Secure access to service-based collaborative workflow across organisations
This thesis addresses the problem of providing secure collaborative workflow across different organisations with an architectural solution. This involves addressing such issues as collaborative workflow and business processing, Grid Computing, service-oriented architecture and role-based access control. Grid Computing has been developed to provide middleware for collaborative access to distributed processing services and distributed data sources, supporting distributed users that form Virtual Organisations. Some distributed services and data are commercially sensitive, and need to be protected by controlling access to them, ensuring access is only for permitted users in the collaborative team. The collaboration is controlled in a workflow management system and links role-based workflow with role-based access control. Workflow management in Grid Computing provides the capability to integrate and coordinate distributed users, stateful Grid Services, Information systems and Grid Compute Resources. The research is supported by the UK e-Science Project, DAME (Distributed Aircraft Maintenance Environment), a collaborative project that demonstrates the use Grid Computing for collaborative problem solving across organisations. DAME uses the domain of aircraft engine diagnostics and maintenance in a global context, requiring the support of workflow management to coordinate the sharing of globally distributed users, processing services and data. This research extends the understanding of access control to Grid Services, by producing an architecture for the definition and control of dynamic access control policies for collaborative service-based workflows. In particular, the research addresses collaborative access to stateful Grid Service instances across organisations. The proposed solution for secure collaborative service-based workflows is called "Workflow-Team Policy Architecture". An implemented web-based portal and workflow management system controlling Grid Services instances across the White Rose Grid is evaluated using the business example of aircraft engine diagnostics.