Future Internet of Services Future Internet of Services 3 Perspective From a TAS 3 Perspective… … From a TAS Danny De Cock TAS 3 Project Coordinator Slides available from http://godot.be/slides Email: Danny.DeCock@esat.kuleuven.be
Future Networked Services � Need to converge to an environment which – Consists of service providers • Data repositories – Authentic repositories inherently trusted by the user – Data aggregators • Non-data related service providers – That provide services to users and other service providers with • Transparent business processes
Questions… � Who is responsible for security? – There is no demand for secure services • Users EXPECT services to be secure – Infrastructure is insecure by nature • Possibility to eavesdrop is a legal requirement – Point-to-Point messaging is inherently insecure – End-to-End confidential sessions are discouraged/made impossible • Secure End-to-End communication is a session/application layer issue – It is all about liability • Users, content and service providers deal with mutual distrust with contracts, SLAs, insurances
Questions… � How to make security accessible to users and service consumers? – Security is built-into the architecture’s design • No afterthought – Sensible default security settings • Securely managed, security policies are pushed to service users – Easy to understand security configuration • Right-grained granularity of security settings
Questions… � Are our fundamental security mechanisms (crypto, biometrics, protocols) still adequate? – Flexibility is key… • Session-based negotiation of protocols, crypto algorithms and cipher suites – Authenticity of origin… • Usually much more important than long-term confidentiality • Time stamping of authenticity proofs with state of the art signing algorithms
Questions… � Consequences of user-centricity? – Allows a user to become THE bottleneck if consulted whenever personal information is used – Solution: • User-controlled sticky policies – Sticky to the data concerned – Automatically policy evaluation • Data stored by authentic repositories trusted by the user – Ante factum: repository enforces user’s policies – Post factum: transparent screening of repository’s logs
The Humble Answer… � TAS 3 focuses on services – T – T rusted: it is trusted because you do not have to… • Guaranteed through transparency & user-centricity • Enforces authorization, trustworthiness, reputation and data protection policies – A A rchitecture: technology-independent – • Integrating today’s systems, ready for tomorrow’s • Connectors with legacy systems – S – S ecurely: built-in by design • End-to-End authentication • Point-to-Point confidentiality – S S hared S S ervices: SOA by nature – • Distributed things provide TAS 3 services ☺
Questions? ☺ � Email: – Danny.DeCock@esat.kuleuven.be – info@tas3.eu � Web: – http://godot.be – http://tas3.eu
Business Process Bulletin Boards Bulletin Boards Frontend Service Frontend Service Backend Service Backend Service
Business Process Entry Entry Exit Exit Point Point Point Point Syntactic & Semantic Interoperability Engine Syntactic & Semantic Interoperability Engine Lists of Lists of • Service • Service Service Service Authenticity Authenticity Obligations Obligations Providers Providers Provider Provider Guard Guard • Service • Service Guard Guard Types Types Audit Audit • Services • Services Authorization Authorization Guard Guard Information Information Feedback Feedback Authenticity Authenticity Service Service Service Service Deciders Deciders Obligations Obligations Provider Provider Request Request Business Business Selector Selector Preparator Preparator Authentication Authentication Trust & Trust & Intelligence Intelligence Authority Authority Reputation Reputation (e.g., IdP) (e.g., IdP) Information Information Syntactic & Semantic Interoperability Syntactic & Semantic Interoperability Engine Engine Bulletin Boards Bulletin Boards Frontend Service Frontend Service Syntactic & Semantic Interoperability Engine Syntactic & Semantic Interoperability Engine Service Response Service Response Obligations Service Obligations Service Preparator Preparator Master PEP Master PEP Trust & Trust & Services Services Dash Board Dash Board Log Log Authenticity Authenticity Authorization Authorization Reputation Reputation Engine & Business Engine & Business • Audit Aspects • Audit Aspects Analysis Analysis Guard Guard Guard Guard Guard Guard Intelligence Intelligence • Policy Aspects • Policy Aspects Service Service Audit Audit Service Service Trust & Trust & Data Protection Data Protection Authenticity Authenticity Guard Guard Authorization Authorization Reputation Reputation Policy Policy Deciders Deciders Deciders Deciders Deciders Deciders Enforcers Enforcers Master PDP Master PDP Backend Service Backend Service
Business Process Entry Entry Exit Exit Point Point Point Point Syntactic & Semantic Interoperability Engine Syntactic & Semantic Interoperability Engine Lists of Lists of • Service • Service Service Service Obligations Obligations Authenticity Authenticity Providers Providers Provider Provider Guard Guard • Service • Service Guard Guard Types Types Audit Audit • Services • Services Authorization Authorization Guard Guard 1 1 Information Information Feedback Feedback Authenticity Authenticity Service Service Service Service Deciders Deciders Obligations Obligations Provider Provider Request Request Business Business Selector Selector Preparator Preparator Authentication Authentication Trust & Trust & Intelligence Intelligence Authority Authority Reputation Reputation (e.g., IdP) (e.g., IdP) Information Information Syntactic & Semantic Interoperability Syntactic & Semantic Interoperability Engine Engine Bulletin Boards Bulletin Boards Frontend Service Frontend Service Syntactic & Semantic Interoperability Engine Syntactic & Semantic Interoperability Engine Service Response Service Response Obligations Service Obligations Service Preparator Preparator Master PEP Master PEP Trust & Trust & Dash Board Dash Board Log Log Services Services Authenticity Authenticity Authorization Authorization Reputation Reputation • Audit Aspects • Audit Aspects Analysis Analysis Engine & Business Engine & Business Guard Guard Guard Guard Guard Guard • Policy Aspects • Policy Aspects Service Service Intelligence Intelligence 2 2 3 3 4 4 Audit Audit Service Service Trust & Trust & Data Protection Data Protection Authenticity Authenticity Guard Guard Authorization Authorization Reputation Reputation Policy Policy Deciders Deciders Deciders Deciders Deciders Deciders Enforcers Enforcers Backend Service Backend Service Master PDP Master PDP
User-centric Use Cases Employability & Healthcare Employability Employability Healthcare Healthcare Patient Patient Repositories Repositories Service Providers Service Providers Associations Associations Schools Schools Public & Public & Private Private Universities Universities Employment Employment Services Services Professional Professional Training Training Associations Associations Institutes Institutes Social Social Employability Employability Network Network Service Service Social Social Providers Providers Security Security Primary & Secondary Primary & Secondary Services Services Care Providers Care Providers
Recommend
More recommend