Security in Semantic Web Services Role of Security

Document Sample
Security in Semantic Web Services Role of Security Powered By Docstoc
					Security in Semantic Web Services : Role of Security ,
Authorization , Privacy and Trust in Semantic Web

     Nima Dokoohaki

           OASIS Adoption Forum
               London 2006
Agenda
•   Semantic Web Services;
    Concept and technologies

•   Role of Semantic Web Services and
    current position of it

•   Describing the Security Dimensions in
    the context of Semantic Web Services

•   Defining and Describing an adoption
    model for standards defined in
    practice
Semantic Web Services
• Intelligent Distributed Systems
• Syntactic Vs. Semantic Web Services
• Impact of lack of semantics;
    – Lack of machine readability prevents their usage in
      Complex Business Contexts
• Adding rich formal description of Capabilities to Web
  services, solves this problem allowing them to be
  consumed and utilized by businesses without human
  intervention(main goal of bringing semantics to context of
  web services)
• Semantic Web Services (SWS) eliminates this obstacle
  by adding Web services ,rich formal descriptions of their
  capabilities, facilitating automated composition,
  discovery, dynamic binding, and invocation of services
  within an open environment
• Requirememt and Prequisite ;
    – Emergence and evolution of
       A semantic execution environment
    (A real practical presentation of Semantic Web Vision)
Activities                                                         Service Ontology

                                                  Pre-condition
               Selection

                                                                     output
                       Ontology
                                                   input
    Deployment        Management

                                                                  Cost
                           Discovery
    Invocation                              Atomic Service
                                                                   Post-condition

                    Composition                       Composite
                                       SWS             Service
  Publishing                                                             Category

                            Register         Matchmaker


                                                           Invoker
             Decomposer                Reasoner

                                  Architecture
Agenda
•   Semantic Web Services;
    Concept and technologies

•   Role of Semantic Web Services and
    current position of it

•   Describing the Security Dimensions in
    the context of Semantic Web Services

•   Defining and Describing an adoption
    model for standards defined in
    practice
The main and Original Motivation
• Enhance interoperability between
  heterogeneous information systems
• Two majors areas of application:
   – Enterprise Application Integration (EAI)
     Connecting separated systems quickly and at
     low costs;
   – Business to Business (B2B) Integration,
     Reducing costs and Enhancing flexibility of
     cooperation.
• Efficiency (Cost and Time)
   – Human interaction between UDDI and web
     services , lookup time ;
     ”Semantics can save time and cost”
• Simple maintenance
• Promising
Semantics driven solutions;
Final Destination,or Next Step?
• Semantic Business Services
   – Making business web based
• Bringing the Web services and Semantic
  Web Services to the next level , to
  Semantic Business Services or Semantic
  e-Services
• Still a big challenge :
   – Large Scale Integration that consumes
     and utilizes multiple web services
   – Bringing the businesses to their full
     potential
• Semantically enriching is a solution toward
  appropriate large scale integration
Current frameworks for Semantic Web
Services and their orientations
•       Three Main frameworks for SWS:
    •     IRS-III (The Internet Reasoning Service);
         • Knowledge Based
    •     OWL-S (OWL-based Web Service
          Ontology) ;
         • Agent oriented
    •     WSMF (Web Services Modelling
          framework) ;
         • Business oriented
         • Focusing on a set of
             ecommerce/ebusiness requirements for
             Web Services including
             ”trust and security”.
Current progress; Focus on WSMX
• WSMX (Web Services execution environment):
   – Reference implementation of WSMO.

• An execution environment for business
  application integration, where enhanced web
  services are integrated for various business
  applications:

   – increase business processes automation in a
     very flexible manner while providing scalable
     integration solution
OASIS and Semantic works
• SEE
  ( Semantic Execution Environment )
  technical committee
  – Guidelines, Justifications and
    Implementation directions for an
    execution environment for Semantic
    Web services (proposed WSMX).
  – SEE is Engineering a standardized
    globally-recognized architecture of an
    intelligent distributed system, where
    semantically-enriched components can
    be plugged in and executed according
    to dynamic execution semantics.
• A committee focusing on practical
  ebusiness applications of SWS
OASIS and Semantic works:
Progress and deliverables
• A brief intro to their past and ongoing
  work:
   – Infrastractural work for SWS;
     Justifications,guidelines and also
     implementations for semantically-enriched
     SOA and SWS applications ;

      •   eHealth,
      •   eBanking,
      •   eGovernment services,
      •   GIS ( Geographical Information Systems )
Agenda
•   Semantic Web Services;
    Concept and technologies

•   Role of Semantic Web Services and
    current position of it

•   Describing the Security Dimensions in
    the context of Semantic Web Services

•   Defining and Describing an adoption
    model for standards defined in
    practice
SWS security requirements:
Security,Privacy and Trust
• Requirements are arising from three kinds of
  policies :
   – Security policies
   – Privacy policies
   – Trust-based policies
• Functional:
   – Semantically described security policies.
   – Semantically described privacy policies.
   – Respecting individual client requirements.
• Architectural:
   – Protocols for publication and description of service
     security policies and authentication requirements.
   – Semantic policy evaluation mechanisms.
   – Semantically controlled policy enforcement.
   – Trust-based authentication and authorization.
   – Communication and logging of security evaluation
     results
Role of OASIS in SWS Security
• Fact1:OASIS Security works have the following
  properties:
   – Modularity : easier to implement as building block in a
      solution
   – Composability : easier solution engineering and
      maintenance
• Fact2: OASIS has the history of converging many
  industry leading standards
• Fact3: OASIS is a globally recognized the scenarios and
  usecases library
• Fact4: ongoing work for semantics and security driven
  efforts is undergoing within OASIS

• Conclusion:

   OASIS is where all efforts from different directions should
   and will merge and makeup tommorow’s Industry
   recognized standards and guidelines for any semantically
   driven service oriented architecture
Solution:
Semantic Policy Framework
• semantically-rich policy representations
   –   Human error reduction,
   –   Simplification of policy analysis,
   –   policy conflicts reduction,
   –   Interoperability facilitation
• The adoption of a policy grounded-approach
  for controlling a system requires an
  appropriate policy representation and the
  design and development of a policy
  management framework, realizing the need
  for a Semantic Policy Framework
• Policies will be increasingly important to the
  real world implementation of Semantic Web
  Services
• Policy ontology is an enabler for Semantic
  policy framework
adoption of
policy Ontologies :pros

  – Ontology simplifies the task of
    governing the behavior of complex
    ,Increasingly dynamic, multi -
    disciplinary business environments .
  – Adaptation with several kinds of
    business and workflow contexts
  – High-level management
    requirements
  – Simplification in many aspects of
    policy engineering such as policy
    description, analysis and access
adoption of
policy Ontologies :cons

• the adoption of Ontologies for policy
  specification requires addressing some
  technical difficulties in presentation and
  implementation;

   – Semantic web languages used for ontology
     representation still present a complex
     description making the code very difficult to
     read

   – The gap between the specification and the
     implementation of policies cannot be
     completely overcome in an automated
     manner.
Agenda
•   Semantic Web Services;
    Concept and technologies

•   Role of Semantic Web Services and
    current position of it

•   Describing the Security Dimensions in
    the context of Semantic Web Services

•   Defining and Describing an adoption
    model for standards defined in
    practice
          OASIS
        Web Services
          Works                          OASIS Security
                                           Standards

                 OASIS
               Semantics
                 Effort



                            Semantic
                            Execution             eGovernments,
Semantic Web                                       Businesses,
  Services
                           Environment               Citizens
                                                   Semantic
                                                                         Distributed Trust
                                                   Execution              (Web of Trust)
                                                  Environment                                 Trust
                                                                                             Warehouse
                                         Distributed Registry
                                               (UDDI /
                                             ebXML RR)            Trust
                                                                Negotiation
                                                    Domain
                                                    Ontology                    Trust
                             Policy Ontology
                                                                              Negotiator

                 Service
                Discovery
                                                                         Authorization
      Service                                                              Manager
     Requester                            Distibuted
                                          Ontology
                                          Repository                                          Semantic
                                                                                             Web Service


                            Service sends requester’s
                               authorization info
                                  to requester


             Requester’s
 Semantic   Authorization
                                                                   Service Invocation
Requirements information
Remaining issues:
policy framework obstacles
• Approaches toward a common global
  semantic policy framework have generated
  divergent solutions ;
   – best suited for particular ranges of
     applications
   – discourage a common approach for all
     situations
• it is still not clear ”why a common approach
  should succeed for policy
  specification,presentation and deployment”.
   – Clearly stating the need for
     standardization and convergence efforts
Remaining issues: semantic efforts
• Immaturity of the most important of dimensions
  of SWS
• Immaturity of essential standards supporting
  semantic web and semantic web services
• The importance and efficiency of Semantical-
  enrichment has not yet realized by many
  industries and businesses
• Most important, semantic efforts are
  progressing and are shaping but still semantic
  web services security research and
  development needs more attention and
  investment from academia and industry .
Role of OASIS : Creating the
”Concrete” for the road construction

• Standardization of a common service
  execution environment, sets a great
  starting point for the implementation,
  deployment and most important
  ,convergence of ongoing, existing and
  future semantic works.
• Liaisons with related standardizations
  and industrial consortia
• “Clearly, the time to forge a common framework
  based on Semantic interoperability standards and e-
  Business web services standards is now.”
   Patrick Gannon,
   CEO and President, OASIS – Book foreword
Q&A

• Question and answer
 –Frågar och svara
   • question et réponse
      –‫پرسشو پاسخ‬
        »问题和解答
Thanks!
• Thank you for participating
Contact Details

Nima Dokoohaki

  Solution Architect
  M.Sc in Software Engineering of
  Distributed Systems
  Stockholm
  Sweden
  Mobile:+46762697630
  Email:nimadokoohaki@gmail.com
  Skype:nimakth