Dynamic Virtual Organizations_ Still a Chimera_

Dynamic Virtual Organizations: Still a Chimera? Pablo Giambiagi Security, Policies and Trust Lab (SPOT) SICS Agenda What is a Virtual Organization? Why VOs? The challenges of dynamic VOs Risk Management TrustCoM Framework and Architecture Discussion Virtual Organizations A temporary or permanent coalition of autonomous organizations that pool resources, capabilities and information to achieve common business objectives. Characteristics • • • • ad-hoc partnerships (ideally) highly dynamic based on process integration use IT as a means for coordination What a VO is good for optimize use of opportunities which derive from market and/or resources reduce transaction costs collectively offer services to customers that could not be provided by the individual enterprises. How Dynamic can a VO be? Current VOs are rather static Dynamic VOs are hard to manage and have high risk profiles IT, by itself, is no silver bullet It is not enough to synchronize business processes Keys: self-management, to cope with complexity risk management, so that the benefits can overcome the risks Risk Management Risk attenuators Trust Trust substitutes SLA contracts and monitoring Authorization policies Accountability Reputation Goal: strike a balance between trust and its substitutes TrustCoM 6 industrial partners • 6th Framework EU project • Networked Business and Government • Feb 2004 – May 2007 10 research and academic partners www.eu-trustcom.com TrustCoM Framework A framework for trust within a service oriented architecture Encapsulates trust, security and contract components Separates self-management from the application-level Permits independent risk analysis Virtualized Web services internet secure channel temporary secure connection The VO Lifecycle Enterprise Network (EN) EN Creation The VO Lifecycle A medium low A A high Role A? Reputation? Business Process BP Roles: A,B VO Initiator Requires: QoSA, QoSB, SecA, SecB EN Creation Identification Formation The VO Lifecycle A VO Role B? Business Process BP Roles: A,B VO Initiator Requires: QoSA, QoSB, SecA, SecB Operation EN Creation Identification Formation The VO Lifecycle A SLA Violation VO Role A? VO Initiator EN Creation Identification Formation Operation Evolution The VO Lifecycle A VO VO Initiator EN Creation Identification Formation Operation Evolution The VO Lifecycle A VO VO Initiator EN Creation Identification Formation Operation Evolution Dissolution The TrustCoM Architecture Application Domain Specific Services VO Management Processes / Services Federation Business Processing SLA services Location, Publication, Discovery Trust & Security services Federation Policy Common Policy Format Policy Enforcement Deployment Manageability (Monitoring, Notification, etc.) WS Foundation Status First implementation of main services in each subsystem (Infrastructure, Policy, SLA, Trust, VO and Business Process Management) WS-* interop profiles for the TrustCoM Framework (XACML, SAML, WSLA, WSCDL) Test-bed scenarios (Collaborative Engineering) Conclusions Risk and self-management are the key enabling factors for Dynamic VOs Self-management is achieved using automatic monitoring and reconfiguration policies. Risk is reduced using trust and trust substitutes (e.g. contracts, security policies and reputation measures). TrustCoM is putting these ideas into practice. Thank you! For more information, check poster 31 Pablo Giambiagi Security, Policies and Trust Lab (SPOT) SICS