Management and Service-aware Networking Architectures (MANA) for Future Internet Position Paper: System Functions, Capabilities and Requirements

Future Internet (FI) research and development threads have recently been gaining momentum all over the world and as such the international race to create a new generation Internet is in full swing: GENI, Asia Future Internet, Future Internet Forum Korea, European Union Future Internet Assembly (FIA). This is a position paper identifying the research orientation with a time horizon of 10 years, together with the key challenges for the capabilities in the Management and Service-aware Networking Architectures (MANA) part of the Future Internet (FI) allowing for parallel and federated Internet(s)

Obligations of trust for privacy and confidentiality in distributed transactions

Purpose – This paper aims to describe a bilateral symmetric approach to authorization, privacy protection and obligation enforcement in distributed transactions. The authors introduce the concept of the obligation of trust (OoT) protocol as a privacy assurance and authorization mechanism that is built upon the XACML standard. The OoT allows two communicating parties to dynamically exchange their privacy and authorization requirements and capabilities, which the authors term a notification of obligation (NoB), as well as their commitments to fulfilling each other's requirements, which the authors term signed acceptance of obligations (SAO). The authors seek to describe some applicability of these concepts and to show how they can be integrated into distributed authorization systems for stricter privacy and confidentiality control. Design/methodology/approach – Existing access control and privacy protection systems are typically unilateral and provider-centric, in that the enterprise service provider assigns the access rights, makes the access control decisions, and determines the privacy policy. There is no negotiation between the client and the service provider about which access control or privacy policy to use. The authors adopt a symmetric, more user-centric approach to privacy protection and authorization, which treats the client and service provider as peers, in which both can stipulate their requirements and capabilities, and hence negotiate terms which are equally acceptable to both parties. Findings – The authors demonstrate how the obligation of trust protocol can be used in a number of different scenarios to improve upon the mechanisms that are currently available today. Practical implications – This approach will serve to increase trust in distributed transactions since each communicating party receives a difficult to repudiate digitally signed acceptance of obligations, in a standard language (XACML), which can be automatically enforced by their respective computing machinery. Originality/value – The paper adds to current research in trust negotiation, privacy protection and authorization by combining all three together into one set of standardized protocols. Furthermore, by providing hard to repudiate signed acceptance of obligations messages, this strengthens the legal case of the injured party should a dispute arise

Security policy integration based on role-based access control model in healthcare collaborative environments

Recently research is focused on security policy integration and conflict reconciliation among various healthcare organizations. However, challenging security and privacy risks issues still arisen during sharing sensitive patient data in different large distributed organizations.In this paper, we proposed an approach for integrating security policies based on Role-Based Access Control (RBAC) policy model that supports dynamic constraint rules and meta data information, reduces policy redundancy and resolves conflicts based on the types of policy redundancy and conflict.We believe this work can support dynamic updates and control policies in collaborative environments

The Semantic Grid: A future e-Science infrastructure

e-Science offers a promising vision of how computer and communication technology can support and enhance the scientific process. It does this by enabling scientists to generate, analyse, share and discuss their insights, experiments and results in an effective manner. The underlying computer infrastructure that provides these facilities is commonly referred to as the Grid. At this time, there are a number of grid applications being developed and there is a whole raft of computer technologies that provide fragments of the necessary functionality. However there is currently a major gap between these endeavours and the vision of e-Science in which there is a high degree of easy-to-use and seamless automation and in which there are flexible collaborations and computations on a global scale. To bridge this practice–aspiration divide, this paper presents a research agenda whose aim is to move from the current state of the art in e-Science infrastructure, to the future infrastructure that is needed to support the full richness of the e-Science vision. Here the future e-Science research infrastructure is termed the Semantic Grid (Semantic Grid to Grid is meant to connote a similar relationship to the one that exists between the Semantic Web and the Web). In particular, we present a conceptual architecture for the Semantic Grid. This architecture adopts a service-oriented perspective in which distinct stakeholders in the scientific process, represented as software agents, provide services to one another, under various service level agreements, in various forms of marketplace. We then focus predominantly on the issues concerned with the way that knowledge is acquired and used in such environments since we believe this is the key differentiator between current grid endeavours and those envisioned for the Semantic Grid

Improving perceptual multimedia quality with an adaptable communication protocol

Copyrights @ 2005 University Computing Centre ZagrebInnovations and developments in networking technology have been driven by technical considerations with little analysis of the benefit to the user. In this paper we argue that network parameters that define the network Quality of Service (QoS) must be driven by user-centric parameters such as user expectations and requirements for multimedia transmitted over a network. To this end a mechanism for mapping user-oriented parameters to network QoS parameters is outlined. The paper surveys existing methods for mapping user requirements to the network. An adaptable communication system is implemented to validate the mapping. The architecture adapts to varying network conditions caused by congestion so as to maintain user expectations and requirements. The paper also surveys research in the area of adaptable communications architectures and protocols. Our results show that such a user-biased approach to networking does bring tangible benefits to the user

Personalised privacy in pervasive and ubiquitous systems

Our world is edging closer to the realisation of pervasive systems and their integration in our everyday life. While pervasive systems are capable of offering many benefits for everyone, the amount and quality of personal information that becomes available raise concerns about maintaining user privacy and create a real need to reform existing privacy practices and provide appropriate safeguards for the user of pervasive environments. This thesis presents the PERSOnalised Negotiation, Identity Selection and Management (PersoNISM) system; a comprehensive approach to privacy protection in pervasive environments using context aware dynamic personalisation and behaviour learning. The aim of the PersoNISM system is twofold: to provide the user with a comprehensive set of privacy protecting tools and to help them make the best use of these tools according to their privacy needs. The PersoNISM system allows users to: a) configure the terms and conditions of data disclosure through the process of privacy policy negotiation, which addresses the current “take it or leave it” approach; b) use multiple identities to interact with pervasive services to avoid the accumulation of vast amounts of personal information in a single user profile; and c) selectively disclose information based on the type of information, who requests it, under what context, for what purpose and how the information will be treated. The PersoNISM system learns user privacy preferences by monitoring the behaviour of the user and uses them to personalise and/or automate the decision making processes in order to unburden the user from manually controlling these complex mechanisms. The PersoNISM system has been designed, implemented, demonstrated and evaluated during three EU funded projects

Policy inconsistency detection bassed on RBAC model in cross-organizational collaboration

Policy integration and conflict resolutions among various organizations still remain a major challenge.Moreover, policy inconsistency detection approach with logical reasoning techniques which considers integration requirements from collaboration parties has not been well studied.In this paper, we proposed a model to detect inconsistencies based on role-based access control (RBAC) that considers role hierarchy (RH) and temporal and spatial constraints.A model to prune and collect only the required policies based on access control requirements from different organizations is designed.Policy inconsistency detection should be enhanced with logical-based analysis in order to develop security policy integration.We believe this work could provide manner to filter a large amount of unrelated policies and only return potential collaboration policies for conflict resolution

On the integration of trust with negotiation, argumentation and semantics

Agreement Technologies are needed for autonomous agents to come to mutually acceptable agreements, typically on behalf of humans. These technologies include trust computing, negotiation, argumentation and semantic alignment. In this paper, we identify a number of open questions regarding the integration of computational models and tools for trust computing with negotiation, argumentation and semantic alignment. We consider these questions in general and in the context of applications in open, distributed settings such as the grid and cloud computing. © 2013 Cambridge University Press.This work was partially supported by the Agreement Technology COST action (IC0801). The authors would like to thank for helpful discussions and comments all participants in the panel on >Trust, Argumentation and Semantics> on 16 December 2009, Agia Napa, CyprusPeer Reviewe

On the use of Policy Based Management for Pervasive m-Government Services

This paper discusses service discovery, composition and adaptation, illustrating their usefulness in pervasive mobile environments in which a multitude of services are available to users. It addresses how service discovery and composition, incorporating personalisation and context awareness, can provide focused sets of services tailored to a user's individual needs, shielding users from the potentially bewildering range of offered services. It is argued that because users' needs will be constantly evolving, these service sets must also continually adapt to changing requirements. The Pervasive Services Platform developed by the EU FP6 integrated project Daidalos is described and a usage scenario for it that demonstrates how service discovery, composition and adaptation can be successfully integrated is outline