WSACT : a model for Web Services access control incorporating trust

Today, organisations that seek a competitive advantage are adopting virtual infrastructures that share and manage computing resources. The trend is towards implementing collaborating applications that are supported by web services technology. Even though web services technology is rapidly becoming a fundamental development paradigm, adequate security constitutes the main concern and obstacle to its adoption as an industry solution. An important issue to address is the development of suitable access control models that are able to not only restrict access to unauthorised users, but also to discriminate between users that originate from different collaborating parties. In web services environments, access control is required to cross the borders of security domains, in order to be implemented between heterogeneous systems. Traditional access control systems that are identity-based do not provide a solution, as web services providers have to deal with unknown users, manage a large user population, collaborate with others and at the same time be autonomous of nature. Previous research has pointed towards the adoption of attribute-based access control as a means to address some of these problems. This approach is still not adequate, as the trustworthiness of web services requestors cannot be determined. Trust in web services requestors is thus an important requirement to address. For this reason, the thesis investigated trust, as to promote the inclusion of trust in the web services access control model. A cognitive approach to trust computation was followed that addressed uncertain and imprecise information by means of fuzzy logic techniques. A web services trust formation framework was defined that aims to populate trust concepts by means of automated, machine-based trust assessments. The structure between trust concepts was made explicit by means of a trust taxonomy. This thesis presents the WSACT – or the Web Services Access Control incorporating Trust –model. The model incorporates traditional role-based access control, the trust levels of web services requestors and the attributes of users into one model. This allows web services providers to grant advanced access to the users of trusted web services requestors, in contrast to the limited access that is given to users who make requests through web services requestors with whom a minimal level of trust has been established. Such flexibility gives a web services provider the ability to foster meaningful business relationships with others, which portrays humanistic forms of trust. The WSACT architecture describes the interacting roles of an authorisation interface, authorisation manager and trust manager. A prototype finally illustrates that the incorporation of trust is a viable solution to the problem of web services access control when decisions of an autonomous nature are to be made.Thesis (PhD (Computer Science))--University of Pretoria, 2008.Computer Scienceunrestricte

Trust Strategies for the Semantic Web

Everyone agrees on the importance of enabling trust on the SemanticWebto ensure more efficient agent interaction. Current research on trust seems to focus on developing computational models, semantic representations, inference techniques, etc. However, little attention has been given to the plausible trust strategies or tactics that an agent can follow when interacting with other agents on the Semantic Web. In this paper we identify five most common strategies of trust and discuss their envisaged costs and benefits. The aim is to provide some guidelines to help system developers appreciate the risks and gains involved with each trust strategy

On the emergent Semantic Web and overlooked issues

The emergent Semantic Web, despite being in its infancy, has already received a lotof attention from academia and industry. This resulted in an abundance of prototype systems and discussion most of which are centred around the underlying infrastructure. However, when we critically review the work done to date we realise that there is little discussion with respect to the vision of the Semantic Web. In particular, there is an observed dearth of discussion on how to deliver knowledge sharing in an environment such as the Semantic Web in effective and efficient manners. There are a lot of overlooked issues, associated with agents and trust to hidden assumptions made with respect to knowledge representation and robust reasoning in a distributed environment. These issues could potentially hinder further development if not considered at the early stages of designing Semantic Web systems. In this perspectives paper, we aim to help engineers and practitioners of the Semantic Web by raising awareness of these issues

A Survey on Service Composition Middleware in Pervasive Environments

The development of pervasive computing has put the light on a challenging problem: how to dynamically compose services in heterogeneous and highly changing environments? We propose a survey that defines the service composition as a sequence of four steps: the translation, the generation, the evaluation, and finally the execution. With this powerful and simple model we describe the major service composition middleware. Then, a classification of these service composition middleware according to pervasive requirements - interoperability, discoverability, adaptability, context awareness, QoS management, security, spontaneous management, and autonomous management - is given. The classification highlights what has been done and what remains to do to develop the service composition in pervasive environments

Security models for trusting network appliances

A significant characteristic of pervasive computing is the need for secure interactions between highly mobile entities and the services in their environment. Moreover,these decentralised systems are also characterised by partial views over the state of the global environment, implying that we cannot guarantee verification of the properties of the mobile entity entering an unfamiliar domain. Secure in this context encompasses both the need for cryptographic security and the need for trust, on the part of both parties, that the interaction is functioning as expected. In this paper we make a broad assumption that trust and cryptographic security can be considered as orthogonal concerns (i.e. cryptographic measures do not ensure transmission of correct information). We assume the existence of reliable encryption techniques and focus on the characteristics of a model that supports the management of the trust relationships between two devices during ad-hoc interactions

Delivering services by building and running virtual organisations

Non peer reviewedPostprin