41 research outputs found
Data Ingredients: smart disclosure and open government data as complementary tools to meet policy objectives. The case of energy efficiency.
Open government data are considered a key asset for eGovernment. One could argue that governments can influence other types of data disclosure, as potential ingredients of innovative services. To discuss this assumption, we took the example of the U.S. 'Green Button' initiative – based on the disclosure of energy consumption data to each user – and analysed 36 energy-oriented digital services reusing these and other data, in order to highlight their set of inputs. We find that apps suggesting to a user a more efficient consumption behaviour also benefit from average retail electricity cost/price information; that energy efficiency 'scoring' apps also need, at least, structured and updated information on buildings performance; and that value-added services that derive insights from consumption data frequently rely on average energy consumption information. More in general, most of the surveyed services combine consumption data, open government data, and corporate data. When setting sector-specific agendas grounded on data disclosure, public agencies should therefore consider (contributing) to make available all three layers of information. No widely acknowledged initiatives of energy consumption data disclosure to users are being implemented in the EU. Moreover, browsing EU data portals and websites of public agencies, we find that other key data ingredients are not supplied (or, at least, not as open data), leaving room for possible improvements in this arena
Security for Grid Services
Grid computing is concerned with the sharing and coordinated use of diverse
resources in distributed "virtual organizations." The dynamic and
multi-institutional nature of these environments introduces challenging
security issues that demand new technical approaches. In particular, one must
deal with diverse local mechanisms, support dynamic creation of services, and
enable dynamic creation of trust domains. We describe how these issues are
addressed in two generations of the Globus Toolkit. First, we review the Globus
Toolkit version 2 (GT2) approach; then, we describe new approaches developed to
support the Globus Toolkit version 3 (GT3) implementation of the Open Grid
Services Architecture, an initiative that is recasting Grid concepts within a
service oriented framework based on Web services. GT3's security implementation
uses Web services security mechanisms for credential exchange and other
purposes, and introduces a tight least-privilege model that avoids the need for
any privileged network service.Comment: 10 pages; 4 figure
A message-level security approach for RESTful services
In the past ten years Web Services have positioned themselves to be one of the leading
distributed technologies. The technology, supported by major IT companies, offers
specifications to many challenges in a distributed environment like strong interface and
message contacts, service discovery, reliable message exchange and advanced security
mechanisms. On the other hand, all these specifications have made Web Services very
complex and the industry is struggling to implement those in a standardized manner.
REST based services, also known as RESTful services, are based on pure HTTP and
have risen as competitors to Web Services, mainly because of their simplicity. Now they are
being adopted by the majority of the big industry corporations including Microsoft, Yahoo
and Google, who have deprecated or passed on Web Services in favor of RESTful services.
However, RESTful services have been criticized for lacking functionality offered by Web
Services, especially message-level security. Since security is an important functionality which
may tip the scale in a negative direction for REST based services, this thesis proposes a
prototype solution for message-level security for RESTful services. The solution is for the
most part technical and utilizes well-known, cross-platform mechanisms which are composed
together while a smaller part of the solution discusses a non-technical approach regarding the
token distribution. During the development of the prototype, much of the focus was to adapt
the solution according to the REST principals and guidelines, such are multi-format support
(XML or JSON) and light-weight, human readable messages
XML security in XML data integrity, authentication, and confidentiality
The widely application of XML has increasingly required high security. XML security confronts some challenges that are strong relating to its features. XML data integrity needs to protect element location information and contextreferential meaning as well as data content integrity under fine-grained security situations. XML data authentication must satisfy a signing process under a dependent and independent multi-signature generation scenario. When several different sections are encrypted within the XML data, it cannot query the encrypted contents without decrypting the encrypted portions. The technologies relating to XML security demand further development. This thesis aims to improve XML security relative technologies, and make them more practicable and secure. A novel revocation information validation approach for X.509 certificate is proposed based on the XML digital signature technology. This approach reduces the complexity of XKMS or PKI systems because it eliminates the requirement for additional revocation checking from XKMS or CA. The communication burden between server and client could be alleviated. The thesis presents the context-referential integrity for XML data. An integrity solution for XML data is also proposed based on the concatenated hash function. The integrity model proposed not only ensures XML data content integrity, but also protects the structure integrity and elements’ context relationship within an XML data. If this model is integrated into XML signature technology, the signature cannot be copied to another document still keeping valid. A new series-parallel XML multi-signature scheme is proposed. The presented scheme is a mixed order specified XML multi-signature scheme according to a dependent and independent signing process. Using presented XML data integrity-checking pool to provide integrity-checking for decomposed XML data, it makes signing XPath expression practicable, rather than signing XML data itself. A new labeling scheme for encrypted XML data is presented to improve the efficiency of index information maintenance which is applied to support encrypted XML data query processing. The proposed labelling scheme makes maintenance index information more efficient, and it is easy to update XML data with decreasing the number of affected nodes to the lowest. In order to protect structural information for encrypted XML data, the encrypted nodes are removed from original XML data, and structural information is hidden. A case study is carried out to demonstrate how the proposed XML security relative approaches and schemes can be applied to satisfy fine-grained XML security in calibration certificate management.EThOS - Electronic Theses Online ServiceGBUnited Kingdo
The Development of a graduate course on identity management for the Department of Networking, Security, and Systems Administration
Digital identities are being utilized more than ever as a means to authenticate computer users in order to control access to systems, web services, and networks. To maintain these digital identities, administrators turn to Identity Management solutions to offer protection for users, business partners, and networks. This paper proposes an analysis of Identity Management to be accomplished in the form of a graduate level course of study for a ten-week period for the Networking, Security, and Systems Administration department at Rochester Institute of Technology. This course will be designed for this department because of its emphasis on securing, protecting, and managing the identities of users within and across networks. Much of the security-related courses offered by the department focus primarily on security within enterprises. Therefore, Identity Management, a topic that is becoming more popular within enterprises each day, would compliment these courses. Students that enroll in this course will be more equipped to satisfy the needs of modern enterprises when they graduate because they will have a better understanding of how to address security issues that involve managing user identities across networks, systems, and enterprises. This course will focus on several aspects of Identity Management and its use in enterprises today. Covered during the course will be the frameworks of Identity Management, for instance, Liberty Identity Federation Framework and OASIS SAML 2.0; the Identity Management models; and some of the major Identity Management solutions that are in use today such as Liberty Alliance, Microsoft Passport, and Shibboleth. This course will also provide the opportunity to gain hands on experience by facilitating exemplar technologies used in laboratory investigations
Ασφάλεια Web Services
Σημείωση: διατίθεται συμπληρωματικό υλικό σε ξεχωριστό αρχείο
Design and implementation of extensible middleware for non-repudiable interactions
PhD ThesisNon-repudiation is an aspect of security that is concerned with the creation of irrefutable audits of
an interaction. Ensuring the audit is irrefutable and verifiable by a third party is not a trivial task.
A lot of supporting infrastructure is required which adds large expense to the interaction. This
infrastructure comprises, (i) a non-repudiation aware run-time environment, (ii) several purpose
built trusted services and (iii) an appropriate non-repudiation protocol. This thesis presents design
and implementation of such an infrastructure. The runtime environment makes use of several trusted
services to achieve external verification of the audit trail. Non-repudiation is achieved by executing
fair non-repudiation protocols. The Fairness property of the non-repudiation protocol allows a
participant to protect their own interests by preventing any party from gaining an advantage by
misbehaviour. The infrastructure has two novel aspects; extensibility and support for automated
implementation of protocols.
Extensibility is achieved by implementing the infrastructure in middleware and by presenting a
large variety of non-repudiable business interaction patterns to the application (a non-repudiable
interaction pattern is a higher level protocol composed from one or more non-repudiation protocols).
The middleware is highly configurable allowing new non-repudiation protocols and interaction
patterns to be easily added, without disrupting the application.
This thesis presents a rigorous mechanism for automated implementation of non-repudiation
protocols. This ensures that the protocol being executed is that which was intended and verified
by the protocol designer. A family of non-repudiation protocols are taken and inspected. This
inspection allows a set of generic finite state machines to be produced. These finite state machines
can be used to maintain protocol state and manage the sending and receiving of appropriate protocol
messages.
A concrete implementation of the run-time environment and the protocol generation techniques is
presented. This implementation is based on industry supported Web service standards and services.EPSRC, The Hewlett Packard Arjuna La
A SOAP-based Model for secure messaging in a global context
For integration between application-systems in a global context, interoperability needs to be established on a global level; global interoperability, in turn, is based on a global common application-interface. This is achieved through resolving differences in, inter alia, protocol profiles, among participants in the global network. ebXML is used as the point of departure. A messaging framework, which is based on existing Web technology and standards, is proposed. Certain security and Web service standards are examined to determine specific parameters for an interoperable secure messaging environment. A security based framework comprising a predefined message format and architecture is investigated for a secure interoperable global electronic marketspace