Common use of Authentication and Authorization Clause in Contracts

Authentication and Authorization. The goal of the Policy-oriented Security Facilities is to protect PARTHENOS Cloud Infrastructure resources from unauthorized accesses. Service Oriented Authorization and Authentication is a security framework providing ''security services'' as web services, according to ''Security as a Service'' ('''SecaaS''') research topic. It is based on standard protocols and technologies, providing: • an open and extensible architecture • interoperability with external infrastructures and domains, obtaining, if required, also so-called ''Identity Federation'' • total isolation from the enabling framework and technologies: zero dependencies in both the directions The Policy-oriented Security Facilities are powered by the gCube Authorization framework. The gCube Authorization framework is a token-based authorization system. The token is a string generated on request by the Authorization service for identification purposes and associated with every entity interacting with the infrastructure (users or services). The token is passed in every call and is automatically propagated in the lower layers. The token can be passed to a service in 3 ways: • using the HTTP-header: adding the value ("gcube-token","{your-token}") to the header parameters • using the query-string: adding gcube-token={your-token} to the existing query-string • logging via the default authentication widget showed by the browser using your username as username and your token as password. The personal token can be retrieved using the token widget deployed on every environment of the portal. This framework is compliant with the Attribute-based access control (ABAC) that defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. ABAC defines access control based on attributes that describe: • the requesting entity (either the user or the service), • the targeted resource (either the service or the resource), • the desired action (read, write, delete, execute), • and environmental or contextual information (either the VRE or the VO where the operation is executed). ABAC is a logical access control model that is distinguishable because it controls access to objects by evaluating rules against the attributes of the entities (requesting entity or target resource) actions and the environment relevant to a request. ABAC relies upon the evaluation of attributes of the requesting entity, attributes of the targeted resource, environment conditions, and a formal relationship or access control rule defining the allowable operations for entity-resource attribute and environment condition combinations. The Authorization framework is compliant with the XACML reference architecture. XACML is the OASIS standard for fine-grained authorization management based on the concept of Attribute-based access control (ABAC), where access control decisions are made based on attributes associated with relevant entities while operating in a given operational context, a natural evolution from Role Based Access Control (RBAC).

Authentication and Authorization. The goal of the Policy-oriented Security Facilities is to protect PARTHENOS Cloud Infrastructure resources from unauthorized accesses. Service Oriented Authorization and Authentication is a security framework providing ''security services'' as web services, according to ''Security as a Service'' ('''SecaaS''') research topic. It is based on standard protocols and technologies, providing: •  an open and extensible architecture •  interoperability with external infrastructures and domains, obtaining, if required, also so-called ''Identity Federation'' •  total isolation from the enabling framework and technologies: zero dependencies in both the directions The Policy-oriented Security Facilities are powered by the gCube Authorization framework. The gCube Authorization framework is a token-based authorization system. The token is a string generated on request by the Authorization service for identification purposes and associated with every entity interacting with the infrastructure (users or services). The token is passed in every call and is automatically propagated in the lower layers. The token can be passed to a service in 3 ways: •  using the HTTP-header: adding the value ("gcube-token","{your-token}") to the header parameters •  using the query-string: adding gcube-token={your-token} to the existing query-string •  logging via the default authentication widget showed by the browser using your username as username and your token as password. The personal token can be retrieved using the token widget deployed on every environment of the portal. This framework is compliant with the Attribute-based access control (ABAC) that defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. ABAC defines access control based on attributes that describe: •  the requesting entity (either the user or the service), •  the targeted resource (either the service or the resource), •  the desired action (read, write, delete, execute), •  and environmental or contextual information (either the VRE or the VO where the operation is executed). ABAC is a logical access control model that is distinguishable because it controls access to objects by evaluating rules against the attributes of the entities (requesting entity or target resource) actions and the environment relevant to a request. ABAC relies upon the evaluation of attributes of the requesting entity, attributes of the targeted resource, environment conditions, and a formal relationship or access control rule defining the allowable operations for entity-resource attribute and environment condition combinations. The Authorization framework is compliant with the XACML reference architecture. XACML is the OASIS standard for fine-grained authorization management based on the concept of Attribute-based access control (ABAC), where access control decisions are made based on attributes associated with relevant entities while operating in a given operational context, a natural evolution from Role Based Access Control (RBAC).

Authentication and Authorization. The goal of the Policy-oriented Security Facilities is to protect PARTHENOS Cloud Infrastructure resources from unauthorized accesses. Service Oriented Authorization and Authentication is a security framework providing ''security services'' as web services, according to the ''Security as a Service'' ('''SecaaS''') research topic. It is based on standard protocols and technologies, providing: • an open and extensible architecture architecture; • interoperability with external infrastructures and domains, obtaining, if required, also so-called ''Identity Federation'' ''; • total isolation from the enabling framework and technologies: zero dependencies in both the directions directions. The Policy-oriented Security Facilities are powered by the gCube Authorization framework. The gCube Authorization framework is a token-based authorization system. The token is a string generated on request by the Authorization service for identification purposes and associated with every entity interacting with the infrastructure (users or services). The token is passed in every call and is automatically propagated in the lower layers. The token can be passed to a service in 3 three ways: • using the HTTP-header: adding the value ("gcube-token","{your-token}") to the header parameters parameters; • using the query-string: adding gcube-token={your-token} to the existing query-string query- string; • logging via the default authentication widget showed by the browser using your username as username and your token as password. The personal token can be retrieved using the token widget deployed on every environment of the portal. This framework is compliant with the Attribute-based access control Access Control (ABAC) that defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. ABAC defines access control based on attributes that describe: • the requesting entity (either the user or the service), ; • the targeted resource (either the service or the resource), ; • the desired action (read, write, delete, execute), ; • and environmental or contextual information (either the VRE or the VO where the operation is executed). ABAC is a logical access control model that is distinguishable because it controls access to objects by evaluating rules against the attributes of the entities (requesting entity or target resource) actions and the environment relevant to a request. ABAC relies upon the evaluation of attributes of the requesting entity, attributes of the targeted resource, environment conditions, and a formal relationship or access control rule defining the allowable operations for entity-resource attribute and environment condition combinations. The Authorization framework is compliant with the XACML reference architecture. XACML is the OASIS standard for fine-grained authorization management based on the concept of Attribute-based access control (ABAC), where access control decisions are made based on attributes associated with relevant entities while operating in a given operational context, a natural evolution from Role Based Access Control (RBAC).