1 / 17

ICAT Developer Workshop : Consequence

ICAT Developer Workshop : Consequence. Shirley Crompton, ESC, STFC Daresbury Laboratory. Overview. Consequence Project What, who, objectives Sensitive Scientific Data Test Bed Test Bed Scenario Problem Definitions Consequence General Architecture DSA Components Test Bed Components.

liang
Download Presentation

ICAT Developer Workshop : Consequence

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ICAT Developer Workshop : Consequence Shirley Crompton, ESC, STFC Daresbury Laboratory

  2. Overview • Consequence Project • What, who, objectives • Sensitive Scientific Data Test Bed • Test Bed Scenario • Problem Definitions • Consequence • General Architecture • DSA Components • Test Bed Components ICAT Developer Workshop 26 August 2009

  3. Consequence – the ProjectData-centric Information Protection • FP7 ICT Programme • Call 1 project : secure, dependable and trusted infrastructures • Start: 1 Jan 2008 • Duration: 36 months ICAT Developer Workshop 26 August 2009

  4. Consequence – the Consortium Researchers Industrial Innovators High Demand Test beds ICAT Developer Workshop 26 August 2009

  5. Consequence – Main Objectives • Define an architecture within aframework • to enable dynamic management policies • based on data sharing agreements that • ensure end-to-end secure protection • of data-centric information. • Implementthe architecture in software. • Evaluate the technicaland business benefits of the implementation and framework via two test beds: • Sensitive scientific data (STFC) • Crisis management data (BAE) ICAT Developer Workshop 26 August 2009

  6. Data Sharing Agreement Lifecycle ICAT Developer Workshop 26 August 2009

  7. Funding Agency Research Manager Admin Researcher STFC Experi- mental Facility Main Scenario (STFC Test Bed) 2a. Negotiates between Agreement Specification, Analysis And Mapping Phase 3. Submits grant with signed agreement to Enforcement Phase 1. Discusses grant proposal with 2b. Consults with 4. Awards grant to 6. Experiments in 5. Triggers system config by 7. Serves data to 8. Exchanges data with

  8. ICAT Authorisation Model (RBAC Implemented in Oracle DB) Smallest document is a single data file ICAT Developer Workshop 26 August 2009

  9. Key DS Policies in Research Domain • Context condition: ‘… 3-year embargo on experimental data generated at the facility by publicly-funded project …’ • Data Integrity + attribute-based desc : ‘ … cannot modify experimental data generated at the facility ...’ • Consent : ‘ …refined data is limited at all time to users authorised by the data owner/admin’ • Derived data – ‘… foreground IP derived from the use of its proprietary data must not be disseminated without its official consent…’ • Usage Control – ‘… work using proprietary data must be carried out within the laboratory located in …during office hours’ • History + obligation – ‘… permits read access three time for a maximum period of 7 days, after which the doc will be deleted…’ • Purpose-awareness – ‘… proprietary data can only be used for thepurposeof carrying out the project ..’ 8 ICAT Developer Workshop 26 August 2009

  10. Policy-based Access/Usage Control Data Sharing Agreement/s Data Consumer Data Host Protected Document Consequence- Aware App Is access allowed? Allow access only while user is in office. Usage Policy Policy Evaluator ICAT Developer Workshop 26 August 2009

  11. Consequence – General Architecture Overview Organization A Organization B DSA DSA Enforcement Policy Policy Enforcement Application Application Identity/ Context provider ICAT Developer Workshop

  12. DSA Components(*DSA Policy Mapper) DSA Policy PDSA Authoring DSA Trust management Analysis Lifecycle manager DSA to Policy mapping DSA to Policy Mapper The Projection Phase PDSAis equivalent to P1DSA º …º PnDSA P2DSA P3DSA PnDSA P1DSA …………….. The Refinement Phase through a refinement function r Enforceable Policies r(P1DSA)‏ r(P4DSA)‏ r(P3DSA)‏ r(PnDSA)‏ ICAT Developer Workshop 26 August 2009

  13. Pub Licence Data File/s Consequence Existing New ICAT Server-side Components (Publishing)*not all ICAT components/interactions shown Session CSDM Data Store DSA Service DPO WS api ICAT IRM Server PEP PDP PEP Creates protected doc MD Manager Service PIP Context Delegate AuthN ICAT Developer Workshop 26 August 2009

  14. Client-side Components (Consuming) Pub Licence Data File/s Consequence Existing New If IRM Server is unreachable Light Weight Licensor DPO api iCON IRM Server PEP read/upd protected doc via PEP PDP MD Manager Service Context Provider Delegate PIP Local Env Provider Event Delegate Subj/Attr Provider Event Processor 13 ICAT Developer Workshop 26 August 2009

  15. Consequence Vision Managers draft and sign data-sharing agreements that contain policies which must be enforced when data is accessed and used ICAT Developer Workshop 26 August 2009

  16. Questions? 15 ICAT Developer Workshop 26 August 2009

  17. ICAT Developer Workshop : Consequence Shirley Crompton, ESC, STFC Daresbury Laboratory

More Related