434,552 research outputs found

    Establishing Trust in e-Governance using Web Services

    Get PDF
    Trust Management is one of the most challenging issues in the emerging Web Engineering and InternetTechnologies. Over the past few years, many studies have been proposed different techniques to address trustmanagement issues. However, despite these past efforts, several trust management issues such as privacy, security,accessibility, integrity and scalability have been mostly ignored and need to be proposed in Web Engineeringtechnologies. Web services provide many opportunities for enterprises to built trustworthiness. In India the growingeconomic infrastructure with lightening speeds towards the adoption and successful implementation of e-governance.Establishing trust in e-governance services is quite important as now government has many services for commonman at their door step and more services are in future. But the common man has to know about it and have usedfrequently for their daily requirements. This paper is emphasized to trust on the web services and what steps shouldbe adopted for better service

    Provenance-based trust for grid computing: Position Paper

    No full text
    Current evolutions of Internet technology such as Web Services, ebXML, peer-to-peer and Grid computing all point to the development of large-scale open networks of diverse computing systems interacting with one another to perform tasks. Grid systems (and Web Services) are exemplary in this respect and are perhaps some of the first large-scale open computing systems to see widespread use - making them an important testing ground for problems in trust management which are likely to arise. From this perspective, today's grid architectures suffer from limitations, such as lack of a mechanism to trace results and lack of infrastructure to build up trust networks. These are important concerns in open grids, in which "community resources" are owned and managed by multiple stakeholders, and are dynamically organised in virtual organisations. Provenance enables users to trace how a particular result has been arrived at by identifying the individual services and the aggregation of services that produced such a particular output. Against this background, we present a research agenda to design, conceive and implement an industrial-strength open provenance architecture for grid systems. We motivate its use with three complex grid applications, namely aerospace engineering, organ transplant management and bioinformatics. Industrial-strength provenance support includes a scalable and secure architecture, an open proposal for standardising the protocols and data structures, a set of tools for configuring and using the provenance architecture, an open source reference implementation, and a deployment and validation in industrial context. The provision of such facilities will enrich grid capabilities by including new functionalities required for solving complex problems such as provenance data to provide complete audit trails of process execution and third-party analysis and auditing. As a result, we anticipate that a larger uptake of grid technology is likely to occur, since unprecedented possibilities will be offered to users and will give them a competitive edge

    Measuring the quality of e-banking portals: an empirical investigation

    Full text link
    Purpose – In the internet economy, the business model of web portals has spread rapidly over the last few years. Despite this, there have been very few scholarly investigations into the services and characteristics that transform a web site into a portal as well as into the dimensions that determine the customer's evaluation of the portal's service quality. Design/ methodology/ approach – Based on an empirical study in the field of e-banking, the authors validate a measurement model for the construct of web portal quality based on the following dimensions: security and trust, basic services quality, cross-buying services quality, added value, transaction support and responsiveness. Findings – The identified dimensions can reasonably be classified into three service categories: core services, additional services, and problem-solving services. Originality/ value – The knowledge of these dimensions as major determinants of consumer's quality perception in the internet provides banks a promising starting point for establishing an effective quality management for their e-businesses

    A Web-Services-Based P2P Computing-Power Sharing Architecture

    Get PDF
    As demands of data processing and computing power are increasing, existing information system architectures become insufficient. Some organizations try to figure out how to keep their systems work without purchasing new hardware and software. Therefore, a Webservices-based model which shares the resource over the network like a P2P network will be proposed to meet this requirement in this paper. In addition, this paper also discusses some problems about security, motivation, flexibility, compatibility and workflow management for the traditional P2P power sharing models. Our new computing architecture - Computing Power Services (CPS) - will aim to address these problems. For the shortcomings about flexibility, compatibility and workflow management, CPS utilizes Web Services and Business Process Execution Language (BPEL) to overcome them. Because CPS is assumed to run in a reliable network where peers trust each other, the concerns about security and motivation will be negated. In essence, CPS is a lightweight Web-Services-based P2P power sharing environment and suitable for executing computing works in batch in a reliable networ

    Sea of Lights: Practical Device-to-Device Security Bootstrapping in the Dark

    Full text link
    Practical solutions to bootstrap security in today's information and communication systems critically depend on centralized services for authentication as well as key and trust management. This is particularly true for mobile users. Identity providers such as Google or Facebook have active user bases of two billion each, and the subscriber number of mobile operators exceeds five billion unique users as of early 2018. If these centralized services go completely `dark' due to natural or man made disasters, large scale blackouts, or country-wide censorship, the users are left without practical solutions to bootstrap security on their mobile devices. Existing distributed solutions, for instance, the so-called web-of-trust are not sufficiently lightweight. Furthermore, they support neither cross-application on mobile devices nor strong protection of key material using hardware security modules. We propose Sea of Lights(SoL), a practical lightweight scheme for bootstrapping device-to-device security wirelessly, thus, enabling secure distributed self-organized networks. It is tailored to operate `in the dark' and provides strong protection of key material as well as an intuitive means to build a lightweight web-of-trust. SoL is particularly well suited for local or urban operation in scenarios such as the coordination of emergency response, where it helps containing/limiting the spreading of misinformation. As a proof of concept, we implement SoL in the Android platform and hence test its feasibility on real mobile devices. We further evaluate its key performance aspects using simulation

    Multi-party authentication protocols for web services

    Get PDF
    The Web service technology allows the dynamic composition of a workflow (or a business flow) by composing a set of existing Web services scattered across the Internet. While a given Web service may have multiple service instances taking part in several workflows simultaneously, a workflow often involves a set of service instances that belong to different Web services. In order to establish trust relationships amongst service instances, new security protocols are urgently needed. Hada and Maruyama [HAD02] presented a session-oriented, multi-party authentication protocol to resolve this problem. Within a session the protocol provides a common session secret shared by all the service instances, thereby distinguishing the instances from those of other sessions. However, individual instances cannot be distinguished and identified by the session secret. This leads to vulnerable session management and poor threat containment. In this thesis, we present a new design for a multi-party authentication protocol. In this protocol, each service instance is provided with a unique identifier. The Diffie-Hellman Key Agreement scheme is employed to generate the trust relationship between service instances within the same flow. The Coordinated Atomic Action scheme is exploited for achieving an improved level of threat containment. The new protocol was implemented in Java and evaluated by a combined use of experiments and model-based analysis. The results show that the time consumption for multi-party authentication increases linearly as the number of service instances that are introduced into a session increases. Our solution is therefore potentially applicable for Web service flow with a large number of participants. Various public key algorithms are also compared and evaluated during the experiments in order to select the most suitable one for our new protocol

    Service Contracts: Beyond Trust in Service Oriented Architectures

    Get PDF
    National audienceThe Service-Oriented Architecture (SOA) is considered as the most promising paradigm over the last few years for delivering functionalities and allowing business cooperation. In SOA, the traditional vision of security aims to keep properties such as availability, authenticity and confidentiality by protecting the web service itself. However, in such an approach, the particularities of the human interaction in regard to the behaviors of the service stakeholders have been until now based only on trust. In this article, we present an approach based on machine readable contracts and evidences for improving the traditional web service-centered security. Similarly, the usefulness of this approach in context of semi-automatic auditing and risk management is discussed. \textcopyright 2016 Lavoisier.The Service-Oriented Architecture (SOA) is considered as the most promising paradigm over the last few years for delivering functionalities and allowing business cooperation. In SOA, the traditional vision of security aims to keep properties such as availability, authenticity and confidentiality by protecting the web service itself. However, in such an approach, the particularities of the human interaction in regard to the behaviors of the service stakehold-ers have been until now based only on trust. In this article, we present an approach based on machine readable contracts and evidences for improving the traditional web service-centered security. Similarly, the usefulness of this approach in context of semi-automatic auditing and risk management is discussed. RÉSUMÉ. L'architecture orientée services (SOA) est considérée comme le paradigme le plus prometteur au cours des dernières années pour fournir des fonctionnalités et faciliter la coo-pération commerciale.Dans le SOA, la vision traditionnelle de la sécurité vise à garder des propriétés telles que la disponibilité, l'authenticité et la confidentialité, en protégant le service Web lui-même. Cependant, dans une telle approche les particularités de l'interaction humaine en ce qui concerne les comportements des parties prenantes de service ont été jusqu'à présent basée seulement sur la confiance. Dans cet article, nous présentons une approche basée sur des contrats lisibles par la machine et des preuves pour enrichir la vision traditionannelle de la sécurité axée sur les services web. De même, l'utilité de cette approche dans le contexte de la gestion de risques et l'audit semi-automatique est discutée
    corecore