Job-centric security model for open collaborative environment

摘要

This paper describes the design and development of a flexible, customer driven, security infrastructure for open collaborative environments. The experiences were gained within the framework of the collaboratory.nl project. The work is based on extended use of emerging Web services and grid security technologies, combined with concepts from the generic authentication authorization and accounting (AAA) authorisation framework. Basic CNL use cases and functional security requirements are analysed to provide motivation for the proposed job-centric security model. This model describes access control and user- and resource management. The proposed job-centric approach uses a job description as a semantic document that is created on the basis of the signed order (or business agreement). It contains all the information required to run the experiment and also to create/manage the virtual job-based associations of users and resources. The proposed trust relations analysis explains the use of trust anchors in the job-centric security model. In addition, the paper provides implementation details of using XACML and SAML for authorisation assertions and messaging, based on the current CNL implementation.