Access Control for Dynamic Virtual Organisations

1
Access Control for Dynamic Virtual Organisations

• Duncan Russell,
• Peter Dew
• Karim Djemame
• University of Leeds

2
Access Control for Dynamic Virtual Organisations

• DAME Context
• DAME Virtual Organisation
• Demonstration Portal Workflow Management
• Virtual Organisation Issues

3
DAME (Distributed Aircraft Maintenance
Environment)

• EPSRC Funded, 3 years. Ends Dec 2004
• 4 Universities
• University of Leeds - School of Computing and
  School of Mechanical Engineering
• University of Oxford - Dept of Engineering
  Science
• University of Sheffield - Dept of Automatic
  Control and Systems Engineering
• University of York - Dept of Computer Science
• Industrial Partners
• Rolls-Royce
• Data Systems and Solutions

4
DAME System

• Aircraft Engine Diagnostics
• Expert system decision support
• Predictive maintenance scheduling
• Distributed Resources
• Data sources e.g. aircraft engines
• Signal Case data processing services
• Distributed Users
• Maintenance staff at airport (for Airline)
• Engine experts at Rolls Royce and DSS
• On-demand Requirements
• Diagnostics response within turn-around time

5
DAMEExample

• Business process for diagnosing engine data
• Three roles
• Maintenance Engineer
• Maintenance Analyst
• Domain Expert
• Forms problem solving team

6
DAME Virtual Organisation
7
DAME Virtual Organisation
8
DAME VO Properties

• Role based
• Task oriented
• Linked by diagnosis problem to solve
• Evolves over time
• Dynamic membership
• Multiples of role instances
• High availability of services
• Dynamic selection of compute resource
• Access to restricted services data

9
DAME Architecture
Controlled access to workflow instances
VO Instances
Browser
Presentation Tier
Role database
Case database
Portal
VO Templates
Business Tier
Workflow Manager
Workflow Credential
Service Tier
Feature Visualization
Feature Detection
Workflow Advisor
Engine Data Store
Pattern Matching
Engine Model
CBR
Resource Tier
Broker
White Rose Grid
Jump
10
DAME Portal
11
DAME Portal Tools
12
DAME VO Issues

• Multiple portals, i.e. one per company
• Multiple workflow engines
• Multiple organisations defining rights for their
• Users by role
• Workflow (task) by role
• Services by role privileges
• Data by ownership
• Resources by usage
• Service logging

13
DAME VO Requirements

• Definition of flexible VO template policy
• Administration rights to policy
• Implement flexible policy control mechanisms
• VO members permitted to modify VO policy
• Services read/modify VO policy by proxy
• Distribute VO access control to services and
  resources

Back to Architecture
14
DAME Access Control Issues

• Service interface implementation
• Control of service access (using VO policy)
• Modifying VO policy (using VO policy)
• Implementation issues
• Define template policy and translate to dynamic
  policy
• Single entity or separate policy components
• Synchronising simultaneous policy changes
• Current implementation
• VO templates describe static teams
• Access control in presentation and business tiers
  only
• Single grid certificate in DAME collaborative
  workflows

15
Questions?

• Access Control for Dynamic Virtual Organisations
• Duncan Russell, Peter Dew Karim Djemame
• University of Leeds
• duncanr_at_comp.leeds.ac.uk

This research is funded by the Engineering and
Physical Science Research Council, eScience
Programme, Contract No. GR/R67668/01