Secure Workflow execution across security domains

[hector-rodriguez]

Building upon the work performed on Testbed-15, the execution of secured workflows across security domains could be demonstrated provided that the following pre-requisites are fulfilled:

• Two Federation Managers or similar entities are provided (ideally with different approaches). These contain at least the following services:

1. Identity Provider (IDP) with API endpoints allowing secured retrieval and validation of user information by Clients and Services
2. Policy Decision Point (PDP) with API endpoints allowing creation, edition, removal, and verification of access policies
3. Resource catalogue with API endpoints allowing insertion and query of resources by Services and Clients

• Two or more secured services, compliant with each of the service bundles mentioned above
• A workflow manager that executes the workflow with at least the following steps:

1. Resource Discovery Phase
2. Authentication Phase (both domains)
3. Workflow Initialization Phase (solving M2M interactions and secured transation of outputs)
4. Workflow Dry-Run Phase (test that all security constraints are fulfilled beforehand)
5. Workflow Execution Phase

[hector-rodriguez]

Relevant use-cases: Service A1 (running on env. A) and B (running on env.B) are executed one after the other. Service A2 is a storage service on env. A.

1. Service A1 is open but Service B requires elevated priveledges on environment B. Execution should fail on its Dry-Run phase.

2. Service A1 requires Service B to have reading permissions over the execution data stored in A2. Whenever an execution ends for Service A1, data is stored in A2 and protected with a specific access scope. Service B needs to be authenticated in an M2M operation that decides if it has access to outputs. Execution should fail on its initialization phase due to service incompatibility.