434,552 research outputs found
Establishing Trust in e-Governance using Web Services
Trust Management is one of the most challenging issues in the emerging Web Engineering and InternetTechnologies. Over the past few years, many studies have been proposed different techniques to address trustmanagement issues. However, despite these past efforts, several trust management issues such as privacy, security,accessibility, integrity and scalability have been mostly ignored and need to be proposed in Web Engineeringtechnologies. Web services provide many opportunities for enterprises to built trustworthiness. In India the growingeconomic infrastructure with lightening speeds towards the adoption and successful implementation of e-governance.Establishing trust in e-governance services is quite important as now government has many services for commonman at their door step and more services are in future. But the common man has to know about it and have usedfrequently for their daily requirements. This paper is emphasized to trust on the web services and what steps shouldbe adopted for better service
Provenance-based trust for grid computing: Position Paper
Current evolutions of Internet technology such as Web Services, ebXML, peer-to-peer and Grid computing all point to the development of large-scale open networks of diverse computing systems interacting with one another to perform tasks. Grid systems (and Web Services) are exemplary in this respect and are perhaps some of the first large-scale open computing systems to see widespread use - making them an important testing ground for problems in trust management which are likely to arise. From this perspective, today's grid architectures suffer from limitations, such as lack of a mechanism to trace results and lack of infrastructure to build up trust networks. These are important concerns in open grids, in which "community resources" are owned and managed by multiple stakeholders, and are dynamically organised in virtual organisations. Provenance enables users to trace how a particular result has been arrived at by identifying the individual services and the aggregation of services that produced such a particular output. Against this background, we present a research agenda to design, conceive and implement an industrial-strength open provenance architecture for grid systems. We motivate its use with three complex grid applications, namely aerospace engineering, organ transplant management and bioinformatics. Industrial-strength provenance support includes a scalable and secure architecture, an open proposal for standardising the protocols and data structures, a set of tools for configuring and using the provenance architecture, an open source reference implementation, and a deployment and validation in industrial context. The provision of such facilities will enrich grid capabilities by including new functionalities required for solving complex problems such as provenance data to provide complete audit trails of process execution and third-party analysis and auditing. As a result, we anticipate that a larger uptake of grid technology is likely to occur, since unprecedented possibilities will be offered to users and will give them a competitive edge
Measuring the quality of e-banking portals: an empirical investigation
Purpose – In the internet economy, the business model of web portals has spread rapidly over the
last few years. Despite this, there have been very few scholarly investigations into the services and
characteristics that transform a web site into a portal as well as into the dimensions that determine
the customer's evaluation of the portal's service quality.
Design/ methodology/ approach – Based on an empirical study in the field of e-banking, the
authors validate a measurement model for the construct of web portal quality based on the following
dimensions: security and trust, basic services quality, cross-buying services quality, added value,
transaction support and responsiveness.
Findings – The identified dimensions can reasonably be classified into three service categories:
core services, additional services, and problem-solving services.
Originality/ value – The knowledge of these dimensions as major determinants of consumer's
quality perception in the internet provides banks a promising starting point for establishing an
effective quality management for their e-businesses
A Web-Services-Based P2P Computing-Power Sharing Architecture
As demands of data processing and computing power are increasing, existing information system architectures become insufficient. Some organizations try to figure out how to keep their systems work without purchasing new hardware and software. Therefore, a Webservices-based model which shares the resource over the network like a P2P network will be proposed to meet this requirement in this paper. In addition, this paper also discusses some problems about security, motivation, flexibility, compatibility and workflow management for the traditional P2P power sharing models. Our new computing architecture - Computing Power Services (CPS) - will aim to address these problems. For the shortcomings about flexibility, compatibility and workflow management, CPS utilizes Web Services and Business Process Execution Language (BPEL) to overcome them. Because CPS is assumed to run in a reliable network where peers trust each other, the concerns about security and motivation will be negated. In essence, CPS is a lightweight Web-Services-based P2P power sharing environment and suitable for executing computing works in batch in a reliable networ
Sea of Lights: Practical Device-to-Device Security Bootstrapping in the Dark
Practical solutions to bootstrap security in today's information and
communication systems critically depend on centralized services for
authentication as well as key and trust management. This is particularly true
for mobile users. Identity providers such as Google or Facebook have active
user bases of two billion each, and the subscriber number of mobile operators
exceeds five billion unique users as of early 2018. If these centralized
services go completely `dark' due to natural or man made disasters, large scale
blackouts, or country-wide censorship, the users are left without practical
solutions to bootstrap security on their mobile devices. Existing distributed
solutions, for instance, the so-called web-of-trust are not sufficiently
lightweight. Furthermore, they support neither cross-application on mobile
devices nor strong protection of key material using hardware security modules.
We propose Sea of Lights(SoL), a practical lightweight scheme for bootstrapping
device-to-device security wirelessly, thus, enabling secure distributed
self-organized networks. It is tailored to operate `in the dark' and provides
strong protection of key material as well as an intuitive means to build a
lightweight web-of-trust. SoL is particularly well suited for local or urban
operation in scenarios such as the coordination of emergency response, where it
helps containing/limiting the spreading of misinformation. As a proof of
concept, we implement SoL in the Android platform and hence test its
feasibility on real mobile devices. We further evaluate its key performance
aspects using simulation
Multi-party authentication protocols for web services
The Web service technology allows the dynamic composition of a workflow (or a business flow) by composing a set of existing Web services scattered across the Internet. While a given Web service may have multiple service instances taking part in several workflows simultaneously, a workflow often involves a set of service instances that belong to different Web services. In order to establish trust relationships amongst service instances, new security protocols are urgently needed. Hada and Maruyama [HAD02] presented a session-oriented, multi-party authentication protocol to resolve this problem. Within a session the protocol provides a common session secret shared by all the service instances, thereby distinguishing the instances from those of other sessions. However, individual instances cannot be distinguished and identified by the session secret. This leads to vulnerable session management and poor threat containment. In this thesis, we present a new design for a multi-party authentication protocol. In this protocol, each service instance is provided with a unique identifier. The Diffie-Hellman Key Agreement scheme is employed to generate the trust relationship between service instances within the same flow. The Coordinated Atomic Action scheme is exploited for achieving an improved level of threat containment. The new protocol was implemented in Java and evaluated by a combined use of experiments and model-based analysis. The results show that the time consumption for multi-party authentication increases linearly as the number of service instances that are introduced into a session increases. Our solution is therefore potentially applicable for Web service flow with a large number of participants. Various public key algorithms are also compared and evaluated during the experiments in order to select the most suitable one for our new protocol
Service Contracts: Beyond Trust in Service Oriented Architectures
National audienceThe Service-Oriented Architecture (SOA) is considered as the most promising paradigm over the last few years for delivering functionalities and allowing business cooperation. In SOA, the traditional vision of security aims to keep properties such as availability, authenticity and confidentiality by protecting the web service itself. However, in such an approach, the particularities of the human interaction in regard to the behaviors of the service stakeholders have been until now based only on trust. In this article, we present an approach based on machine readable contracts and evidences for improving the traditional web service-centered security. Similarly, the usefulness of this approach in context of semi-automatic auditing and risk management is discussed. \textcopyright 2016 Lavoisier.The Service-Oriented Architecture (SOA) is considered as the most promising paradigm over the last few years for delivering functionalities and allowing business cooperation. In SOA, the traditional vision of security aims to keep properties such as availability, authenticity and confidentiality by protecting the web service itself. However, in such an approach, the particularities of the human interaction in regard to the behaviors of the service stakehold-ers have been until now based only on trust. In this article, we present an approach based on machine readable contracts and evidences for improving the traditional web service-centered security. Similarly, the usefulness of this approach in context of semi-automatic auditing and risk management is discussed. RÉSUMÉ. L'architecture orientée services (SOA) est considérée comme le paradigme le plus prometteur au cours des dernières années pour fournir des fonctionnalités et faciliter la coo-pération commerciale.Dans le SOA, la vision traditionnelle de la sécurité vise à garder des propriétés telles que la disponibilité, l'authenticité et la confidentialité, en protégant le service Web lui-même. Cependant, dans une telle approche les particularités de l'interaction humaine en ce qui concerne les comportements des parties prenantes de service ont été jusqu'à présent basée seulement sur la confiance. Dans cet article, nous présentons une approche basée sur des contrats lisibles par la machine et des preuves pour enrichir la vision traditionannelle de la sécurité axée sur les services web. De même, l'utilité de cette approche dans le contexte de la gestion de risques et l'audit semi-automatique est discutée
- …