Rights Management for Shared Collections

  • View
    20

  • Download
    0

Embed Size (px)

DESCRIPTION

Rights Management for Shared Collections. Storage Resource Broker. Reagan W. Moore moore@sdsc.edu http://www.sdsc.edu/srb. Abstract. National and international collaborations create shared collections that span multiple administrative domains. Shared collection are built using: - PowerPoint PPT Presentation

Text of Rights Management for Shared Collections

  • Rights Management for Shared CollectionsStorage Resource BrokerReagan W. Mooremoore@sdsc.eduhttp://www.sdsc.edu/srb

  • AbstractNational and international collaborations create shared collections that span multiple administrative domains. Shared collection are built using:Data virtualization, the management of collection properties independently of the storage system. Trust virtualization, the ability to assert authenticity and authorization independently of the underlying storage resources. What rights management are implied in trust virtualization?How are data integrity challenges met?How do you implement a Deep Archive?

  • State of the Art TechnologyGrid - workflow virtualizationManage execution of jobs (processes) independently of compute serversData grid - data virtualizationManage properties of a shared collection independently of storage systemsSemantic grid - information virtualizationReason across inferred attributes derived from multiple collections.

  • Shared CollectionsPurpose of SRB data grid is to enable the creation of a shared collection between two or more institutionsRegister digital entity into the shared collectionAssign owner, access controlsAssign descriptive, provenance metadataManage audit trails, versions, replicas, backupsManage location mapping, containers, checksumsManage verification, synchronizationManage federation with other shared collectionsManage interactions with storage systemsManage interactions with APIs

  • Trust VirtualizationCollection owns the data that is registered into the data gridData grid is a set of servers, installed at each storage repositoryServers are installed under a SRB ID created for the shared collectionAll accesses to the data stored under the SRB ID are through the data gridAuthentication and authorization are controlled by the data grid, independently of the remote storage system

  • Rights ManagementShared collection approachManage authentication of all users who will have privileges beyond that of public readMap users to groupsProvide access controls on users and groupsVirtual Organization Management approach (VOM)Authenticate users, and provide certificate asserting membership in a groupManage access controls on groupsProvide rules for access based on membership in a group

  • Authentication / AuthorizationCollection owned dataAt each remote storage system, an account ID is created under which the data grid stores filesUser authenticates to the data gridData grid checks access controlsData grid server authenticates to a remote data grid serverRemote data grid server authenticates to the remote storage repositorySRB servers return the data to the client

  • Authentication MechanismsGrid Security InfrastructurePKI certificatesChallenge-response mechanismNo passwords sent over networkTicketValid for specified time period or number of accessesGeneric Security Service APIAuthentication of server to remote storage

  • Trust ImplementationFor authentication to work across multiple administrative domainsRequire collection-managed names for usersFor authorization to work across multiple administrative domainsRequire collection-managed names for filesResult is that access controls remain invariant. They do not change as data is moved to different storage systems under shared collection control

  • Network DevicesAccess to data must handle security requirements of network devicesFirewalls - typically requires access be initiated from within a firewallNetwork routers - location of data may change based on load leveling Private virtual network - location of data not known explicitly knownHandled by creating network transport protocols to meet requirements of each network device

  • Parallel mode Data Transfer Server InitiatedSRBserver1SRB agentSRBserver2MCATSput -mSRB agent123456srbObjPut+ socket addr , port and cookie

    1.Logical-to-Physical mapping2. Identification of Replicas3.Access & Audit ControlPeer-to-peer RequestConnect to clientData transfer

    RServer behind firewall

  • Parallel mode Data Transfer Client InitiatedSRBserver1SRB agentSRBserver2MCATSput -MSRB agent142367srbObjPut

    1.Logical-to-Physical mapping2. Identification of Replicas3.Access & Audit ControlReturn socket addr., port and cookieConnect to serverData transfer

    R55Client behind firewall

  • HIPAA Patient ConfidentialityAccess controls on dataAccess controls on metadataAccess controls on storage systemsAudit trailsEnd-to-end encryption (manage keys)Localization of data to specific storage

    Access controls do not change when data is moved to another storage system under data grid control

  • Logical Name SpacesStorage Repository Storage location User name File name File context (creation date,) Access constraintsData Access Methods (C library, Unix, Web Browser)Data access directly betweenapplication and storagerepository using namesrequired by the local repository

  • Logical Name SpacesStorage Repository Storage location User name File name File context (creation date,) Access constraintsData Grid Logical resource name space Logical user name space Logical file name space Logical context (metadata) Control/consistency constraintsData CollectionData Access Methods (C library, Unix, Web Browser)Data is organized as a shared collection

  • Logical Resource NamesLogical resource name represents multiple physical resourcesWriting to a logical resource name can result in:Replication - write completes when each physical resource has a copyLoad leveling - write completes when the next physical resource in the list has a copyFault tolerance - write completes when k of n resources have a copySingle copy - write is done to first disk at same IP address, then disk anywhere, then tape

  • Federation Between Data GridsData Grid Logical resource name space Logical user name space Logical file name space Logical context (metadata) Control/consistency constraintsData Collection BData Access Methods (Web Browser, DSpace, OAI-PMH)Data Grid Logical resource name space Logical user name space Logical file name space Logical context (metadata) Control/consistency constraintsData Collection AAccess controls and consistency constraints on cross registration of digital entities

  • Authentication across ZonesFollow Shibboleth modelA user is assigned a home zoneUser identity isHome-zone:Domain:User-IDAll authentications are done by the home zone

  • User AuthenticationZ1:D1:U1Z2Z1ConnectChallenge/ResponseValidation of Challenge Response

  • User AuthenticationZ1:D1:U1Z2Z1ConnectChallenge/ResponseValidation of Challenge ResponseZ3Forward

  • Deep ArchiveZ2Z1Z3Z2:D2:U2RegisterZ3:D3:U3RegisterPullPullFirewallServer initiated I/ODeepArchiveStagingZoneRemote ZoneNo access byRemote zonesPVN

  • NARA Persistent ArchiveNARAU MdSDSCMCATMCATMCATOriginal data at NARA, data replicated to U MdReplicated copyat U Md for improvedaccess, load balancingand disaster recoveryDeep archive atSDSC, no user access, datapulled from NARADemonstrate preservation environment Authenticity Integrity Management of technology evolution Mitigation of risk of data loss Replication of data Federation of catalogs Management of preservation metadata Scalability Types of data collections Size of data collectionsFederation of Three Independent Data Grids

  • For more Information on Storage Resource Broker Data Grid

    Reagan W. Mooremoore@sdsc.eduhttp://www.sdsc.edu/srb/