Prosperity4All Security Infrastructure

From wiki.gpii
Jump to: navigation, search

Introduction

The Security infrastructure provides services related to (a) the registration of the service suppliers (providers) and consumers and the registration of the services in the P4All platform, (b) the authentication of the users and (c) their authorization per service. The service includes administrative functionality for account and profile editing. Security – related actions are logged and offered to the charging services. The security infrastructure is expected to facilitate the developers by offering the developers the option to easily integrate P4A security services with their assistance services.

Target Audience(s)

The target users of the Security infrastructures are: (a) the developers - service suppliers, (b) the service consumers - the end users, (c) the administrators of the platforms and (d) other sub-systems that may need security - related information, e.g. the charging systems that exploits the authentication timestamps.

Potential Applications

All involved stakeholders are expected to benefit from the functionality offered by the P4All security infrastructure. All types of users have a single point of entry for registration, authentication and authorization. The administrators will be able to monitor and control the users of the platform. The developers - service suppliers will be able to use off-the-shelf functionality to integrate their services, instead of providing their own components. Furthermore information will be available to third systems such as the charging system.

Technologies

We foresee the usage of an implementation of the OAuth2 standard (RFC 6749). We will also provide the authentication mechanism (currently based upon username/password) and create the registration functionality.

Licence Information

The licences accompanying the security infrastructure contain re-distribution friendly directives (Apache, BSD etc.). None of them is proprietary and/or of limited (re)use.

Status, Known Issues & Planned Work

The system is currently in the phase of requirements identification, specifications and the review of currently available open-source solutions. The specs will be finalized and included in D201.1 (due M18, July 2015) for the Task 201.3.

Further Resources

We have defined a list of scenarios as shown in the following table.

Scenario title Description Task
Scenario 1: Service Consumer (end user), Service Supplier, Carer and Service Registration Act 1 - End user registration: The end user registers to the platform and complete his profile including typical and extended personal info. Typical information include first and last name, username and password, email account, mobile number (if available), nationality, the level of familiarity with IT, the preferred channel(s) for system interaction. Payment – related details and other auxiliary options such as his interest in crowd-funding processes are also included. 205.3
Act 2 - Carer registration: The carer registers to the platform and completes his/her profile. He / she should be associated with at least one end user. This association is performed during registration and verified by the end user.
Act 3 - Service supplier registration: The service supplier registers to the platform and completes his profile.
Act 4 - Service registration: The service is the primary resource used in the P4All infrastructure. The service supplier is registering a service in the platform. Descriptive metadata are completed, including target users, usage details and charging models. The service provider specifies the acceptable user and administrative actions upon the service.
Act 5 - End user subscription to a service: The end user (service consumer) subscribes to a set of P4All services, completing the necessary fields and after explicitly verifying that he has been informed of the terms and conditions and the policies applied. The subscription to the service is verified by an email.
Act 6 - End user un-subscription from a service: The end user unsubscribes from a P4All service. The un-subscription from the service is verified by an email to his primary account.
Act 7 - Profile management: The end user, the carer and/or the service supplier can edit their profiles (registration and subscriptions); the service suppliers can manage the registration of the services.
Scenario 2: Authentication and Authorization Act 1 - Authentication: The end user, the carer and/or the service supplier authenticates using his username and password. After the verification of the credentials, the user is informed of successful logon and about his last login. 205.3
Act 2 - Authorization: The end user, the carer and/or the service supplier is authorized to perform an action upon a service (resource). The user and the service (resource) should have been already registered to the platform, while the user should have subscribed to the service. The Oauth2 mechanisms will be used for authentication.
Scenario 3: Provision of Logs and Statistics Act 1 - Authentication and Session logs: The system provide the information related to the authentication of a user (service consumers, carers and suppliers) to the platform. Session information (duration) is also included. This can be performed, indicatively, for statistical and charging purposes. 205.3
Act 2 - Authorization logs: The system provide the information related to the authorization of a user (service consumers, carers and suppliers) to a service. This can be performed, indicatively, for statistical and charging purposes.

Videos/Demos

Documentation/FAQs

Who can use the security infrastructure? - All entities involved in the P4All ecosystem are encouraged to use the security infrastructure.

Related/Alternative Tools

Getting Involved

Code Repository