This project (AGAST) will investigate the extent to which semantic technologies will provide a flexible mechanism for easily-delegated access control. We will confront our existing prototype with a wide variety of challenging and realistic use-cases, drawn from the PIs’ engagement with current projects

Advanced Grid Authorisation through Semantic Technologies

Report The Final Report for this project is available here

 

Overview

Whilst the Grid community has broadly adopted approaches based upon X.509 digital certificates to support authentication, authorisation remains an area without a dominant standard, and which presents substantial usability problems to resource owners and users.

Semantic technologies can support lightweight expression of access policies, extending the way in which access decisions can ultimately be made. In many scenarios, the information needed to make a local access decision comes from a variety of sources. Examples include resource sharing, quota management of distributed resources, or identifying security policy conflicts in the case where an individual holds roles in two different Virtual Organisations.

Aims and objectives

  • Develop prototype reasoner and authorisation ontology Identify application domains and elaborate use-cases. Application areas include access to astronomical, biomedical and nanoelectronic resources,
  • Produce demonstrators in the application areas to validate design
  • Dissemination: journal articles, documents in relevant application domains, and JISC final report

Project methodology

The PI at Leicester will produce an initial version of the semantic Policy Decision Point (PDP), specifying overall architecture and APIs. Then, in parallel, project staff at Leicester and Glasgow will elaborate the use-cases outlined in the project proposal, producing detailed scenarios and validating the PDP API, then, with the assistance of the PI, integrating these with the prototype API.

Anticipated outputs and outcomes

  • Production of prototype semantic PDP
  • Use-case documents describing the range of application authorisation scenarios and their implementation using the ontology-based PDP

Technology / Standards used (if applicable)

  • Security technologies: X.509 certificates; LDAP and SAML for identity assertions, as appropriate; OpenID if appropriate
  • Semantic technologies: RDF, RDF Schema, OWL; RDF/OWL libraries such as Jena or Sesame
Lead institution

Department of Physics and Astronomy, University of Leicester

Project partners

NeSC, University of Glasgow

Project Staff

Project Manager
  • Norman Gray, University of Leicester, Department of Physics and Astronomy, Tel: 0141 330 4502, Fax: 0141 330 4152, http://nxg.me.uk
Project Team

Documents & Multimedia

Bookmark and Share
Summary
Start date
1 May 2008
End date
30 April 2009
Funding programme
e-Infrastructure Programme
Project website
Committees
  • JISC Support of Research committee
Topic