The GOLD Project http://gigamesh.ncl.ac.uk. Dr. Panos Periorellis School of Computing Science, University of Newcastle Upon Tyne North East E-Science Centre. Talk Structure. Gold Project Introduction Architecture Basic Elements Security Access control Coordination Regulation
Dr. Panos Periorellis
School of Computing Science,
University of Newcastle Upon Tyne
North East E-Science Centre
Policy Entry Interface
How can we ensure that policies expressed by various VO participants are free from conflicts ?
How can we ensure that the workflow will not throw any exceptions due to missing policies?
Workflow VDM Converter
XACML VDM Converter
A key problem in Virtual Organisations is the regulation of interactions between autonomous organisations who do not unguardedly trust each other. To address this problem we are investigating:
1. the use of executable contracts for the enforcement of business terms and conditions that govern an interaction
2. monitoring of service delivery with respect to Service Level Agreements
3. non-repudiable auditing for accountability and acknowledgement of actions in the context of an interaction
Formal Model of
Non-Repudiable service interactionsSecurity, Trust and Regulation in Virtual Organisations
Monitoring and analysing information flow within Virtual Organisations
A key problem in VOs is the
monitoring and analysis of the flow of
information around the VO as it
forms, operates, and dissolves.
With a formal model of a Virtual
Organisation, which includes the
information held by each company,
the security policies that are in force
at each site and the permitted
channels of communication
between the companies, we can
1. ask questions about the confidentiality or otherwise of items of information within the model. If a confidential item is released we can
2. generate the counter example scenario which led to this violation of policy, and
3. feed this back into the formal model.
This process will allow us to provide assurance to a user that the security policies in place are
adequate to meet the goals of the individual organisations.
Fair, validated, non-repudiable message delivery with Web services
The following shows our flexible framework to support fair non-repudiable interactions supported by a trusted delivery. The implementation is based on Web service standards. Message validation supports up-calls for contract monitoring and enforcement.
In GOLD we are using ws-* standard technologies to implement authentication and authorisation. XACML and SAML are used to enable us to provide a standard way of communicating security and trust related policies as well as creating and consuming security assertions.
GOLD provide the related services that allows a party to make a request for a particular resource. If request is granted the party will be directed across the organizational boundary of that resource using SAML assertions. Assertion consumers within the organizational boundary will make the final decision upon receipt of the SAML assertion