Download presentation
Presentation is loading. Please wait.
Published byJaren Billet Modified over 9 years ago
1
www.consequence-project.eu ICAT Developer Workshop : Consequence Shirley Crompton, ESC, STFC Daresbury Laboratory
2
www.consequence-project.eu 1ICAT Developer Workshop 26 August 2009 Overview Consequence Project –What, who, objectives Sensitive Scientific Data Test Bed –Test Bed Scenario –Problem Definitions Consequence –General Architecture –DSA Components –Test Bed Components
3
www.consequence-project.eu 2ICAT Developer Workshop 26 August 2009 FP7 ICT Programme –Call 1 project : secure, dependable and trusted infrastructures Start: 1 Jan 2008 Duration: 36 months Consequence – the Project Data-centric Information Protection
4
www.consequence-project.eu High Demand Test beds 3ICAT Developer Workshop 26 August 2009 Consequence – the Consortium Industrial Innovators Researchers
5
www.consequence-project.eu 4ICAT Developer Workshop 26 August 2009 Consequence – Main Objectives Define an architecture within a framework –to enable dynamic management policies –based on data sharing agreements that –ensure end-to-end secure protection –of data-centric information. Implement the architecture in software. Evaluate the technical and business benefits of the implementation and framework via two test beds: –Sensitive scientific data (STFC) –Crisis management data (BAE)
6
www.consequence-project.eu Data Sharing Agreement Lifecycle 5ICAT Developer Workshop 26 August 2009
7
www.consequence-project.eu 6 Main Scenario (STFC Test Bed) Researcher Research Manager 1. Discusses grant proposal with 2a. Negotiates between Funding Agency 3. Submits grant with signed agreement to 4. Awards grant to Admin STFC Experi- mental Facility 6. Experiments in 7. Serves data to 8. Exchanges data with 5. Triggers system config by 2b. Consults with Enforcement Phase Agreement Specification, Analysis And Mapping Phase
8
www.consequence-project.eu Smallest document is a single data file 7ICAT Developer Workshop 26 August 2009 ICAT Authorisation Model (RBAC Implemented in Oracle DB)
9
www.consequence-project.eu 8ICAT Developer Workshop 26 August 20098 Key DS Policies in Research Domain 1.Context condition : ‘… 3-year embargo on experimental data generated at the facility by publicly-funded project …’ 2.Data Integrity + attribute-based desc : ‘ … cannot modify experimental data generated at the facility...’ 3.Consent : ‘ …refined data is limited at all time to users authorised by the data owner/admin’ 4.Derived data – ‘… foreground IP derived from the use of its proprietary data must not be disseminated without its official consent…’ 5.Usage Control – ‘… work using proprietary data must be carried out within the laboratory located in …during office hours’ 6.History + obligation – ‘… permits read access three time for a maximum period of 7 days, after which the doc will be deleted…’ 7.Purpose-awareness – ‘… proprietary data can only be used for the purpose of carrying out the project..’
10
www.consequence-project.eu Policy-based Access/Usage Control 9ICAT Developer Workshop 26 August 2009 Data Sharing Agreement/s Protected Document Is access allowed? Data Host Data Consumer Allow access only while user is in office. Usage Policy Policy Evaluator Consequence- Aware App
11
www.consequence-project.eu 10ICAT Developer Workshop Consequence – General Architecture Overview Organization A Policy DSA Enforcement Organization B Policy DSA Enforcement Application Identity/ Context provider Identity/ Context provider
12
www.consequence-project.eu DSA Components (*DSA Policy Mapper) 11ICAT Developer Workshop 26 August 2009 Authoring Authoring Analysis Analysis DSA to Policy mapping Lifecycle manager Lifecycle manager Trust management Trust management DSA DSA to Policy Mapper DSA Policy P DSA The Projection Phase P DSA is equivalent to P 1 DSA º …º P n DSA P 1 DS A P 2 DS A P 3 DS A …………….. P n DS A The Refinement Phase through a refinement function r r(P 1 DSA )r(P 4 DSA )r(P 3 DSA )r(P n DSA ) Enforceable Policies
13
www.consequence-project.eu 12ICAT Developer Workshop 26 August 2009 ICAT Server-side Components (Publishing) * not all ICAT components/interactions shown ICAT CSDM PEP PDP PIP MD Manager Service Context Delegate IRM Server AuthN DSA Service Consequence Existing New Data Store Pub Licence Data File/s PEP Creates protected doc Session DPO WS api
14
www.consequence-project.eu 13ICAT Developer Workshop 26 August 200913 Client-side Components (Consuming) iCON PEP PDP Pub Licence Data File/s read/upd protected doc via PEP PIP Context Provider Delegate Light Weight Licensor IRM Server Local Env Provider Consequence Existing New Subj/Attr Provider MD Manager Service If IRM Server is unreachable DPO api Event Delegate Event Processor
15
www.consequence-project.eu 14ICAT Developer Workshop 26 August 2009 Consequence Vision Managers draft and sign data-sharing agreements that contain policies which must be enforced when data is accessed and used
16
www.consequence-project.eu 15ICAT Developer Workshop 26 August 200915 Questions?
17
www.consequence-project.eu ICAT Developer Workshop : Consequence Shirley Crompton, ESC, STFC Daresbury Laboratory
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.