Secure Workflow Repository for Askalon

1
Secure Workflow Repository for Askalon

• Malik Muhamamd Junaid
• Maximilian Berger
• Thomas Fahringer
• Distributed and parallel Systems Group
• University of Innsbruck
• Austria

Oct, 13, 2009. Krakow, PL.
2
Outline

• Motivation
• Workflow Hosting Environment
• Secure Workflow Repository (SWFR)
• Architecture
• Components
• Security and Reliability
• Advancement
• Conclusion

3
Introduction

• Workflows are vital to Grid based applications.
• Increasing complexity of these applications is
  making the workflow design difficult,
• Leading to a need for
• Workflow Sharing and Reuse
• Workflow security
• Workflow Version Management
• Workflow Modification History

4
ASKALON Workflow Storage

• Workflow Represented using AGWL based on XML
• Workflow storage is based on Filesystem
• Open access to all users
• Manual version history
• No Workflow Modification History
• No ownership record for workflows

5
Secure Workflow Repository(SWFR)

• SWFR is designed and implemented to address
  these issues
• Features
• Decentralized Service oriented implementation
• Secure Client Service communication for workflow
  transactions
• Extended Role Based Access Control
• Automated Version Control
• Comprehensive wokflow update history
• Complete Ownership information

6
Architecture of the SWFR
Workflow Design Tool (client)
Workflow Repository (Service)
Event Handler
Repository Requests (Events)
Workflow Repository
Session Manager
7
Security using Extended-RBAC

• Role based Access Control (RBAC)

Role Hierarchy
Permissions
Permission Assignment
User Assignment
Users
Operations
objects
Roles
Rights Delegation

• Extended Role based Access Control (E-RBAC) for
  Grid Workflows

8
Security using Extended-RBAC

• Layered Security Architecture
• Request Handle performs Decryption of the
  incoming request based on the session information
• User Authentication based on Session and
  credential information
• Authorization check based on Roles and
  Exceptional rights
• Information Retrieval from the Repository
• Encryption using session information

9
Schema Diagram for the SWFR
10
Automatic Version Management

• Version Management Module
• Keeps track of the Existing Workflows in the
  Repository
• Applies Version Increment to the Updated
  workflows
• Automatic Minor updates for the workflow
  modifications
• User directed explicit major version updates

11
Conclusion

• SWFR Provides a better solution for workflow
  management
• It can be easily integrated into larger systems.
• Secure communication makes it safe for SOA
• Decentralized database makes it fast and
  efficient
• Layered Extended Role based access provides multi
  level of security.
• Fine grained access control is possible because
  of exceptional rights delegation
• Automatic version management helps in tracking
  changes and finding updated version easily.