| Abstract |
More and more scientific organizations are using in their everyday research activities scientific computations. These computations usually have a long duration and consume significant resources. In order to enhance scientific collaboration on the same or similar research topics, as well as to share the cost of expensive scientific computations, organizations rely on distributed information technology. For instance, the implementation of such distributed scientific computations can be achieved with the use of an appropriate workflow management system (WfMS). However, authentication and authorization mechanisms tailored to the needs of scientific computations are still missing. Most of the authorization models for WfMSs deal with low level access of machine process and files. In addition, suggestions about "good" permissions are not provided by the system. As a result, a scientist is not aware in advance whether he/she can execute a scientific workflow neither of what actions has to undertake when the appropriate permissions are not granted by the system. Finally, charging mechanisms for scientific computations are not also foreseen. In this thesis we propose a new authorization model for scientific workflows. In this model, we define a hierarchy of user and roles in order to support a flexible management of authorization primitives by distributed organizations. We propose adequate algorithms for verifying and suggesting permissions and roles during the compilation of the authorizations specified in a scientific workflow. We also define credits, which can be used in conjunctions with authorization in order to provide a charging functionality. Finally, we outline the architecture of an authentication and authorization system based in our model which can be easily integrated with a scientific WfMS such as ARION.
|
Μηχανισμοί Πιστοποίησης και Εξουσιοδότησης για Ροές Επιστημονικών Εργασιών
