Title: An Analysis of Trust Requirements and Design Choices for Trust Management in Web Services Based Service Oriented Architectures
1An Analysis of Trust Requirements and Design
Choices for Trust Management in Web Services
Based Service Oriented Architectures
- Bienvenida Pagdanganan
- Supervisor Prof Vijay Varadharajan
2Main Problem
- With Web Services
- Who the requestors are
- Who the providers are
- What credential is being requested
- What specific services are being requested
- Who is trustable
- Who is not
- How are they trusted
2
3Main Problem
BPAY Scenario Alice pays electricity bill
through BPAY Alice logs in to her Internet
Banking system using Username AND Password Alice
enters her electricity account number and other
identity information Alices bank and
electricity provider has some agreement that
facilitates the service Alice trusts that the
service has been completed in her behalf by the
bank
3
4Main Problem
- Authentication in Web services
- Mechanism by which clients and service providers
prove to one another that they are acting on
behalf of specific users or systems - Client usually presents identifier
- Service provider verifies clients claimed
identity
- Authorization
- Allow only authenticated service identities to
access resources, such as hosts, files, Web
pages, components, and database entries, to
name a few
4
5Aim
To address the trust requirements needed to use
or provide a Web service through studies
about trust model and language trust policy
language trust management systems federation
and trust in relation to trust management
5
6Significant Achievements
-
- This study provides the following
- A framework for a hybrid trust model
incorporating hard trust and soft trust, and the
attributes in hard trust and soft trust - A methodology by example for evaluating
reputation-based soft trust attribute - A methodology by example for incorporating soft
trust attributes in a service policy - A federation and trust scenario in Web services
incorporating soft trust body, Reputation
Authority, and soft trust attributes
6
7Roadmap to achievements Project Scope
- Studies on
- Web Services Trust Model
- Trust Policy for Web Services
- Trust Management in Web Services Based SOA
- Federation and Trust in Web Services
7
8What is....
- Web service
- self- contained software module
- available via a network, such as the Internet
- completes tasks, solves problems, or conducts
transactions - service on behalf of a user or application
- Service Oriented Architecture
- a logical way of designing a software system
- provide services either to end-user applications
or to other services distributed in a network - use published and discoverable interfaces
8
9Roadmap Web Services Trust Model
- Studies on
- Hoffman, Lawson-Jenkins et al. 2006
- Lin and Varadharajan 2007
- Web Services Security Plan and Roadmap (2002)
- WS-Trust
9
10Roadmap Web Services Trust Model
- Hoffman, Lawson-Jenkins et al. 2006
- Develop improved trust model and related metrics
for distributed computer-based systems - Incorporate security, privacy, safety, usability,
reliability, and availability factors into trust
vector - Incorporate factors such as verification
techniques, user knowledge, user experience, and
trust propagation in their model - Define expectation - experience with an
application or service, and the reputation of the
vendor providing the service or product - (we discuss as soft trust attributes)
- Consider metrics (we discuss as trust attributes)
10
11Roadmap Web Services Trust Model
- Lin and Varadharajan 2007
- Propose a hybrid trust model for enhancing
security in distributed systems by combining hard
and soft trust relationships and associated
operations - Consider soft trust decision making, based on
behaviour and evidence and the specified
thresholds for these opinion-based soft trust
requirements - Our paper similarly discusses hard and soft trust
attributes and trust relationships, we consider
Web services rather than mobile agent system
11
12Roadmap Web Services Trust Model
- IBM and Microsoft 2002 - End to End Security
- Web Service require incoming message prove a
set of claims (referred to as policy) - Requester send messages with proof of required
claims (security tokens) with the messages. - Messages demand specific action
- Messages prove their sender has claim to demand
the action - Requester can obtain claim through the Security
Token Services (STS broker trust by issuing
security tokens)
12
13Roadmap Web Services Trust Model
- WS- Trust
- TRUST represented through exchange and
brokering of security tokens - Specifications to enable application to construct
trusted SOAP message exchange - Web Services trust specification for
- Requesting and obtaining security tokens
- Managing trusts and establishing relationships
- Establishing and assessing trust relationships
13
14Roadmap Web Services Trust Model
- WS- Trust managing trusts and establishing and
assessing trust relationships - Verify that claims in token are sufficient to
comply with policy and that message conforms to
policy - Verify that attributes of claimant are proven by
signatures, claims are either proven or not based
on policy - Verify that issuers of security tokens (including
all related and issuing security token) are
trusted to issue claims they have made
14
15Roadmap Web Services Trust Model
- WS-Trust - Trust relationships can be
- Direct trust - relying party accepts as true all
(or some - subset of) the claims in token sent by the
requestor - Requester Web service
- Brokered trust, a trust proxy (second party)
read policy information and request appropriate
security tokens from an issuer of security
tokens, thus vouching for a third party - Security Token Service
- Requester
Web service
15
16Roadmap Trust Policy for Web Services
- Studies on
- Vuong, Smith et al. 2001
- Nagarajan, Varadharajan et al. 2007
- WS-Policy
16
17Roadmap Trust Policy for Web Services
- Vuong, Smith et al. 2001
- Discuss practical concepts employed in enterprise
environment for managing security policies - Use eXtensible Markup Language (XML)
- Design specification for security policy use
structured language model (XML), separate
semantics API, and standardized policy schema
model to represent and implement security
policies. - We consider their methodology in our study to
develop a methodology by example for
incorporating soft trust attributes in a service
policy
17
18Roadmap Trust Policy for Web Services
- Nagarajan, Varadharajan et al. 2007
- Propose a 3-level granularity model with levels,
high, mid and low properties for authorization
credentials for trusted platform - Present methodology for capturing requirements
through compositions and Component Property
Certificate - We adapt their methodology as a way in
establishing our work to develop a methodology by
example for evaluating reputation-based soft
trust attributes
18
19Roadmap Trust Policy for Web Services
WS-Policy An XML Infoset called a policy
expression that contains domain-specific, Web
Service policy information Core set of
constructs to indicate how choices and/or
combinations of domain specific policy
assertions apply in Web services environment
(01) ltwspPolicy xmlnssp"http//schemas.xmlso
ap.org/ws/2005/07/securitypolicy"
xmlnswsp"http//schemas.xmlsoap.org/ws/2004/09/p
olicy" gt (02) ltwspExactlyOnegt (03)
ltspBasic256Rsa15 /gt (04) ltspTripleDesRsa15
/gt (05) lt/wspExactlyOnegt (06) lt/wspPolicygt
An example of a security policy
19
20Roadmap Trust Management in Web Services Based
SOA
- Studies on
- The PolicyMaker Trust Management System (Blaze,
Feigenbaum et al. 1996) - REFEREE Trust Management for Web Applications
(Chu, Feigenbaum et al. 1997) - The KeyNote Trust Management System(Blaze,
Feigenbaum et al. 1999) - Then.
- Our Approach
- Incorporating Hybrid Trust Attributes in Policy
20
21Roadmap Trust Management in Web Services Based
SOA
- The PolicyMaker Trust Management System
- (Blaze, Feigenbaum et al. 1996)
- Interface that separates generic mechanisms from
application-specific policy - Return simple yes/no answer or additional
restrictions that would make the proposed action
acceptable - Our interest is language structure
- Way policy is written through queries of the
form - key1,key2,...keyn Requests ActionString
- Source ASSERTS AuthorityStruct WHERE Filter
-
21
22Roadmap Trust Management in Web Services Based
SOA
- REFEREE Trust Management for Web Applications
- (Chu, Feigenbaum et al. 1997)
- Rule-controlled Environment for Evaluation of
Rules, and Everything Else - Provides both general policy-evaluation mechanism
and language for specifying policies - Return value when asking for authorization
- Yes, the action may be taken because sufficient
credentials exist for the action to be approved - No, the action may not be taken because
sufficient credentials exist to deny the action - The trust management system was unable to find
sufficient credentials to approve or to deny the
requested action
22
23Roadmap Trust Management in Web Services Based
SOA
- The KeyNote Trust Management System
- (Blaze, Feigenbaum et al. 1999)
- Language describing policy and credential
assertion, structures of action descriptions and
model of computation - Evaluates policy through a policy compliance
value (PCV) - PCV advises application how to process the
requested action. - In simplest case, the compliance value is
Boolean (e.g., reject or approve)
23
24Roadmap Trust Management in Web Services Based
SOA
- The KeyNote Trust Management System
- (Blaze, Feigenbaum et al. 1999)
- Conditions
- _at_user_id 0 -gt full_access clause (1)
- _at_user_id lt 1000 -gt user_access clause (2)
- _at_user_id lt 10000 -gt guest_access clause (3)
- user_name root -gt full_access clause
(4) - Given user_id is 1073 and the user_name
attribute is root, - possible compliance value set would contain the
following - guest_access (by clause (3)) and
- full_access (by clause (4))
24
25Roadmap Trust Management in Web Services Based
SOA
- Our Approach
- A framework for trust management
- A hybrid trust model for managing trust
incorporating hard trust and soft trust
25
26Our Approach Trust Management in Web Services
Based SOA
- Hybrid Trust Composition
- Trust relationships based on exchange and
brokering of hard trust attributes and on
support of soft trust attributes established by
corresponding security authorities
26
27Our Approach Trust Management in Web Services
Based SOA
- Hard Trust Composition
- strong security mechanisms
- Result is a binary decision- trusted or not
27
28Our Approach Trust Management in Web Services
Based SOA
- Soft Trust Composition
- soft computational approach, a method of
evaluation of soft trust attributes - developed by illustration through a hypothetical
example
28
29Our Approach Trust Management in Web Services
Based SOA
- Hypothetical Example
- A Web service provided by ABC company for
purchasing shares of stocks - Must be citizens of its country only
- May have loyalty cards with the company
- Have transactions above a threshold amount D
- Have reference from company staff
- Company Assertions
- Is_Citizen Y clause (1)
- has_LoyaltyCard Y clause (2)
- has_No_LoyaltyCard Y clause (3)
- has_Transaction_Threshold gt D Y clause
(4) - has_Reference_From_Staff Y clause (5)
30Our Approach Trust Management in Web Services
Based SOA
Hypothetical Example cont. Company has set to
true (Y) only the following composition Order
of assertion ascending, highest to lowest All
other combinations are not acceptable. (1)
Is_Citizen, has_LoyaltyCard,
has_Transaction_Threshold gt D,
has_Reference_From_Staff, (2) Is_Citizen,
has_LoyaltyCard, has_Transaction_Threshold gt
D, (3) Is_Citizen, has_LoyaltyCard,
has_Reference_From_Staff , (4) Is_Citizen,
has_No_LoyaltyCard, has_Transaction_Threshold
gt D, (5) Is_Citizen, has_No_LoyaltyCard,
has_Reference_From_Staff
31Our Approach Trust Management in Web Services
Based SOA
- Hypothetical Example cont.
- Evaluation of assertions
- A decision response (Y or N) for reputation will
be delivered for compositions (1) through (5). - Each composition has weight value corresponding
to reputation of requestor of Web service - Notation use to indicate weight value where
weight value is a function of composition - R1 W(C1) Extremely high reputation
- R2 W(C2) Strongly high reputation
- R3 W(C3) Very high reputation
- R4 W(C4) Moderately high reputation
- R5 W(C5) High reputation
- Reputation weight value is referred to as
Reputation Token
32Our Approach Trust Management in Web Services
Based SOA
- Reputation Authority
-
- Soft trust authority body
- The Reputation Authority can then validate the
Reputation Rating of the user for a given role
or capability as Identity based attributes for
the user.
33Our Approach Trust Management in Web Services
Based SOA
(01) ltwspPolicy wsuIdtokens xmlnswsse"htt
p//schemas.xmlsoap.org/ws/2005/07/securitypolicy"
xmlnswsp"http//schemas.xmlsoap.org/ws/2004/0
9/policy" gt (02) ltwspExactlyOne
wspUsageRequiredgt (03) ltwspAllgt (04)
ltwsseSecurityToken /gt (05) ltwsseTokenTypegt
wsseReputationToken lt/wsseTokenTypegt (06)
lt/wseeSecurityTokengt (07) ltwsseSecurityToken
/gt (08) ltwsseTokenTypegt wsseLoyaltyCardNumbe
r lt/wsseTokenTypegt (09) lt/wseeSecurityTokengt (
10) ltwsseSecurityToken /gt (11)
ltwsseTokenTypegt wsseUsernameToken
lt/wsseTokenTypegt (12) lt/wseeSecurityTokengt (13
) lt/wspAllgt (14) ltwspAllgt (15)
ltwsseSecurityToken /gt (16) ltwsseTokenTypegt
wsseReputationToken lt/wsseTokenTypegt (17)
lt/wseeSecurityTokengt (18) ltwsseSecurityToken
/gt (19) ltwsseTokenTypegt lt/wsseTokenTypegt (20
) lt/wseeSecurityTokengt (21)
ltwsseSecurityToken /gt (22) ltwsseTokenTypegt
wsseUsernameToken lt/wsseTokenTypegt (23)
lt/wseeSecurityTokengt (24) lt/wspAllgt (25)
lt/wspExactlyOnegt (26) lt/wspPolicygt
Incorporating Hybrid Trust Attributes in Policy
34Our Approach Federation and Trust in Web Service
Mechanism to federate across trusted authorities
incorporating Reputation Authorities
35Our Approach Federation and Trust in Web Service
1. ABC Company issued Alice a Kerberos security
token and a reputation token. 2. Currency
services policy only accepts security and
reputation tokens issued by its own security
token service and reputation authority. 3. We
assume the administrators at ABC Company and
Business456 have exchanged public key
certificates and reputation tokens in order to
federate security. 4. We further assume that
Alice only supports symmetric key technology. 5.
Based on the Currency Web service policy, Alice
needs to acquire a security token and a
reputation token that can be used to access the
security token service and the reputation
authority at Business456. 6. Alice first
contacts her security token service and
reputation authority that is intended for the
Business456 security token service and reputation
authority. 7. Using the security and reputation
token intended for the Business456 security token
service and reputation authority, Alice requests
security and reputation token for the Currency
service. 8. The Business456 security token
service provides Alice security token for the
Currency service, and reputation token required
by the Currency service policy. 9. Using the
security and reputation token intended for the
Currency service and the associated symmetric
key, Alice makes the requests to the Currency
service.
36Future Work
Suggested Work Development of a trust
management system incorporating reputation-based
token in its language for policy
formulation Study to consider the formal
institution of Reputation Authority In our
approach to evaluate reputation using weighted
values, further work may adapt such methodology
and compare and contrast with some existing
models Concept of quality trust can be further
studied