UK Steven Newhouse, Director.

VO Support and directions in OMII-UK Steven Newhouse, Director.
Joint Information Systems Committee 25/08/2014 | slide 1 JISC Core Middleware Programme Meeting Middleware in Development Joint Information Systems CommitteeSupporting.

Joint Information Systems Committee 25/08/2014 | slide 1 JISC Core Middleware Programme Meeting Middleware in Development Joint Information Systems CommitteeSupporting.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Decision Support Tools CBR & Modeling Jeff Allan University of Sheffield.

Decision Support Tools CBR & Modeling Jeff Allan University of Sheffield.
Jim Austin, University of York Grid-based on-line aeroengine diagnostics.

Jim Austin, University of York Grid-based on-line aeroengine diagnostics.
Towards the Design and Implementation of the DAME prototype: OGSA Compliant Grid Services on the White Rose Grid Sarfraz A Nadeem University of Leeds.

Towards the Design and Implementation of the DAME prototype: OGSA Compliant Grid Services on the White Rose Grid Sarfraz A Nadeem University of Leeds.
Grid Enabled Pattern Matching within the DAME e-Science Pilot Project Jim Austin Computer Science University of York.

Grid Enabled Pattern Matching within the DAME e-Science Pilot Project Jim Austin Computer Science University of York.
UK e-Science and the White Rose Grid Paul Townend Distributed Systems and Services Group Informatics Research Institute University of Leeds.

UK e-Science and the White Rose Grid Paul Townend Distributed Systems and Services Group Informatics Research Institute University of Leeds.
DAME Collaborative Workflow & Access Control Duncan Russell University of Leeds.

DAME Collaborative Workflow & Access Control Duncan Russell University of Leeds.
“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.

“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.
DAME, EuroGrid WP3 and GEODISE Esa Nuutinen. Introduction Dame, EuroGrid WP3 and GEODISE All are Grid based tools for Engineers. Many times engineers.

DAME, EuroGrid WP3 and GEODISE Esa Nuutinen. Introduction Dame, EuroGrid WP3 and GEODISE All are Grid based tools for Engineers. Many times engineers.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.

11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
DAME: A Distributed Diagnostics Environment for Maintenance Professor Jim Austin/Dr Tom Jackson University of York.

DAME: A Distributed Diagnostics Environment for Maintenance Professor Jim Austin/Dr Tom Jackson University of York.
A PERMIS-based Authorization Solution between Portlets and Back-end Web Services Hao Yin 1, Sofia Brenes-Barahona 2, Donald F. McMullen * 2, Marlon Pierce.

A PERMIS-based Authorization Solution between Portlets and Back-end Web Services Hao Yin 1, Sofia Brenes-Barahona 2, Donald F. McMullen * 2, Marlon Pierce.
CS5547 1 e-Science & Grid Computing - introduction - What is e-Science? What is the Grid? Grid middleware.

CS e-Science & Grid Computing - introduction - What is e-Science? What is the Grid? Grid middleware.

Similar presentations

Ads by Google