DAME Collaborative Workflow & Access Control Duncan Russell University of Leeds

Distributed Aircraft Maintenance Environment - DAME Collaborative Workflow Business process –Involving different people/resources –Across different organisations Task based problem solving –Collaboration of Skills Expertise

Distributed Aircraft Maintenance Environment - DAME DAME Example Business process for diagnosing vibration data across three roles: –Maintenance Engineer –Maintenance Analyst –Domain Expert

Distributed Aircraft Maintenance Environment - DAME DAME Virtual Organisation

Distributed Aircraft Maintenance Environment - DAME DAME Access Control Restrict access to sensitive services and data Provide accountability for actions and visibility of permissions Must scale to multiples of: –Users/VOs –Portals –Workflows and Services Decouple decision and enforcement Existing solutions too static (CAS, VOMS, PERMIS, Akenti)

Distributed Aircraft Maintenance Environment - DAME Cardea Access Control Lepro, R, 2003, Cardea: Dynamic Access Control in Distributed Systems, NAS Technical Report NAS , NASA Advanced Supercomputing (NAS) Division

Distributed Aircraft Maintenance Environment - DAME DAME Access Control

Distributed Aircraft Maintenance Environment - DAME DAME Access Control Integrate access control into application interface Define who can control VO membership Self modifying service to update VO membership policies Workflow engine pass VO to service factories All VO service instances use VO policy

Distributed Aircraft Maintenance Environment - DAME Access Control Building Blocks SAML –Authorisation assertions XACML –Policy descriptions WS-Secure Conversation –From GSI Secure Conversation –Includes WS-Security – message token XML-Signature – message integrity XML-Encryption – message privacy

Distributed Aircraft Maintenance Environment - DAME Integration Into DAME Workflow manager –Control of VO membership Application interface Security/access control handlers in grid container Link to audit trail and Provenance System

Any Questions? DAME Collaborative Workflow & Access Control Duncan Russell University of Leeds