Embed Size (px)
DESCRIPTION
DAME (Distributed Aircraft Maintenance Environment) EPSRC Funded, 3 years. Ends Dec Universities: – University of Leeds - School of Computing and School of Mechanical Engineering – University of Oxford - Dept of Engineering Science – University of Sheffield - Dept of Automatic Control and Systems Engineering – University of York - Dept of Computer Science Industrial Partners: – Rolls-Royce – Data Systems and Solutions
Citation preview
Access Control for Dynamic Virtual Organisations
Duncan Russell,Peter Dew &Karim Djemame
University of Leeds
Access Control for Dynamic Virtual Organisations DAME Context DAME Virtual Organisation Demonstration Portal & Workflow
Management Virtual Organisation Issues
DAME (Distributed Aircraft Maintenance Environment) EPSRC Funded, 3 years. Ends Dec 2004 4 Universities:
– University of Leeds - School of Computing and School of Mechanical Engineering
– University of Oxford - Dept of Engineering Science– University of Sheffield - Dept of Automatic Control
and Systems Engineering– University of York - Dept of Computer Science
Industrial Partners:– Rolls-Royce– Data Systems and Solutions
DAME System Aircraft Engine Diagnostics
– Expert system & decision support– Predictive maintenance scheduling
Distributed Resources– Data sources e.g. aircraft engines– Signal & Case data processing services
Distributed Users– Maintenance staff at airport (for Airline)– Engine experts at Rolls Royce and DS&S
On-demand Requirements– Diagnostics response within turn-around time
Maintenance Engineer Aircraft Lands
Vis ual Inspection
Provide Inform ation
Quote Diagnos is
Brief Diagnos is / Prognos is
Check Diagnoses
Maintenance Procedure
Diagnos is Res ult
Release Engine
complete
Maintenance Res ult
Maintenance Analys t (Fleet Manager)
Detailed Diagnosis / Prognos is
Provide Further Details
Request Inform ation
Sign-off Diagnos is
Analys t Decision
[ information required ]
[ diagnos is ]
DAME signal proce ssing workflows using Grid Services
Domain Expert
Detailed Analys is
[ unknown ]
Request Further Details
Expert Decis ion
[ known ][ Clear ]
[ unknown ]
[ information required ]
[ diagnosis ]
[ fault unres olved ]
[ fault resolved ]
Rolls RoyceDS&SAirport
DAMEExample Business process
for diagnosing engine data
Three roles:– Maintenance
Engineer– Maintenance
Analyst– Domain Expert
Forms problem solving team
DAME Virtual Organisation<<organization unit>>
Engine ManufacturerFleet Maintenance Management
Maintenance Engineer
Domain Expert
11..n 11..n
employs
Maintenance Analyst
1 1..n1 1..n
employs
Engine Lessee
1
1..n
1
1..n
employs
Workflow Service
0..n
0..n
0..n
0..n
get diagnosis
0..n
0..n
0..n
0..n
diagnosis
0..n
0..n
0..n
0..n
detai led analysis
Other Airl ines
Other Ai rl ine Data
ownsAirl ine
Processing Service
1
1..n
1
1..n
invoke
reads
Compute Resource
1..n
1
executed by
1..n
1Problem
1 0..n1 0..ncreate
1
1
1
1
resolve
Engine Data
owns
reads
found in
DAME Virtual Organisation
DAME Virtual Organisation<<organization unit>>
Engine ManufacturerFleet Maintenance Management
Maintenance Engineer
Domain Expert
11..n 11..n
employs
Maintenance Analyst
1 1..n1 1..n
employs
Engine Lessee
1
1..n
1
1..n
employs
Workflow Service
0..n
0..n
0..n
0..n
get diagnosis
0..n
0..n
0..n
0..n
diagnosis
0..n
0..n
0..n
0..n
detai led analysis
Other Airl ines
Other Ai rl ine Data
ownsAirl ine
Processing Service
1
1..n
1
1..n
invoke
reads
Compute Resource
1..n
1
executed by
1..n
1Problem
1 0..n1 0..ncreate
1
1
1
1
resolve
Engine Data
owns
reads
found in
DAME Virtual Organisation
DAME VO Properties Role based Task oriented
– Linked by diagnosis problem to solve Evolves over time
– Dynamic membership– Multiples of role instances
High availability of services– Dynamic selection of compute resource
Access to restricted services & data
DAME Architecture
VO Templates
VO InstancesControlled access toworkflow instances
PresentationTier
BusinessTier
ServiceTier
Browser
PortalRoledatabase
Casedatabase
WorkflowManager
WorkflowCredential
FeatureVisualization
FeatureDetection CBRWorkflow
AdvisorEngine
Data Store
Broker
White Rose Grid
PatternMatching
ResourceTier
EngineModel
Jump
DAME Portal
DAME Portal Tools
DAME VO Issues Multiple portals, i.e. one per company Multiple workflow engines Multiple organisations defining rights for their:
– Users by role– Workflow (task) by role– Services by role privileges– Data by ownership– Resources by usage
Service logging
DAME VO Requirements Definition of flexible VO template policy
– Administration rights to policy Implement flexible policy control
mechanisms– VO members permitted to modify VO policy– Services read/modify VO policy by proxy
Distribute VO access control to services and resources
Back to Architecture
DAME Access Control Issues Service interface implementation:
– Control of service access (using VO policy)– Modifying VO policy (using VO policy)
Implementation issues:– Define template policy and translate to dynamic policy– Single entity or separate policy components– Synchronising simultaneous policy changes
Current implementation:– VO templates describe static teams– Access control in presentation and business tiers only
Single grid certificate in DAME collaborative workflows
Questions?
Access Control for Dynamic Virtual Organisations
Duncan Russell, Peter Dew & Karim DjemameUniversity of Leeds
[email protected] research is funded by the Engineering and Physical Science Research Council, e–Science Programme, Contract No. GR/R67668/01
