Trust negotiation policy management for service-oriented applications

Service-oriented architectures (SOA), and in particular Web services, have quickly become a popular technology to connect applications both within and across enterprise boundaries. However, as services are increasingly used to implement critical functionality, security has become an important concern impeding the widespread adoption of SOA. Trust negotiation is an approach to access control that may be applied in scenarios where service requesters are often unknown in advance, such as for services available via the public Internet. Rather than relying on requesters' identities, trust negotiation makes access decisions based on the level of trust established between the requester and the provider in a negotiation, during which the parties exchange credentials, which are signed assertions that describe some attributes of the owner. However, managing the evolution of trust negotiation policies is a difficult problem that has not been sufficiently addressed to date. Access control policies have a lifecycle, and they are revised based on applicable business policies. Additionally, because a trust relationship established in a trust negotiation may be long lasting, their evolution must also be managed. Simply allowing a negotiation to continue according to an old policy may be undesirable, especially if new important constraints have been added. In this thesis, we introduce a model-driven trust negotiation framework for service-oriented applications. The framework employs a model for trust negotiation, based on state machines, that allows automated generation of the control structures necessary to enforce trust negotiation policies from the visual model of the policy. Our policy model also supports lifecycle management. We provide sets of operations to modify policies and to manage ongoing negotiations, and operators for identifying and managing impacts of changes to trust negotiation policies on ongoing trust negotiations. The framework presented in the thesis has been implemented in the Trust-Serv prototype, which leverages industry specifications such as WS-Security and WS-Trust to offer a container-centric mechanism for deploying trust negotiation that is transparent to the services being protected

Trust-Serv: Model-Driven Lifecycle Management of Trust Negotiation Policies for Web Services

A scalable approach to trust negotiation is required in Web service environments that have large and dynamic requester populations. We introduce Trust-Serv, a model-driven trust negotiation framework for Web services. The framework employs a model for trust negotiation that is based on state machines, extended with security abstractions. Our policy model supports lifecycle management, an important trait in the dynamic environments that characterize Web services. In particular, we provide a set of change operations to modify policies, and migration strategies that permit ongoing negotiations to be migrated to new policies without being disrupted. Experimental results show the performance benefit of these strategies. The proposed approach has been implemented as a containercentric mechanism that is transparent to the Web services and to the developers of Web services, simplifying Web service development and management as well as enabling scalable deployments

Model-driven trust negotiation for web services

The Trust-Serv trust negotiation framework supports policy lifecycle management for Web services. Trust negotiation is an approach to access control whereby access is granted based on trust established in a negotiation between the service requester and the service provider. 1 In this negotiation, credentials — signed assertions that describe the owner’s attributes — are exchanged iteratively to build trust between the negotiation participants. Credentials are typically based on standards such as X.509v3, 2 simple public key infrastructure (SPKI), 3 or Security Assertion Markup Language (SAML).

Int J Digit Libr (2004) / Digital Object Identifier (DOI) 10.1007/s00799-004-0083-y A trust negotiation system for digital library Web services

Abstract. A scalable approach to trust negotiation is required in digital library (DL) environments that have large and dynamic user populations. In this paper we introduce Trust-Serv, a model-driven trust negotiation framework for Web services, and show how it can be used to effectively handle trust negotiation in DLs. The framework employs a model for trust negotiation based on state machines, extended with security abstractions. High-level specifications expressed with the state-machine-based model are then translated into formats suitable for automating the trust negotiation process. The proposed framework also supports negotiation policy lifecycle management, an important trait in the dynamic environments that characterize DLs. In particular, we present a set of policy change operations that enable the dynamic evolution of negotiation policies without disrupting ongoing negotiations. The proposed approach has been implemented as a container-centric mechanism that is transparent to the DL and to the developers of DL Web services, simplifying DL development and management as well as enabling scalable deployments

Abstract

We present a software tool and a framework for security protocol change management. While we focus on trust negotiation protocols in this paper, many of the ideas are generally applicable to other types of protocols. Trust negotiation is a flexible approach to access control that is well suited to dynamic environments typical of service-oriented applications. However, managing the evolution of trust negotiation protocols is a difficult problem that has not been sufficiently addressed, especially in situations where there are ongoing negotiations. By using our framework, the consequences of changing the protocol that applies to ongoing trust negotiations can be automatically determined. We have also implemented a database-backed GUI tool to manage the change process as an extension of an existing system, and we have performed experiments to test the efficiency of our management software. Our experimental results show that the techniques proposed can scale to applications with tens of thousands of simultaneous users even on commodity PCs.

Trust-Serv: A Lightweight Trust Negotiation Service

Introduction In Web service environments, scalable access control methods are required, as requester populations are often large and dynamic. For this reason, requester identities are often not known in advance, and traditional access control models that rely on identity to determine access do not fit. Other models require requesters to submit credentials (i.e., signed assertions describing attributes of the owner) along with service invocations. These models often do not consider credentials to be resources, an assumption that does not hold when credentials may contain sensitive information. Trust negotiation addresses these problems by granting access based on the level of trust established in a negotiation between the requester and the provider. During this trust negotiation, credentials are exchanged to gradually build trust. However, several issues need to be addressed before trust negotiation can become a viable technology. The description of trust negotiation policies is mai