Towards Standards-Compliant Trust Negotiation for Web
نویسندگان
چکیده
Web services are a powerful distributed computing abstraction in that they enable users to develop workflows that incorporate data and information processing services located in multiple organizational domains. Fully realizing the potential of this computing paradigm requires a flexible authorization mechanism that can function correctly without a priori knowledge of the users in the system. Trust negotiation has been proposed as a viable solution to this problem, but doing so within the framework provided by existing web services standards remains an unsolved problem. In this paper, we show how existing web services standards can be extended to enable fully standards-compliant support for trust negotiation. We also show that it is possible to compile trust negotiation policies specified using the WS-SecurityPolicy standard into a representation that is suitable for analysis by Clouseau, a highly-efficient trust negotiation policy compliance checker. Lastly, we show that the TrustBuilder2 framework for trust negotiation can be parameterized to act as a trust engine that can be used by the WS-Trust standard to facilitate these negotiations.
منابع مشابه
Towards Standards-Compliant Trust Negotiation for Web Services
Web services are a powerful distributed computing abstraction in that they enable users to develop workflows that incorporate data and information processing services located in multiple organizational domains. Fully realizing the potential of this computing paradigm requires a flexible authorization mechanism that can function correctly without a priori knowledge of the users in the system. Tr...
متن کاملTowards Standards-Compliant Trust Negotiation for Web Services (Extended Version)∗
Web services are a powerful distributed computing abstraction in that they enable users to develop workflows that incorporate data and information processing services located in multiple organizational domains. Fully realizing the potential of this computing paradigm requires a flexible authorization mechanism that can function correctly without a priori knowledge of the users in the system. Tr...
متن کاملModel-Driven Trust Negotiation for Web Services
The Trust-Serv trust negotiation framework supports policy lifecycle management for Web services. T rust negotiation is an approach to access control whereby access is granted based on trust established in a negotiation between the service requester and the service provider. 1 In this negotiation, credentials — signed assertions that describe the owner's attributes — are exchanged iteratively t...
متن کاملPeerTrust: Automated Trust Negotiation for Peers on the Semantic Web
Researchers have recently begun to develop and investigate policy languages to describe trust and security requirements on the Semantic Web [14, 24]. Such policies will be one component of a run-time system that can negotiate to establish trust on the Semantic Web. In this paper, we show how to express different kinds of access control policies and control their use at run time using PeerTrust,...
متن کاملDesign and Implementation of GeoBrain Online Analysis System (GeOnAS)
GeOnAS is an extensible, scalable and powerful online geospatial analysis system based on Service Oriented Architecture (SOA), and is designed and implemented with the complementary technologies, Asynchronous JavaScript and XML (Ajax) and Web services, which greatly increase the interactive capabilities of graphical user interfaces and improve the user experience. It provides a highly interoper...
متن کامل