ScienceDirect® Home Skip Main Navigation Links
You have guest access to ScienceDirect. Find out more.
 
Home
Browse
My Settings
Alerts
Help
 Quick Search
 Search tips (Opens new window)
    Clear all fields    
advertisementadvertisement
Future Generation Computer Systems
Volume 23, Issue 4, May 2007, Pages 633-657
 
Font Size: Decrease Font Size  Increase Font Size
 Abstract - selected
Article
Purchase PDF (2001 K)

  E-mail Article   
  Add to my Quick Links   
Bookmark and share in 2collab (opens in new window)
Request permission to reuse this article
  Cited By in Scopus (1)
 
 
 
Related Articles in ScienceDirect
View More Related Articles
 
View Record in Scopus
 
doi:10.1016/j.future.2006.09.009    How to Cite or Link Using DOI (Opens New Window)
Copyright © 2006 Elsevier Ltd All rights reserved.

Dynamic security perimeters for inter-enterprise service integration

I. Djordjevica, Corresponding Author Contact Information, 1, E-mail The Corresponding Author, T. Dimitrakosa, 1, N. Romanob, D. Mac Randalc, maltese cross and P. Ritrovatob

aSecurity Research Centre, British Telecom, Adastral Park, Martlesham, Ipswich IP5 3RE, UK bCRMPA, Università di Salerno, DIIMA, via Ponte Don Melillo, Fisciano, 84084, Italy cCCLRC Rutherford Appleton Laboratory, Chilton, Didcot, Oxfordshire, OX11 0QX, UK

Received 16 November 2005; 
revised 3 July 2006; 
accepted 16 September 2006. 
Available online 21 December 2006.

Purchase the full-text article



References and further reading may be available for this article. To view references and further reading you must purchase this article.

Abstract

Levaraging the convergence of Grid and Web services technologies, we anticipate the emergence of new business and scientific computing paradigms that are based on dynamic Virtual Organisations (VO). These VOs span across organisational boundaries and enable the enactment of collaborative processes that integrate services, resources and knowledge in order to perform tasks that the VO partners could not undertake on their own. Such a dynamic and complex structure opens several challenging problems relating to VO security.

In this paper, we summarise a novel architecture supporting Grid-enabled collaboration for the purposes of Application Service Provision. We then focus on the underpinning security architecture that enables the federated management and distributed enforcement of dynamic security perimeters for virtual communities of services, and on resources that span across administrative and enterprise boundaries. We highlight how this architecture, realised in the context of a European research project developing a Grid platform for application serviced provision, addresses the outstanding challenges that underlie the automation of trust and security management in scalable, multi-institutional, and dynamic Virtual Organisations.

Keywords: Access control; Application service provision (ASP); Distributed systems; Grid computing; Information security; Virtual Organisations; Web services

Article Outline

1. Introduction
2. Overview of a VO ecosystem for on-demand service composition
2.1.1. The instantiation subsystem
2.1.2. The locator subsystem
2.1.3. The orchestrator subsystem
2.1.4. The SLA subsystem
2.1.5. Manageability model
2.1.6. The security infrastructure
2.2. Deployment considerations
3. The dynamic security perimeter architecture
3.1. Logical structure of the architecture
3.2. Interaction and communication models
3.3. Group dynamics: Life-cycle model
3.4. Security enforcement
4. Implementation of the security infrastructure
4.1. Common functionalities and baseline services
4.2. Setting-up a HE as a single trust domain
4.3. Service Instance Groups for each application instance
4.4. Security tokens
4.5. Security enforcement implementation
4.6. Set-up and security configuration
4.7. Security subsystem evaluation and lessons learned
4.7.1. System performance evaluation
4.7.2. Security considerations
4.8. Limitations of the current prototype and further work
4.8.1. Migration from OGSI to WSRF
4.8.2. Security policy management
4.8.3. Securing business process enactment
4.8.4. Use of security profiles
5. Related work
6. Conclusion
Acknowledgements
References
Vitae









Future Generation Computer Systems
Volume 23, Issue 4, May 2007, Pages 633-657
 
Home
Browse
My Settings
Alerts
Help
Elsevier.com (Opens new window)
About ScienceDirect  |  Contact Us  |  Information for Advertisers  |  Terms & Conditions  |  Privacy Policy
Copyright © 2008 Elsevier B.V. All rights reserved. ScienceDirect® is a registered trademark of Elsevier B.V.