A service-based testbed for Trust Negotiation

Trust Negotiation allows users to develop trust incrementally, by disclosing credentials step by step. This way, services and resources can be shared in an open environment, and access rights can be granted on the basis of peer-to-peer trust relationships. This article presents a service-based testbed for Trust Negotiation. At its core, it is created as a generic framework based on the WS-Trust standard. It integrates a modular trust engine and a rule engine, which is used as a policy checker. The system is mainly oriented at Web services composition and location-based social networking scenarios

Automated ubiquitos delivery of generalised services in a open market

University of Technology, Sydney. Faculty of Information Technology.Telecommunications networks, and the services delivered over those networks have become an integral part of most people's lives in the developed world. The range and availability of these services is increasing, however the management of services still lags well behind technical capability, providing unnecessary barriers to the adoption of available technology. The work described in this dissertation has a primary goal of enabling flexible, automated delivery of any telecommunication-based service. More specifically, a mechanism to solve the administrative problems in enabling end users to automatically establish service agreements for any available service, from any available provider. The aims of this work are to: 1. enable the description of service level agreements(SLA) for generalised telecommunication-based services, and 2. provide mechanisms by which those service level agreements may be managed. The term “generalised services” means that all service types are managed using a common framework and set of processes. To derive at a suitable service level agreement description language, the characteristics of telecommunication-based services are first analysed, along with considerations in delivering a service, including service quality, resource allocation and configuration, service pricing and service ubiquity. The current art in SLA description is studied and the requirements of an appropriate language are proposed. An ontological approach to SLA description is adopted, and an SLA description language is developed based on semantic web technologies. To develop the mechanisms for SLA management, the current art is first analysed, and a set of requirements for a suitable SLA management framework are proposed. These requirements are used to guide the design of a multi-agent SLA negotiation framework, including a detailed description of the communication model, framework processes, and social behaviour of the agents involved. Finally, the SLA description language and the negotiation framework are compared with the closest art, and are assessed against tightly argued criteria. An experimental framework and use cases are developed to explore an application of the proposed solution, and to validate completeness. The approach taken has led to the following two key contributions: 1. A set of formal ontologies that may be used to semantically describe secure service level agreements for any application domain. 2. A multi-agent system providing an open market where services can be discovered, participants identified, and negotiation performed using context specific mechanisms. The conclusions of the work are that an ontology-based SLA description language is appropriate for describing generalised SLAs, and that a distributed, agent based negotiation platform that is based on an open market and uses a minimal set of core processes with an extensible, ontology based communication mechanism is appropriate for managing service level agreements in a generalised, automated and ubiquitous way

Using argumentative agents to manage communities of Web services

This paper presents a framework for specifying Web services communities. A Web service is an accessible application that humans, software agents, and other applications in general can discover, compose, and invoke in order to satisfy users\u27 needs like hotel booking. Web services providing the same functionality are gathered into one community, independently of their origins. This framework shows how software agents that are able to argue, negotiate, and reason about Web services can be used to specify these Web services and to manage their respective communities. The use of what we call argumentative agents helps Web services in being better organized within communities and in achieving the goals for which they are conceived. The community is led by a master component, which among others attracts new Web services to the community, retains existing Web services in the community, and identifies the Web services in the community that will participate in composite Web services. All these operations are managed by interacting agents through flexible conversations made up by argumentation, persuasion, and negotiation phases called dialogue games. © 2007 IEEE

Trust negotiation policy management for service-oriented applications

Service-oriented architectures (SOA), and in particular Web services, have quickly become a popular technology to connect applications both within and across enterprise boundaries. However, as services are increasingly used to implement critical functionality, security has become an important concern impeding the widespread adoption of SOA. Trust negotiation is an approach to access control that may be applied in scenarios where service requesters are often unknown in advance, such as for services available via the public Internet. Rather than relying on requesters' identities, trust negotiation makes access decisions based on the level of trust established between the requester and the provider in a negotiation, during which the parties exchange credentials, which are signed assertions that describe some attributes of the owner. However, managing the evolution of trust negotiation policies is a difficult problem that has not been sufficiently addressed to date. Access control policies have a lifecycle, and they are revised based on applicable business policies. Additionally, because a trust relationship established in a trust negotiation may be long lasting, their evolution must also be managed. Simply allowing a negotiation to continue according to an old policy may be undesirable, especially if new important constraints have been added. In this thesis, we introduce a model-driven trust negotiation framework for service-oriented applications. The framework employs a model for trust negotiation, based on state machines, that allows automated generation of the control structures necessary to enforce trust negotiation policies from the visual model of the policy. Our policy model also supports lifecycle management. We provide sets of operations to modify policies and to manage ongoing negotiations, and operators for identifying and managing impacts of changes to trust negotiation policies on ongoing trust negotiations. The framework presented in the thesis has been implemented in the Trust-Serv prototype, which leverages industry specifications such as WS-Security and WS-Trust to offer a container-centric mechanism for deploying trust negotiation that is transparent to the services being protected

An Overlay Architecture for Personalized Object Access and Sharing in a Peer-to-Peer Environment

Due to its exponential growth and decentralized nature, the Internet has evolved into a chaotic repository, making it difficult for users to discover and access resources of interest to them. As a result, users have to deal with the problem of information overload. The Semantic Web's emergence provides Internet users with the ability to associate explicit, self-described semantics with resources. This ability will facilitate in turn the development of ontology-based resource discovery tools to help users retrieve information in an efficient manner. However, it is widely believed that the Semantic Web of the future will be a complex web of smaller ontologies, mostly created by various groups of web users who share a similar interest, referred to as a Community of Interest. This thesis proposes a solution to the information overload problem using a user driven framework, referred to as a Personalized Web, that allows individual users to organize themselves into Communities of Interests based on ontologies agreed upon by all community members. Within this framework, users can define and augment their personalized views of the Internet by associating specific properties and attributes to resources and defining constraint-functions and rules that govern the interpretation of the semantics associated with the resources. Such views can then be used to capture the user's interests and integrate these views into a user-defined Personalized Web. As a proof of concept, a Personalized Web architecture that employs ontology-based semantics and a structured Peer-to-Peer overlay network to provide a foundation of semantically-based resource indexing and advertising is developed. In order to investigate mechanisms that support the resource advertising and retrieval of the Personalized Web architecture, three agent-driven advertising and retrieval schemes, the Aggressive scheme, the Crawler-based scheme, and the Minimum-Cover-Rule scheme, were implemented and evaluated in both stable and churn environments. In addition to the development of a Personalized Web architecture that deals with typical web resources, this thesis used a case study to explore the potential of the Personalized Web architecture to support future web service workflow applications. The results of this investigation demonstrated that the architecture can support the automation of service discovery, negotiation, and invocation, allowing service consumers to actualize a personalized web service workflow. Further investigation will be required to improve the performance of the automation and allow it to be performed in a secure and robust manner. In order to support the next generation Internet, further exploration will be needed for the development of a Personalized Web that includes ubiquitous and pervasive resources

A Real-Time Service-Oriented Architecture for Industrial Automation

Industrial automation platforms are experiencing a paradigm shift. New technologies are making their way in the area, including embedded real-time systems, standard local area networks like Ethernet, Wi-Fi and ZigBee, IP-based communication protocols, standard service oriented architectures (SOAs) and Web services. An automation system will be composed of flexible autonomous components with plug & play functionality, self configuration and diagnostics, and autonomic local control that communicate through standard networking technologies. However, the introduction of these new technologies raises important problems that need to be properly solved, one of these being the need to support real-time and quality-of-service (QoS) for real-time applications. This paper describes a SOA enhanced with real-time capabilities for industrial automation. The proposed architecture allows for negotiation of the QoS requested by clients from Web services, and provides temporal encapsulation of individual activities. This way, it is possible to perform an a priori analysis of the temporal behavior of each service, and to avoid unwanted interference among them. After describing the architecture, experimental results gathered on a real implementation of the framework (which leverages a soft real-time scheduler for the Linux kernel) are presented, showing the effectiveness of the proposed solution. The experiments were performed on simple case studies designed in the context of industrial automation applications