1 / 19

Secure Access to Service-based Collaborative Workflow for DAME

Secure Access to Service-based Collaborative Workflow for DAME. Duncan Russell Informatics Institute University of Leeds, UK. DAME (Distributed Aircraft Maintenance Environment). EPSRC Funded, 3 years. Ended Dec 2004 4 Universities:

mari
Download Presentation

Secure Access to Service-based Collaborative Workflow for DAME

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Access to Service-based Collaborative Workflow for DAME Duncan Russell Informatics Institute University of Leeds, UK CoLaB 22nd December 2005

  2. DAME (Distributed Aircraft Maintenance Environment) • EPSRC Funded, 3 years. Ended Dec 2004 • 4 Universities: • University of Leeds - School of Computing and School of Mechanical Engineering • University of Oxford - Dept of Engineering Science • University of Sheffield - Dept of Automatic Control and Systems Engineering • University of York - Dept of Computer Science • Industrial Partners: • Rolls-Royce • Data Systems and Solutions

  3. Secure Access to Service-based Collaborative Workflow for DAME • Access control within a Service Architecture • Users collaborating in workflows • Across multiple organisations • Dynamic policy to define access to workflow and services • Illustrated using a Case Study

  4. Outline • Workflow background • Workflow-team Policy • DAME Case Study • DAME Portal • Summary

  5. Business Requirements to Workflow Definition • Business requirements creates: • Workflow definition • Workflow based access policy • Collaborating users are defined as roles

  6. Collaborative Workflow and Access Control • Workflow and Policy definitions used in the instances • User take on roles within the workflow • A Workflow-team policy records users in roles1 (1) Thomas, R. K. (1997) Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments. In: Proc. 2nd ACM workshop on Role-based access control, 1997. pp.13-19

  7. Collaborative Access to Service Instances • Workflows create and invoke service instances • Each workflow instance controls access to service instances with its own policy instance2 • The Workflow-team includes service instances and user permissions (2) Liu, P. and Chen, Z. (2004) An Access Control Model for Web Services in Business Process. In: IEEE/WIC/ACM Int. Conf. on Web Intelligence, 2004. pp. 292-298

  8. Access Control to Collaborative Workflow • The workflow creates the context • Users involved in the workflow are: • Not known before creation • Change during execution • Service instances created during the process • May be shared between users • Become temporary assets during the workflow lifetime • Role-based access control (RBAC) simplifies administration • Policy can be generalised by role • An active workflow creates a context that requires fine grained access control

  9. Workflow Definition

  10. Workflow-team Policy Architecture

  11. Secure Workflow-team • Static Workflow & Service Policies • Restrictions to actions on Workflow & Services • By Subject Attribute (role, organisation) • Dynamic Workflow-team Policy • Defines team members • As users with role permissions • Access permission to service instance • Temporary policy for active workflow (instance)

  12. DAME System • Aircraft Engine Diagnostics • Expert system & decision support • Predictive maintenance scheduling • Distributed Resources • Data sources e.g. aircraft engines • Signal & Case data processing services • Distributed Users • Maintenance staff at airport (for Airline) • Engine experts at Rolls Royce and DS&S • On-demand Requirements • Diagnostics response within turn-around time • Virtual Organisation (VO)

  13. DAME Virtual Organisation

  14. DAME Diagnosis Workflow

  15. DAME Architecture Controlled access to workflow instances Team instances Browser Presentation Tier Role database Case database Portal Team templates Business Tier Workflow Credential Workflow Manager Service Tier Pattern Matching Engine Data Store Workflow Advisor Feature Detection Feature Visualization Engine Model CBR Resource Tier Broker White Rose Grid

  16. DAME Portal

  17. DAME Portal Tools

  18. Future Workflow-team Architecture • Investigate issues with standardization • WS-BPEL, SAML, XACML3 • Automating the definition of access policies from business requirements • Compare with recent developments • CAS, VOMS, Shibboleth, PERMIS • Applications in BROADEN • (Business Resource Optimisation for After-market and design On Engineering Networks) • Follow-on project • Industrial implementation of DAME (3) Mendling, J., et al.(2004) An Approach to Extract RBAC Models from BPEL4WS Processes. In: Proc. of the 13th IEEE Int. WET ICE 2004

  19. Questions? Secure Access to Service-based Collaborative Workflow for DAME Duncan Russell duncanr@comp.leeds.ac.uk This research is funded by the Engineering and Physical Science Research Council (EPSRC), e–Science Programme, Contract No. GR/R67668/01

More Related