Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-Science Meeting March 2004 1 Trusted Coordination in Dynamic Virtual Organisations Santosh Shrivastava School of Computing Science Newcastle University,

Published byMichael Dixon Modified over 8 years ago

Similar presentations

Presentation on theme: "E-Science Meeting March 2004 1 Trusted Coordination in Dynamic Virtual Organisations Santosh Shrivastava School of Computing Science Newcastle University,"— Presentation transcript:

1 e-Science Meeting March 2004 1 Trusted Coordination in Dynamic Virtual Organisations Santosh Shrivastava School of Computing Science Newcastle University, UK santosh.shrivastava@ncl.ac.uk

2 e-Science Meeting March 2004 2 Virtual Organisations Organisations want to create composite services using services of other organisations –This leads to resource sharing across organisational boundaries –Such sharing needs to be encoded as business relationships (“virtual organisations (VOs)” ) –You need to be able to set up, manage and terminate VOs –A VO however, blurs the distinction between 'outsiders' and 'insiders' –A central problem in VO management is therefore how organisations can regulate access to their resources by other organisations –So you need Middleware for regulated interactions »this is a core requirement

3 e-Science Meeting March 2004 3 Regulated interactions Approach: –Follow the practices of the paper based world where contracts are used –relationships between organisations for information access and sharing will need to be regulated by electronic contracts –Interactions need to be traceable (auditable), monitored, and only those that are OK wrt the contract are permitted So, Middleware for regulated interactions requires: –Non-repudiable service invocation and data sharing mechanisms »We call these “trusted coordination” mechanisms »Trust is achieved through regulation –Contract management services »Ways of representing contracts as executable objects, trusted (possibly third party) services for monitoring contract compliance,…

4 e-Science Meeting March 2004 4 Regulated interactions Non-repudiable interactions require creation of a trust domain through intermediaries

5 e-Science Meeting March 2004 5 Regulated interactions TTP: Trusted Third Party Many ways of creating a trust domain:

6 e-Science Meeting March 2004 6 Regulated interactions Let us consider 2-party, client-server interaction Server needs evidence that: –The request originated at the client: non-repudiation of origin (NRO) of the request –The response was received by the client: non-repudiation of receipt (NRR) of the response Client needs evidence that: –The request was received by the server (NRR req.) –The response originated at the server (NRO resp.)

7 e-Science Meeting March 2004 7 Regulated interactions EXAMPLE: service invocation

8 e-Science Meeting March 2004 8 Regulated interactions Information Sharing Multi-party, peer-peer interaction For an update proposed by A: –B and C need evidence that update originated at A (NRO update) –A needs evidence that B and C received the update (NRR update) –A, B and C need evidence that, after update, the information will be in a consistent, agreed state (NRO agreement, NRR agreement) A update i B C

9 e-Science Meeting March 2004 9 Use of Interceptors.. upd (5) Evidence required: State transition proposed by A (propose: step 2) Decisions on validity of transition from B and C (respond: step 3) Collective decision (resolve: step 4) Shared information is only updated if the collective decision is that A’s proposal is valid Incentives to good behaviour stronger than for one-off service invocation upd (1) C B prop (2) resp (3) reslv (4) prop (2) resp (3) A i reslv (4)

10 e-Science Meeting March 2004 10 Regulated interactions Infrastructure Requirements: Cryptographic primitives –Digital signatures, secure message digest (hash), secure random number generation Credential (certificate) management Access control services –Intra-organisation: map user to role –Inter-organisation: map credential to role Non-repudiation log –protocol-specific –include signed hash of state in evidence State store –map hash of state to persistent representation of state

11 e-Science Meeting March 2004 11 Regulated interactions Infrastructure Requirements (contd.): Coordination service to execute NR protocols (configurable to specific protocol) Membership service (for information sharing only) –Maintain group membership information (mapping members to credentials) –Membership is coordinated using NR protocols executed by coordination service Communication subsystem Trusted time-stamping service –To verify a signing key was not compromised at time of use (evidence generation)

12 e-Science Meeting March 2004 12 Virtual Organisations Contract Management –Contracts as executable objects (“active contracts”) »Declarative ways of specifying rights and obligations »Converting declarative specifications into imperative programs (cross-organisation ‘business processes’) that control and coordinate multiparty interactions using trusted coordination mechanisms –Workflow enactment facilities for business process execution –Contract monitoring and violation detection services See the poster for additional details –Parts of workflow, contract representation, non-repudiation subsystems have been designed and implemented (with the help of other EPSRC, EU projects) Technologies will be demonstrated through the GOLD project –See the poster on GOLD project

13 e-Science Meeting March 2004 13 Recent Papers C. Molina-Jimenez, S.K. Shrivastava, E. Solaiman and J. Warne, “Contract Representation for Run-time Monitoring and Enforcement”, IEEE Conference on Electronic Commerce (CEC’03), Newport Beach, CA, June 2003, pp. 103-110. Paul D Ezhilchelvan and Santosh K Shrivastava, “Systematic Development of a Family of Fair Exchange Protocols”, Seventeenth Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Estes Park, Colorado, August 2003. Ellis Solaiman, Carlos Molina-Jimenez, and Santosh Shrivastava, “Model Checking Correctness Properties of Electronic Contracts”, International Conference on Service Oriented Computing 2003, LNCS 2910, pp. 303-318, 2003. Nick Cook, Paul Robinson and Santosh Shrivastava, “Component Middleware to Support Non-repudiable Service Interactions”, IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 04, Florence, June 2004. Carlos Molina-Jimenez, Santosh Shrivastava, Jon Crowcroft and Panos Gevros, “On the Monitoring of Contractual Service Level Agreements”, IEEE International Workshop on Electronic Contracting (WEC), July 2004, San Diego. S.J.Woodman, D.J.Palmer, S.K.Shrivastava, S.M.Wheater, “A System for Distributed Enactment of Composite Web Services”, Forum Session at International Conference on Service Oriented Computing 2003, Tech Report DIT 03 056, University of Trento, Department of Information and Communication Technology

Download ppt "E-Science Meeting March 2004 1 Trusted Coordination in Dynamic Virtual Organisations Santosh Shrivastava School of Computing Science Newcastle University,"

Similar presentations

CONFIDENTIAL 1 Preparing for & Maintaining PCI Compliance.

CONFIDENTIAL 1 Preparing for & Maintaining PCI Compliance.
VO Support and directions in OMII-UK Steven Newhouse, Director.

VO Support and directions in OMII-UK Steven Newhouse, Director.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
TAPASDelivMarch04 1 TAPAS Deliverables for March 04 (Trusted and QoS-Aware Provision of Application Services) Santosh Shrivastava Newcastle University.

TAPASDelivMarch04 1 TAPAS Deliverables for March 04 (Trusted and QoS-Aware Provision of Application Services) Santosh Shrivastava Newcastle University.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Dynamic SLAs Discussion Omer Rana, School of Computer Science, Cardiff.

Dynamic SLAs Discussion Omer Rana, School of Computer Science, Cardiff.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.

1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Trusted Coordination ADAPT Workshop, 11-12 December 03 1 Building Blocks for Trusted Coordination (a status report from the TAPAS project) Santosh Shrivastava.

Trusted Coordination ADAPT Workshop, December 03 1 Building Blocks for Trusted Coordination (a status report from the TAPAS project) Santosh Shrivastava.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.

Similar presentations

Ads by Google