200 likes | 432 Views
A Trust Model for Web Services Ph.D Dissertation Progress Report Candidate: Nelly A. Delessy, Advisor: Dr E.B. Fernandez Department of Computer Science and Engineering Florida Atlantic University, Boca Raton FL. Introduction.
E N D
A Trust Model for Web ServicesPh.D Dissertation Progress ReportCandidate: Nelly A. Delessy, Advisor: Dr E.B. FernandezDepartment of Computer Science and EngineeringFlorida Atlantic University, Boca Raton FL
Introduction • Dissertation’s goal: to develop a unified trust model for web services • Will indicate how it can be interfaced to existing access control models for web services • Will include trust management through trust policies, and dynamic aspects such as trust negotiation • Using UML and/or some mathematical formalism
Dissertation Progress • What has been done: Existing Web services Access Control Models: • Patterns for XACML and the application firewall (last semesters) • Patterns for the WS-* Family: WS-Security and WS-Policy • Methodology to compare standards: Included in the paper: “Using patterns to compare web services security products and standards” • This semester: • Inclusion of wireless aspects • Future work: • Develop the Trust model itself
(Resource, action, context, effect) Credential types Trust level Assigned trust level Required trust level Trust policies Access policies Dissertation Progress • Future work • Description of the interface between trust model and access control model for web services(Spring 2006 & Summer 2006)
Dissertation Progress • Future work • Define the static elements of the trust model formally (Fall 2006) • Develop the dynamic aspects of the trust model (Fall 2006) • Identify patterns from the model (Fall 2006) • Publish a Journal Paper from one of these steps
Introduction • Web services are becoming important for user access to services that depends on location and they are appearing in mobile devices. • The concept of dynamic access to web services allied with the flexibility of wireless accesses makes it possible to envisage a new type of applications, where the mobility of the user supplies the application with context elements. • Examples in the field of disaster management, location services, advertising (service discovery), etc
Architectures • Gateway architecture • used when portable devices are limited in memory and computational power. • And/or the connection bandwidth and reliability of the wireless connection are limited. • An example of this compressed format: WML (equivalent of HTML in the WAP stack, available in many phones), or for basic scenarios such as the “push” of information, the gateway can transform SOAP messages into SMS, or voice.
Architectures • Direct consumer architecture • portable devices must have built-in implementations of the web services technologies (high end market segment, now), ex: smart phones, PDAs, and laptops. • Hardware and operating systems security is an important issue in this configuration. • the device, that is now a consumer of web services, can run client applications from different providers, a strong level of security is needed, including some type of authorization system, such as a subset of XACML or WS-*
Architectures • Use of mobile agents • approach is suggested in [Bel03b]. • proxies act on behalf of a client. • Rationale: using a web service can imply multiple passes between client, server and third parties (for security purposes for example) while the wireless link is not reliable and the bandwidth can be limited.
Architectures • Direct consumer architecture • The mobile device is a WS Provider • Ex: to expose the user’s calendar, its profile • Liberty PAOS (Reverse HTTP Binding for SOAP) enables the creation of personalized services • Privacy issues…
OMA OWSER • OMA: Open Mobile Alliance • OWSER : OMA Web Services Enabler • Addresses: • Transport security • SOAP message security • But not application security • Are working on providing profiling standards, such as Liberty Alliance, OCSP, WSDL wireless web services
OMA OWSER • To provide identity-based Web Services • They propose to use Liberty Alliance specs • Circle of Trust