access control for dynamic virtual organisations duncan russell, peter dew & karim djemame...
DESCRIPTION
DAME (Distributed Aircraft Maintenance Environment) EPSRC Funded, 3 years. Ends Dec Universities: – University of Leeds - School of Computing and School of Mechanical Engineering – University of Oxford - Dept of Engineering Science – University of Sheffield - Dept of Automatic Control and Systems Engineering – University of York - Dept of Computer Science Industrial Partners: – Rolls-Royce – Data Systems and SolutionsTRANSCRIPT
![Page 1: Access Control for Dynamic Virtual Organisations Duncan Russell, Peter Dew & Karim Djemame University of Leeds](https://reader036.vdocuments.site/reader036/viewer/2022070605/5a4d1af07f8b9ab05997d8e0/html5/thumbnails/1.jpg)
Access Control for Dynamic Virtual Organisations
Duncan Russell,Peter Dew &Karim Djemame
University of Leeds
![Page 2: Access Control for Dynamic Virtual Organisations Duncan Russell, Peter Dew & Karim Djemame University of Leeds](https://reader036.vdocuments.site/reader036/viewer/2022070605/5a4d1af07f8b9ab05997d8e0/html5/thumbnails/2.jpg)
Access Control for Dynamic Virtual Organisations DAME Context DAME Virtual Organisation Demonstration Portal & Workflow
Management Virtual Organisation Issues
![Page 3: Access Control for Dynamic Virtual Organisations Duncan Russell, Peter Dew & Karim Djemame University of Leeds](https://reader036.vdocuments.site/reader036/viewer/2022070605/5a4d1af07f8b9ab05997d8e0/html5/thumbnails/3.jpg)
DAME (Distributed Aircraft Maintenance Environment) EPSRC Funded, 3 years. Ends Dec 2004 4 Universities:
– University of Leeds - School of Computing and School of Mechanical Engineering
– University of Oxford - Dept of Engineering Science– University of Sheffield - Dept of Automatic Control
and Systems Engineering– University of York - Dept of Computer Science
Industrial Partners:– Rolls-Royce– Data Systems and Solutions
![Page 4: Access Control for Dynamic Virtual Organisations Duncan Russell, Peter Dew & Karim Djemame University of Leeds](https://reader036.vdocuments.site/reader036/viewer/2022070605/5a4d1af07f8b9ab05997d8e0/html5/thumbnails/4.jpg)
DAME System Aircraft Engine Diagnostics
– Expert system & decision support– Predictive maintenance scheduling
Distributed Resources– Data sources e.g. aircraft engines– Signal & Case data processing services
Distributed Users– Maintenance staff at airport (for Airline)– Engine experts at Rolls Royce and DS&S
On-demand Requirements– Diagnostics response within turn-around time
![Page 5: Access Control for Dynamic Virtual Organisations Duncan Russell, Peter Dew & Karim Djemame University of Leeds](https://reader036.vdocuments.site/reader036/viewer/2022070605/5a4d1af07f8b9ab05997d8e0/html5/thumbnails/5.jpg)
Maintenance Engineer Aircraft Lands
Vis ual Inspection
Provide Inform ation
Quote Diagnos is
Brief Diagnos is / Prognos is
Check Diagnoses
Maintenance Procedure
Diagnos is Res ult
Release Engine
complete
Maintenance Res ult
Maintenance Analys t (Fleet Manager)
Detailed Diagnosis / Prognos is
Provide Further Details
Request Inform ation
Sign-off Diagnos is
Analys t Decision
[ information required ]
[ diagnos is ]
DAME signal proce ssing workflows using Grid Services
Domain Expert
Detailed Analys is
[ unknown ]
Request Further Details
Expert Decis ion
[ known ][ Clear ]
[ unknown ]
[ information required ]
[ diagnosis ]
[ fault unres olved ]
[ fault resolved ]
Rolls RoyceDS&SAirport
DAMEExample Business process
for diagnosing engine data
Three roles:– Maintenance
Engineer– Maintenance
Analyst– Domain Expert
Forms problem solving team
![Page 6: Access Control for Dynamic Virtual Organisations Duncan Russell, Peter Dew & Karim Djemame University of Leeds](https://reader036.vdocuments.site/reader036/viewer/2022070605/5a4d1af07f8b9ab05997d8e0/html5/thumbnails/6.jpg)
DAME Virtual Organisation<<organization unit>>
Engine ManufacturerFleet Maintenance Management
Maintenance Engineer
Domain Expert
11..n 11..n
employs
Maintenance Analyst
1 1..n1 1..n
employs
Engine Lessee
1
1..n
1
1..n
employs
Workflow Service
0..n
0..n
0..n
0..n
get diagnosis
0..n
0..n
0..n
0..n
diagnosis
0..n
0..n
0..n
0..n
detai led analysis
Other Airl ines
Other Ai rl ine Data
ownsAirl ine
Processing Service
1
1..n
1
1..n
invoke
reads
Compute Resource
1..n
1
executed by
1..n
1Problem
1 0..n1 0..ncreate
1
1
1
1
resolve
Engine Data
owns
reads
found in
DAME Virtual Organisation
![Page 7: Access Control for Dynamic Virtual Organisations Duncan Russell, Peter Dew & Karim Djemame University of Leeds](https://reader036.vdocuments.site/reader036/viewer/2022070605/5a4d1af07f8b9ab05997d8e0/html5/thumbnails/7.jpg)
DAME Virtual Organisation<<organization unit>>
Engine ManufacturerFleet Maintenance Management
Maintenance Engineer
Domain Expert
11..n 11..n
employs
Maintenance Analyst
1 1..n1 1..n
employs
Engine Lessee
1
1..n
1
1..n
employs
Workflow Service
0..n
0..n
0..n
0..n
get diagnosis
0..n
0..n
0..n
0..n
diagnosis
0..n
0..n
0..n
0..n
detai led analysis
Other Airl ines
Other Ai rl ine Data
ownsAirl ine
Processing Service
1
1..n
1
1..n
invoke
reads
Compute Resource
1..n
1
executed by
1..n
1Problem
1 0..n1 0..ncreate
1
1
1
1
resolve
Engine Data
owns
reads
found in
DAME Virtual Organisation
![Page 8: Access Control for Dynamic Virtual Organisations Duncan Russell, Peter Dew & Karim Djemame University of Leeds](https://reader036.vdocuments.site/reader036/viewer/2022070605/5a4d1af07f8b9ab05997d8e0/html5/thumbnails/8.jpg)
DAME VO Properties Role based Task oriented
– Linked by diagnosis problem to solve Evolves over time
– Dynamic membership– Multiples of role instances
High availability of services– Dynamic selection of compute resource
Access to restricted services & data
![Page 9: Access Control for Dynamic Virtual Organisations Duncan Russell, Peter Dew & Karim Djemame University of Leeds](https://reader036.vdocuments.site/reader036/viewer/2022070605/5a4d1af07f8b9ab05997d8e0/html5/thumbnails/9.jpg)
DAME Architecture
VO Templates
VO InstancesControlled access toworkflow instances
PresentationTier
BusinessTier
ServiceTier
Browser
PortalRoledatabase
Casedatabase
WorkflowManager
WorkflowCredential
FeatureVisualization
FeatureDetection CBRWorkflow
AdvisorEngine
Data Store
Broker
White Rose Grid
PatternMatching
ResourceTier
EngineModel
Jump
![Page 10: Access Control for Dynamic Virtual Organisations Duncan Russell, Peter Dew & Karim Djemame University of Leeds](https://reader036.vdocuments.site/reader036/viewer/2022070605/5a4d1af07f8b9ab05997d8e0/html5/thumbnails/10.jpg)
DAME Portal
![Page 11: Access Control for Dynamic Virtual Organisations Duncan Russell, Peter Dew & Karim Djemame University of Leeds](https://reader036.vdocuments.site/reader036/viewer/2022070605/5a4d1af07f8b9ab05997d8e0/html5/thumbnails/11.jpg)
DAME Portal Tools
![Page 12: Access Control for Dynamic Virtual Organisations Duncan Russell, Peter Dew & Karim Djemame University of Leeds](https://reader036.vdocuments.site/reader036/viewer/2022070605/5a4d1af07f8b9ab05997d8e0/html5/thumbnails/12.jpg)
DAME VO Issues Multiple portals, i.e. one per company Multiple workflow engines Multiple organisations defining rights for their:
– Users by role– Workflow (task) by role– Services by role privileges– Data by ownership– Resources by usage
Service logging
![Page 13: Access Control for Dynamic Virtual Organisations Duncan Russell, Peter Dew & Karim Djemame University of Leeds](https://reader036.vdocuments.site/reader036/viewer/2022070605/5a4d1af07f8b9ab05997d8e0/html5/thumbnails/13.jpg)
DAME VO Requirements Definition of flexible VO template policy
– Administration rights to policy Implement flexible policy control
mechanisms– VO members permitted to modify VO policy– Services read/modify VO policy by proxy
Distribute VO access control to services and resources
Back to Architecture
![Page 14: Access Control for Dynamic Virtual Organisations Duncan Russell, Peter Dew & Karim Djemame University of Leeds](https://reader036.vdocuments.site/reader036/viewer/2022070605/5a4d1af07f8b9ab05997d8e0/html5/thumbnails/14.jpg)
DAME Access Control Issues Service interface implementation:
– Control of service access (using VO policy)– Modifying VO policy (using VO policy)
Implementation issues:– Define template policy and translate to dynamic policy– Single entity or separate policy components– Synchronising simultaneous policy changes
Current implementation:– VO templates describe static teams– Access control in presentation and business tiers only
Single grid certificate in DAME collaborative workflows
![Page 15: Access Control for Dynamic Virtual Organisations Duncan Russell, Peter Dew & Karim Djemame University of Leeds](https://reader036.vdocuments.site/reader036/viewer/2022070605/5a4d1af07f8b9ab05997d8e0/html5/thumbnails/15.jpg)
Questions?
Access Control for Dynamic Virtual Organisations
Duncan Russell, Peter Dew & Karim DjemameUniversity of Leeds
[email protected] research is funded by the Engineering and Physical Science Research Council, e–Science Programme, Contract No. GR/R67668/01