View
214
Download
0
Category
Tags:
Preview:
Citation preview
Malik Muhamamd JunaidMaximilian Berger
Thomas Fahringer
Distributed and parallel Systems GroupUniversity of Innsbruck
Austria
Oct, 13, 2009. Krakow, PL.
OutlineMotivation Workflow Hosting EnvironmentSecure Workflow Repository (SWFR)ArchitectureComponentsSecurity and ReliabilityAdvancementConclusion
IntroductionWorkflows are vital to Grid based
applications.Increasing complexity of these applications is
making the workflow design difficult,Leading to a need for:
Workflow Sharing and ReuseWorkflow securityWorkflow Version Management Workflow Modification History
ASKALON Workflow Storage
Workflow Represented using AGWL based on XML
Workflow storage is based on Filesystem Open access to all users Manual version history No Workflow Modification History No ownership record for workflows
Secure Workflow Repository(SWFR)SWFR is designed and implemented to
address these issues:Features:
Decentralized Service oriented implementationSecure Client Service communication for
workflow transactionsExtended Role Based Access ControlAutomated Version ControlComprehensive wokflow update historyComplete Ownership information
Workflow Design Tool (client)
Workflow Repository (Service)
Architecture of the SWFR
Eve
nt H
an
dle
r
Design Tool
Rep
osito
ry Req
uests
(Eve
nts)
Authenticati
on & Authorizatio
n Module
Version Management
Module
Storage, Retrieval& Session
Management
Work
flow
R
ep
osito
ry
Session Manager
Permissions
Security using Extended-RBACRole based Access Control (RBAC)
Operation
s
objects
Roles
Users
Role Hierarchy
Role Hierarchy
PermissionAssignmentPermissionAssignment
User Assignment
User Assignment
Rights Delegation
Rights Delegation
Extended Role based Access Control (E-RBAC) for Grid Workflows
Security using Extended-RBAC
Req
uest H
an
dle
r
Repository Access
Authorization (E-RBAC)
Authentication (RBAC)
Session Authentication
Decryption1
3
2
4
5
Layered Security Architecture: Request Handle performs Decryption
of the incoming request based on the session information
User Authentication based on Session and credential information
Authorization check based on Roles and Exceptional rights
Information Retrieval from the Repository
Encryption using session information
Schema Diagram for the SWFR
has change
changechg_typ
echg_id
1 *has revision
rev_nr time_strev_Id
*
owner
workflow
name xmlidstate
1
*
has
Wf_info
Time_stcountfull_re
vwf_inf_i
d
has1*
1
*
User
u_id emailu_nam
ename cred
1 *
u_perm
rights
*
is_in**
Group
gidGp_nam
e
gp_perm
rights
*
*
Automatic Version ManagementVersion Management Module:
Keeps track of the Existing Workflows in the Repository
Applies Version Increment to the Updated workflows
Automatic Minor updates for the workflow modifications
User directed explicit major version updates
ConclusionSWFR Provides a better solution for workflow
managementIt can be easily integrated into larger systems.Secure communication makes it safe for SOADecentralized database makes it fast and efficientLayered Extended Role based access provides
multi level of security.Fine grained access control is possible because of
exceptional rights delegationAutomatic version management helps in tracking
changes and finding updated version easily.
Recommended