Data Ingredients: smart disclosure and open government data as complementary tools to meet policy objectives. The case of energy efficiency.

Open government data are considered a key asset for eGovernment. One could argue that governments can influence other types of data disclosure, as potential ingredients of innovative services. To discuss this assumption, we took the example of the U.S. 'Green Button' initiative – based on the disclosure of energy consumption data to each user – and analysed 36 energy-oriented digital services reusing these and other data, in order to highlight their set of inputs. We find that apps suggesting to a user a more efficient consumption behaviour also benefit from average retail electricity cost/price information; that energy efficiency 'scoring' apps also need, at least, structured and updated information on buildings performance; and that value-added services that derive insights from consumption data frequently rely on average energy consumption information. More in general, most of the surveyed services combine consumption data, open government data, and corporate data. When setting sector-specific agendas grounded on data disclosure, public agencies should therefore consider (contributing) to make available all three layers of information. No widely acknowledged initiatives of energy consumption data disclosure to users are being implemented in the EU. Moreover, browsing EU data portals and websites of public agencies, we find that other key data ingredients are not supplied (or, at least, not as open data), leaving room for possible improvements in this arena

Security for Grid Services

Grid computing is concerned with the sharing and coordinated use of diverse resources in distributed "virtual organizations." The dynamic and multi-institutional nature of these environments introduces challenging security issues that demand new technical approaches. In particular, one must deal with diverse local mechanisms, support dynamic creation of services, and enable dynamic creation of trust domains. We describe how these issues are addressed in two generations of the Globus Toolkit. First, we review the Globus Toolkit version 2 (GT2) approach; then, we describe new approaches developed to support the Globus Toolkit version 3 (GT3) implementation of the Open Grid Services Architecture, an initiative that is recasting Grid concepts within a service oriented framework based on Web services. GT3's security implementation uses Web services security mechanisms for credential exchange and other purposes, and introduces a tight least-privilege model that avoids the need for any privileged network service.Comment: 10 pages; 4 figure

A message-level security approach for RESTful services

In the past ten years Web Services have positioned themselves to be one of the leading distributed technologies. The technology, supported by major IT companies, offers specifications to many challenges in a distributed environment like strong interface and message contacts, service discovery, reliable message exchange and advanced security mechanisms. On the other hand, all these specifications have made Web Services very complex and the industry is struggling to implement those in a standardized manner. REST based services, also known as RESTful services, are based on pure HTTP and have risen as competitors to Web Services, mainly because of their simplicity. Now they are being adopted by the majority of the big industry corporations including Microsoft, Yahoo and Google, who have deprecated or passed on Web Services in favor of RESTful services. However, RESTful services have been criticized for lacking functionality offered by Web Services, especially message-level security. Since security is an important functionality which may tip the scale in a negative direction for REST based services, this thesis proposes a prototype solution for message-level security for RESTful services. The solution is for the most part technical and utilizes well-known, cross-platform mechanisms which are composed together while a smaller part of the solution discusses a non-technical approach regarding the token distribution. During the development of the prototype, much of the focus was to adapt the solution according to the REST principals and guidelines, such are multi-format support (XML or JSON) and light-weight, human readable messages

XML security in XML data integrity, authentication, and confidentiality

The widely application of XML has increasingly required high security. XML security confronts some challenges that are strong relating to its features. XML data integrity needs to protect element location information and contextreferential meaning as well as data content integrity under fine-grained security situations. XML data authentication must satisfy a signing process under a dependent and independent multi-signature generation scenario. When several different sections are encrypted within the XML data, it cannot query the encrypted contents without decrypting the encrypted portions. The technologies relating to XML security demand further development. This thesis aims to improve XML security relative technologies, and make them more practicable and secure. A novel revocation information validation approach for X.509 certificate is proposed based on the XML digital signature technology. This approach reduces the complexity of XKMS or PKI systems because it eliminates the requirement for additional revocation checking from XKMS or CA. The communication burden between server and client could be alleviated. The thesis presents the context-referential integrity for XML data. An integrity solution for XML data is also proposed based on the concatenated hash function. The integrity model proposed not only ensures XML data content integrity, but also protects the structure integrity and elements’ context relationship within an XML data. If this model is integrated into XML signature technology, the signature cannot be copied to another document still keeping valid. A new series-parallel XML multi-signature scheme is proposed. The presented scheme is a mixed order specified XML multi-signature scheme according to a dependent and independent signing process. Using presented XML data integrity-checking pool to provide integrity-checking for decomposed XML data, it makes signing XPath expression practicable, rather than signing XML data itself. A new labeling scheme for encrypted XML data is presented to improve the efficiency of index information maintenance which is applied to support encrypted XML data query processing. The proposed labelling scheme makes maintenance index information more efficient, and it is easy to update XML data with decreasing the number of affected nodes to the lowest. In order to protect structural information for encrypted XML data, the encrypted nodes are removed from original XML data, and structural information is hidden. A case study is carried out to demonstrate how the proposed XML security relative approaches and schemes can be applied to satisfy fine-grained XML security in calibration certificate management.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

The Development of a graduate course on identity management for the Department of Networking, Security, and Systems Administration

Digital identities are being utilized more than ever as a means to authenticate computer users in order to control access to systems, web services, and networks. To maintain these digital identities, administrators turn to Identity Management solutions to offer protection for users, business partners, and networks. This paper proposes an analysis of Identity Management to be accomplished in the form of a graduate level course of study for a ten-week period for the Networking, Security, and Systems Administration department at Rochester Institute of Technology. This course will be designed for this department because of its emphasis on securing, protecting, and managing the identities of users within and across networks. Much of the security-related courses offered by the department focus primarily on security within enterprises. Therefore, Identity Management, a topic that is becoming more popular within enterprises each day, would compliment these courses. Students that enroll in this course will be more equipped to satisfy the needs of modern enterprises when they graduate because they will have a better understanding of how to address security issues that involve managing user identities across networks, systems, and enterprises. This course will focus on several aspects of Identity Management and its use in enterprises today. Covered during the course will be the frameworks of Identity Management, for instance, Liberty Identity Federation Framework and OASIS SAML 2.0; the Identity Management models; and some of the major Identity Management solutions that are in use today such as Liberty Alliance, Microsoft Passport, and Shibboleth. This course will also provide the opportunity to gain hands on experience by facilitating exemplar technologies used in laboratory investigations

Ασφάλεια Web Services

Σημείωση: διατίθεται συμπληρωματικό υλικό σε ξεχωριστό αρχείο

Design and implementation of extensible middleware for non-repudiable interactions

PhD ThesisNon-repudiation is an aspect of security that is concerned with the creation of irrefutable audits of an interaction. Ensuring the audit is irrefutable and verifiable by a third party is not a trivial task. A lot of supporting infrastructure is required which adds large expense to the interaction. This infrastructure comprises, (i) a non-repudiation aware run-time environment, (ii) several purpose built trusted services and (iii) an appropriate non-repudiation protocol. This thesis presents design and implementation of such an infrastructure. The runtime environment makes use of several trusted services to achieve external verification of the audit trail. Non-repudiation is achieved by executing fair non-repudiation protocols. The Fairness property of the non-repudiation protocol allows a participant to protect their own interests by preventing any party from gaining an advantage by misbehaviour. The infrastructure has two novel aspects; extensibility and support for automated implementation of protocols. Extensibility is achieved by implementing the infrastructure in middleware and by presenting a large variety of non-repudiable business interaction patterns to the application (a non-repudiable interaction pattern is a higher level protocol composed from one or more non-repudiation protocols). The middleware is highly configurable allowing new non-repudiation protocols and interaction patterns to be easily added, without disrupting the application. This thesis presents a rigorous mechanism for automated implementation of non-repudiation protocols. This ensures that the protocol being executed is that which was intended and verified by the protocol designer. A family of non-repudiation protocols are taken and inspected. This inspection allows a set of generic finite state machines to be produced. These finite state machines can be used to maintain protocol state and manage the sending and receiving of appropriate protocol messages. A concrete implementation of the run-time environment and the protocol generation techniques is presented. This implementation is based on industry supported Web service standards and services.EPSRC, The Hewlett Packard Arjuna La

A SOAP-based Model for secure messaging in a global context

For integration between application-systems in a global context, interoperability needs to be established on a global level; global interoperability, in turn, is based on a global common application-interface. This is achieved through resolving differences in, inter alia, protocol profiles, among participants in the global network. ebXML is used as the point of departure. A messaging framework, which is based on existing Web technology and standards, is proposed. Certain security and Web service standards are examined to determine specific parameters for an interoperable secure messaging environment. A security based framework comprising a predefined message format and architecture is investigated for a secure interoperable global electronic marketspace