Information Technology Reference
In-Depth Information
number of parallel jobs, providing the relevant entry (
(file) available expanded on
the remote storage resource.
Notice that combining this technology with the coarse-grained interoperability
solution of the SHIWA and ER-Flow projects, users can transfer remote data among
different workflows like ASKALON, Kepler, MOTEUR, Taverna, etc., no matter in
which DCI they are actually executed.
5.4 Security Considerations
As with using any mediation service, a number of security concerns may arise. This
section describes the measures implemented in Data Avenue to preserve confi-
-
dentiality of users
security-sensitive data.
In order to access Data Avenue services, clients must possess and pass a valid
'
in each request to be sent to the Blacktop. A ticket is a simple access code
(similar to API key used by Google), valid for a speci
ticket
c period of time, which can
be requested on the Data Avenue web site by
filling out a simple form (asking for
some basic information about the user such as name and e-mail address). Note that
tickets, which
allow of using Blacktop services, differ from credentials
that are needed to access a particular storage resource. Tickets basically serve to
prevent anonymous overloading of the Blacktop, but also make it possible to trace
back the history of user operations, if needed.
Data Avenue services are available through HTTPS connection, which ensures
con
merely
dentiality of data passed through this channel, and is protected against
eavesdropping. Besides that, the Blacktop itself is hosted in a secured infrastructure
(behind
firewalls, etc.). On the Blacktop side, credentials are stored in the system
memory (not written to disk), and kept only for the time of the client session (after a
speci
c period of time of inactivity, they are discarded).
Credentials related to aliases, which require authentication data to persist for
their whole lifetimes, must be stored in a database. In addition to ordinary measures
of protecting databases, Data Avenue stores credentials in the database in encrypted
form. The encryption key is set by the system administrator on Blacktop startup,
and using this key, the Blacktop can automatically encode/decode credentials when
writing to/reading from the database. The security of the communication between
the Blacktop and different storage resources is ensured by the protocol used to
access the storage.
As with any clients, Data Avenue UI also requires a ticket to connect to the
Blacktop. When the UI is used within portals
having possibly hundreds of users
portal users are not required to request tickets individually. Instead, a single
is requested by the system administrator for the portal, who sets this
ticket in the portlet settings (preferences) once. To allow
portal ticket
fine-grained, user-level
access to the Data Avenue services, for each user registered within the portal
wishing to use the UI, a so called
is obtained automatically,
which is used afterwards in every interaction between the portal user and the
portal user ticket
Search WWH ::




Custom Search