Title: A Trust Model for Web Services Ph.D Dissertation Progress Report
1A Trust Model for Web ServicesPh.D
Dissertation Progress Report Candidate Nelly A.
Delessy, Advisor Dr E.B. FernandezDepartment
of Computer Science and EngineeringFlorida
Atlantic University, Boca Raton FL
2Introduction
- Dissertations goal to develop a unified trust
model for web services - Will indicate how it can be interfaced to
existing access control models for web services - Will include trust management through trust
policies, and dynamic aspects such as trust
negotiation - Using UML and/or some mathematical formalism
3Dissertation Progress
- What has been done Existing Web services Access
Control Models - Patterns for XACML and the application firewall
(last semesters) - Patterns for the WS- Family WS-Security and
WS-Policy - Methodology to compare standards Included in the
paper Using patterns to compare web services
security products and standards - This semester
- Inclusion of wireless aspects
- Future work
- Develop the Trust model itself
4Dissertation Progress
- Future work
- Description of the interface between trust model
and access control model for web services(Spring
2006 Summer 2006)
5Dissertation Progress
- Future work
- Define the static elements of the trust model
formally (Fall 2006) - Develop the dynamic aspects of the trust model
(Fall 2006) - Identify patterns from the model (Fall 2006)
- Publish a Journal Paper from one of these steps
6Wireless Web Services Architectures
7Introduction
- Web services are becoming important for user
access to services that depends on location and
they are appearing in mobile devices. - The concept of dynamic access to web services
allied with the flexibility of wireless accesses
makes it possible to envisage a new type of
applications, where the mobility of the user
supplies the application with context elements. - Examples in the field of disaster management,
location services, advertising (service
discovery), etc
8Architectures
- Gateway architecture
- used when portable devices are limited in memory
and computational power. - And/or the connection bandwidth and reliability
of the wireless connection are limited. - An example of this compressed format WML
(equivalent of HTML in the WAP stack, available
in many phones), or for basic scenarios such as
the push of information, the gateway can
transform SOAP messages into SMS, or voice.
9Architectures
- Direct consumer architecture
- portable devices must have built-in
implementations of the web services technologies
(high end market segment, now), ex smart phones,
PDAs, and laptops. - Hardware and operating systems security is an
important issue in this configuration. - the device, that is now a consumer of web
services, can run client applications from
different providers, a strong level of security
is needed, including some type of authorization
system, such as a subset of XACML or WS-
10Architectures
- Use of mobile agents
- approach is suggested in Bel03b.
- proxies act on behalf of a client.
- Rationale using a web service can imply multiple
passes between client, server and third parties
(for security purposes for example) while the
wireless link is not reliable and the bandwidth
can be limited.
11Architectures
- Direct consumer architecture
- The mobile device is a WS Provider
- Ex to expose the users calendar, its profile
- Liberty PAOS (Reverse HTTP Binding for SOAP)
enables the creation of personalized services - Privacy issues
12Pattern diagram for wireless web services
security patterns
13Class diagram for Access Control List (ACL)
14Class diagram for Capability
15Class diagram for SAML
16Class diagram for the Liberty Alliance Identity
Federation
17Sequence Diagram for Single Sign On
18OMA OWSER
- OMA Open Mobile Alliance
- OWSER OMA Web Services Enabler
- Addresses
- Transport security
- SOAP message security
- But not application security
- Are working on providing profiling standards,
such as Liberty Alliance, OCSP, WSDL wireless
web services
19OMA OWSER
- To provide identity-based Web Services
- They propose to use Liberty Alliance specs
- Circle of Trust
20The Web Services "stack" described by the OWSER