The AGAST project will investigate the extent to which semantic technologies will provide a flexible mechanism for easily-delegated access control. We will confront our existing prototype with a wide variety of challenging and realistic use-cases, drawn from the PIs’ engagement with current projects

AGAST (Advanced Grid Authorisation through Semantic Technologies)


Start date: 1 May 2008

End date: 30 April 2009

Funding programme: e-Infrastructure programme

Project website: http://www.nesc.ac.uk/hub/projects/agast/

JISC theme(s): e-Research

Committees: JISC Support of Research committee

Overview

Whilst the Grid community has broadly adopted approaches based upon X.509 digital certificates to support authentication, authorisation remains an area without a dominant standard, and which presents substantial usability problems to resource owners and users.

Semantic technologies can support lightweight expression of access policies, extending the way in which access decisions can ultimately be made. In many scenarios, the information needed to make a local access decision comes from a variety of sources. Examples include resource sharing, quota management of distributed resources, or identifying security policy conflicts in the case where an individual holds roles in two different Virtual Organisations.

Aims and objectives

  • Develop prototype reasoner and authorisation ontology Identify application domains and elaborate use-cases. Application areas include access to astronomical, biomedical and nanoelectronic resources,
  • Produce demonstrators in the application areas to validate design
  • Dissemination: journal articles, documents in relevant application domains, and JISC final report

Project methodology

The PI at Leicester will produce an initial version of the semantic Policy Decision Point (PDP), specifying overall architecture and APIs. Then, in parallel, project staff at Leicester and Glasgow will elaborate the use-cases outlined in the project proposal, producing detailed scenarios and validating the PDP API, then, with the assistance of the PI, integrating these with the prototype API.

Anticipated outputs and outcomes

  • Production of prototype semantic PDP
  • Use-case documents describing the range of application authorisation scenarios and their implementation using the ontology-based PDP

Technology / Standards used (if applicable)

  • Security technologies: X.509 certificates; LDAP and SAML for identity assertions, as appropriate; OpenID if appropriate
  • Semantic technologies: RDF, RDF Schema, OWL; RDF/OWL libraries such as Jena or Sesame
Lead institution

Department of Physics and Astronomy, University of Leicester

Project partners

NeSC, University of Glasgow

project staff

Project Manager
  • Norman Gray, University of Leicester, Department of Physics and Astronomy, Tel: 0141 330 4502, Fax: 0141 330 4152, http://nxg.me.uk
Project Team
  • Last updated on 19/11/08 by Kerry Ann Down