Malik Muhamamd JunaidMaximilian Berger

Thomas Fahringer

Distributed and parallel Systems GroupUniversity of Innsbruck

Austria

Oct, 13, 2009. Krakow, PL.

OutlineMotivation Workflow Hosting EnvironmentSecure Workflow Repository (SWFR)ArchitectureComponentsSecurity and ReliabilityAdvancementConclusion

IntroductionWorkflows are vital to Grid based

applications.Increasing complexity of these applications is

making the workflow design difficult,Leading to a need for:

Workflow Sharing and ReuseWorkflow securityWorkflow Version Management Workflow Modification History

ASKALON Workflow Storage

Workflow Represented using AGWL based on XML

Workflow storage is based on Filesystem Open access to all users Manual version history No Workflow Modification History No ownership record for workflows

Secure Workflow Repository(SWFR)SWFR is designed and implemented to

address these issues:Features:

Decentralized Service oriented implementationSecure Client Service communication for

workflow transactionsExtended Role Based Access ControlAutomated Version ControlComprehensive wokflow update historyComplete Ownership information

Workflow Design Tool (client)

Workflow Repository (Service)

Architecture of the SWFR

Eve

nt H

an

dle

r

Design Tool

Rep

osito

ry Req

uests

(Eve

nts)

Authenticati

on & Authorizatio

n Module

Version Management

Module

Storage, Retrieval& Session

Management

Work

flow

R

ep

osito

ry

Session Manager

Permissions

Security using Extended-RBACRole based Access Control (RBAC)

Operation

s

objects

Roles

Users

Role Hierarchy

Role Hierarchy

PermissionAssignmentPermissionAssignment

User Assignment

User Assignment

Rights Delegation

Rights Delegation

Extended Role based Access Control (E-RBAC) for Grid Workflows

Security using Extended-RBAC

Req

uest H

an

dle

r

Repository Access

Authorization (E-RBAC)

Authentication (RBAC)

Session Authentication

Decryption1

3

2

4

5

Layered Security Architecture: Request Handle performs Decryption

of the incoming request based on the session information

User Authentication based on Session and credential information

Authorization check based on Roles and Exceptional rights

Information Retrieval from the Repository

Encryption using session information

Schema Diagram for the SWFR

has change

changechg_typ

echg_id

1 *has revision

rev_nr time_strev_Id

*

owner

workflow

name xmlidstate

1

*

has

Wf_info

Time_stcountfull_re

vwf_inf_i

d

has1*

1

*

User

u_id emailu_nam

ename cred

1 *

u_perm

rights

*

is_in**

Group

gidGp_nam

e

gp_perm

rights

*

*

Automatic Version ManagementVersion Management Module:

Keeps track of the Existing Workflows in the Repository

Applies Version Increment to the Updated workflows

Automatic Minor updates for the workflow modifications

User directed explicit major version updates

ConclusionSWFR Provides a better solution for workflow

managementIt can be easily integrated into larger systems.Secure communication makes it safe for SOADecentralized database makes it fast and efficientLayered Extended Role based access provides

multi level of security.Fine grained access control is possible because of

exceptional rights delegationAutomatic version management helps in tracking

changes and finding updated version easily.