Security in Semantic Web Services : Role of Security , Authorization , Privacy and Trust in Semantic Web Nima Dokoohaki OASIS Adoption Forum London 2006

Agenda Semantic Web Services; Concept and technologies Role of Semantic Web Services and current position of it Describing the Security Dimensions in the context of Semantic Web Services Defining and Describing an adoption model for standards defined in practice

Semantic Web Services;

Concept and technologies

Role of Semantic Web Services and current position of it

Describing the Security Dimensions in the context of Semantic Web Services

Defining and Describing an adoption model for standards defined in practice

Semantic Web Services Intelligent Distributed Systems Syntactic Vs. Semantic Web Services Impact of lack of semantics; Lack of machine readability prevents their usage in Complex Business Contexts Adding rich formal description of Capabilities to Web services, solves this problem allowing them to be consumed and utilized by businesses without human intervention(main goal of bringing semantics to context of web services) Semantic Web Services (SWS) eliminates this obstacle by adding Web services ,rich formal descriptions of their capabilities, facilitating automated composition, discovery, dynamic binding, and invocation of services within an open environment Requirememt and Prequisite ; Emergence and evolution of A semantic execution environment (A real practical presentation of Semantic Web Vision)

Intelligent Distributed Systems

Syntactic Vs. Semantic Web Services

Impact of lack of semantics;

Lack of machine readability prevents their usage in Complex Business Contexts

Adding rich formal description of Capabilities to Web services, solves this problem allowing them to be consumed and utilized by businesses without human intervention(main goal of bringing semantics to context of web services)

Semantic Web Services (SWS) eliminates this obstacle by adding Web services ,rich formal descriptions of their capabilities, facilitating automated composition, discovery, dynamic binding, and invocation of services within an open environment

Requirememt and Prequisite ;

Emergence and evolution of

A semantic execution environment

(A real practical presentation of Semantic Web Vision)

Selection Invocation Composition Ontology Management Publishing Deployment Discovery Activities Register Reasoner Decomposer Invoker Matchmaker Architecture Pre-condition input Cost output Atomic Service Post-condition Composite Service Category Service Ontology SWS

Agenda Semantic Web Services; Concept and technologies Role of Semantic Web Services and current position of it Describing the Security Dimensions in the context of Semantic Web Services Defining and Describing an adoption model for standards defined in practice

Semantic Web Services;

Concept and technologies

Role of Semantic Web Services and current position of it

Describing the Security Dimensions in the context of Semantic Web Services

Defining and Describing an adoption model for standards defined in practice

The main and Original Motivation Enhance interoperability between heterogeneous information systems Two majors areas of application: Enterprise Application Integration (EAI) Connecting separated systems quickly and at low costs; Business to Business (B2B) Integration , Reducing costs and Enhancing flexibility of cooperation. Efficiency (Cost and Time) Human interaction between UDDI and web services , lookup time ; ” Semantics can save time and cost” Simple maintenance Promising

Enhance interoperability between heterogeneous information systems

Two majors areas of application:

Enterprise Application Integration (EAI)

Connecting separated systems quickly and at low costs;

Business to Business (B2B) Integration ,

Reducing costs and Enhancing flexibility of cooperation.

Efficiency (Cost and Time)

Human interaction between UDDI and web services , lookup time ;

” Semantics can save time and cost”

Simple maintenance

Promising

Semantics driven solutions; Final Destination,or Next Step? Semantic Business Services Making business web based Bringing the Web services and Semantic Web Services to the next level , to Semantic Business Services or Semantic e-Services Still a big challenge : Large Scale Integration that consumes and utilizes multiple web services Bringing the businesses to their full potential Semantically enriching is a solution toward appropriate large scale integration

Semantic Business Services

Making business web based

Bringing the Web services and Semantic Web Services to the next level , to Semantic Business Services or Semantic e-Services

Still a big challenge :

Large Scale Integration that consumes and utilizes multiple web services

Bringing the businesses to their full potential

Semantically enriching is a solution toward appropriate large scale integration

Current frameworks for Semantic Web Services and their orientations Three Main frameworks for SWS: IRS-III ( The Internet Reasoning Service); Knowledge Based OWL-S (OWL-based Web Service Ontology) ; Agent oriented WSMF (Web Services Modelling framework) ; Business oriented Focusing on a set of ecommerce/ebusiness requirements for Web Services including ” trust and security ”.

Three Main frameworks for SWS:

IRS-III ( The Internet Reasoning Service);

Knowledge Based

OWL-S (OWL-based Web Service Ontology) ;

Agent oriented

WSMF (Web Services Modelling framework) ;

Business oriented

Focusing on a set of ecommerce/ebusiness requirements for Web Services including

” trust and security ”.

Current progress; Focus on WSMX WSMX (Web Services execution environment): Reference implementation of WSMO. An execution environment for business application integration, where enhanced web services are integrated for various business applications: increase business processes automation in a very flexible manner while providing scalable integration solution

WSMX (Web Services execution environment):

Reference implementation of WSMO.

An execution environment for business application integration, where enhanced web services are integrated for various business applications:

increase business processes automation in a very flexible manner while providing scalable integration solution

OASIS and Semantic works SEE ( Semantic Execution Environment ) technical committee Guidelines , Justifications and Implementation directions for an execution environment for Semantic Web services (proposed WSMX ). SEE is Engineering a standardized globally-recognized architecture of an intelligent distributed system, where semantically-enriched components can be plugged in and executed according to dynamic execution semantics. A committee focusing on practical ebusiness applications of SWS

SEE

( Semantic Execution Environment ) technical committee

Guidelines , Justifications and Implementation directions for an execution environment for Semantic Web services (proposed WSMX ).

SEE is Engineering a standardized globally-recognized architecture of an intelligent distributed system, where semantically-enriched components can be plugged in and executed according to dynamic execution semantics.

A committee focusing on practical ebusiness applications of SWS

OASIS and Semantic works: Progress and deliverables A brief intro to their past and ongoing work: Infrastractural work for SWS ; Justifications,guidelines and also implementations for semantically-enriched SOA and SWS applications ; eHealth, eBanking, eGovernment services, GIS ( Geographical Information Systems )

A brief intro to their past and ongoing work:

Infrastractural work for SWS ; Justifications,guidelines and also implementations for semantically-enriched SOA and SWS applications ;

eHealth,

eBanking,

eGovernment services,

GIS ( Geographical Information Systems )

Agenda Semantic Web Services; Concept and technologies Role of Semantic Web Services and current position of it Describing the Security Dimensions in the context of Semantic Web Services Defining and Describing an adoption model for standards defined in practice

Semantic Web Services;

Concept and technologies

Role of Semantic Web Services and current position of it

Describing the Security Dimensions in the context of Semantic Web Services

Defining and Describing an adoption model for standards defined in practice

SWS security requirements: Security,Privacy and Trust Requirements are arising from three kinds of policies : Security policies Privacy policies Trust-based policies Functional: Semantically described security policies. Semantically described privacy policies. Respecting individual client requirements. Architectural: Protocols for publication and description of service security policies and authentication requirements. Semantic policy evaluation mechanisms. Semantically controlled policy enforcement. Trust-based authentication and authorization. Communication and logging of security evaluation results

Requirements are arising from three kinds of policies :

Security policies

Privacy policies

Trust-based policies

Functional:

Semantically described security policies.

Semantically described privacy policies.

Respecting individual client requirements.

Architectural:

Protocols for publication and description of service security policies and authentication requirements.

Semantic policy evaluation mechanisms.

Semantically controlled policy enforcement.

Trust-based authentication and authorization.

Communication and logging of security evaluation results

Role of OASIS in SWS Security Fact1: OASIS Security works have the following properties: Modularity : easier to implement as building block in a solution Composability : easier solution engineering and maintenance Fact2 : OASIS has the history of converging many industry leading standards Fact3 : OASIS is a globally recognized the scenarios and usecases library Fact4 : ongoing work for semantics and security driven efforts is undergoing within OASIS Conclusion : OASIS is where all efforts from different directions should and will merge and makeup tommorow’s Industry recognized standards and guidelines for any semantically driven service oriented architecture

Fact1: OASIS Security works have the following properties:

Modularity : easier to implement as building block in a solution

Composability : easier solution engineering and maintenance

Fact2 : OASIS has the history of converging many industry leading standards

Fact3 : OASIS is a globally recognized the scenarios and usecases library

Fact4 : ongoing work for semantics and security driven efforts is undergoing within OASIS

Conclusion :

OASIS is where all efforts from different directions should and will merge and makeup tommorow’s Industry recognized standards and guidelines for any semantically driven service oriented architecture

Solution: Semantic Policy Framework semantically-rich policy representations Human error reduction, Simplification of policy analysis, policy conflicts reduction, Interoperability facilitation The adoption of a policy grounded-approach for controlling a system requires an appropriate policy representation and the design and development of a policy management framework, realizing the need for a Semantic Policy Framework Policies will be increasingly important to the real world implementation of Semantic Web Services Policy ontology is an enabler for Semantic policy framework

semantically-rich policy representations

Human error reduction,

Simplification of policy analysis,

policy conflicts reduction,

Interoperability facilitation

The adoption of a policy grounded-approach for controlling a system requires an appropriate policy representation and the design and development of a policy management framework, realizing the need for a Semantic Policy Framework

Policies will be increasingly important to the real world implementation of Semantic Web Services

Policy ontology is an enabler for Semantic policy framework

adoption of policy Ontologies :pros Ontology simplifies the task of governing the behavior of complex ,Increasingly dynamic, multi -disciplinary business environments . Adaptation with several kinds of business and workflow contexts High-level management requirements Simplification in many aspects of policy engineering such as policy description, analysis and access

Ontology simplifies the task of governing the behavior of complex ,Increasingly dynamic, multi -disciplinary business environments .

Adaptation with several kinds of business and workflow contexts

High-level management requirements

Simplification in many aspects of policy engineering such as policy description, analysis and access

adoption of policy Ontologies :cons the adoption of Ontologies for policy specification requires addressing some technical difficulties in presentation and implementation ; Semantic web languages used for ontology representation still present a complex description making the code very difficult to read The gap between the specification and the implementation of policies cannot be completely overcome in an automated manner.

the adoption of Ontologies for policy specification requires addressing some technical difficulties in presentation and implementation ;

Semantic web languages used for ontology representation still present a complex description making the code very difficult to read

The gap between the specification and the implementation of policies cannot be completely overcome in an automated manner.

Agenda Semantic Web Services; Concept and technologies Role of Semantic Web Services and current position of it Describing the Security Dimensions in the context of Semantic Web Services Defining and Describing an adoption model for standards defined in practice

Semantic Web Services;

Concept and technologies

Role of Semantic Web Services and current position of it

Describing the Security Dimensions in the context of Semantic Web Services

Defining and Describing an adoption model for standards defined in practice

Semantic Web Services Semantic Execution Environment eGovernments, Businesses, Citizens OASIS Security Standards OASIS Web Services Works OASIS Semantics Effort

Semantic Requirements Requester’s Authorization information Service Requester Distributed Registry (UDDI / ebXML RR) Service Discovery Distibuted Ontology Repository Policy Ontology Domain Ontology Trust Negotiator Trust Warehouse Distributed Trust (Web of Trust) Semantic Web Service Service sends requester’s authorization info to requester Trust Negotiation Service Invocation Authorization Manager Semantic Execution Environment

Remaining issues: policy framework obstacles Approaches toward a common global semantic policy framework have generated divergent solutions ; best suited for particular ranges of applications discourage a common approach for all situations it is still not clear ” why a common approach should succeed for policy specification,presentation and deployment ”. Clearly stating the need for standardization and convergence efforts

Approaches toward a common global semantic policy framework have generated divergent solutions ;

best suited for particular ranges of applications

discourage a common approach for all situations

it is still not clear ” why a common approach should succeed for policy specification,presentation and deployment ”.

Clearly stating the need for standardization and convergence efforts

Remaining issues: semantic efforts Immaturity of the most important of dimensions of SWS Immaturity of essential standards supporting semantic web and semantic web services The importance and efficiency of Semantical-enrichment has not yet realized by many industries and businesses Most important, semantic efforts are progressing and are shaping but still semantic web services security research and development needs more attention and investment from academia and industry .

Immaturity of the most important of dimensions of SWS

Immaturity of essential standards supporting semantic web and semantic web services

The importance and efficiency of Semantical-enrichment has not yet realized by many industries and businesses

Most important, semantic efforts are progressing and are shaping but still semantic web services security research and development needs more attention and investment from academia and industry .

Role of OASIS : Creating the ” Concrete ” for the road construction Standardization of a common service execution environment, sets a great starting point for the implementation, deployment and most important ,convergence of ongoing, existing and future semantic works. Liaisons with related standardizations and industrial consortia “ Clearly, the time to forge a common framework based on Semantic interoperability standards and e-Business web services standards is now.” Patrick Gannon, CEO and President, OASIS – Book foreword

Standardization of a common service execution environment, sets a great starting point for the implementation, deployment and most important ,convergence of ongoing, existing and future semantic works.

Liaisons with related standardizations and industrial consortia

“ Clearly, the time to forge a common framework based on Semantic interoperability standards and e-Business web services standards is now.”

Q&A Question and answer Frågar och svara question et réponse پرسش و پاسخ 问题和解答

Question and answer

Frågar och svara

question et réponse

پرسش و پاسخ

问题和解答

Thanks! Thank you for participating

Thank you for participating

Contact Details Nima Dokoohaki Solution Architect M.Sc in Software Engineering of Distributed Systems Stockholm Sweden Mobile:+46762697630 Email:nimadokoohaki@gmail.com Skype:nimakth

Nima Dokoohaki

Solution Architect

M.Sc in Software Engineering of

Distributed Systems

Stockholm

Sweden

Mobile:+46762697630

Email:nimadokoohaki@gmail.com

Skype:nimakth

Resources Intelligent Web Services (Alun Preece, Stefan Decker),IEEE http://www.csd.abdn.ac.uk/~apreece/research/download/ieeeis2002.pdf Approaches to Semantic Web Services:An Overiew and Comparisons, Cabral et al. http://kmi.open.ac.uk/projects/irs/cabralESWS04.pdf Semantic Web Services, Processes and Applications ,Jorge Cardoso, Amit Sheth http://dme.uma.pt/jcardoso/Books/Semantic-Web-Services-Processes-and-Applications/index.php?file=19 Semantic Driven Solutions http://www.plirosoft.ethz.ch/services/BySubject/semdatamining/index_EN v

Intelligent Web Services (Alun Preece, Stefan Decker),IEEE

http://www.csd.abdn.ac.uk/~apreece/research/download/ieeeis2002.pdf

Approaches to Semantic Web Services:An Overiew and Comparisons, Cabral et al.

http://kmi.open.ac.uk/projects/irs/cabralESWS04.pdf

Semantic Web Services, Processes and Applications ,Jorge Cardoso, Amit Sheth

http://dme.uma.pt/jcardoso/Books/Semantic-Web-Services-Processes-and-Applications/index.php?file=19

Semantic Driven Solutions

http://www.plirosoft.ethz.ch/services/BySubject/semdatamining/index_EN

Resources OASIS SEE TC online resources http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=semantic-ex The web services modelling framework. Fensel,Bussler http://www.swsi.org/resources/wsmf-paper.pdf Semantic Web Services Architecture RequirementsVersion 1.0 (1 June 2004) http://www.daml.org/services/swsa/swsa-requirements.html Semantic Policy-based Security Framework for Business Processes, Huang http://www.csee.umbc.edu/swpw/papers/huang.pdf Semantic Descriptions ofWeb Services Security Constraints,Huang http ://iaks-www.ira.uka.de/iaks-calmet/papers/huang06-2.pdf

OASIS SEE TC online resources

http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=semantic-ex

The web services modelling framework. Fensel,Bussler

http://www.swsi.org/resources/wsmf-paper.pdf

Semantic Web Services Architecture RequirementsVersion 1.0 (1 June 2004)

http://www.daml.org/services/swsa/swsa-requirements.html

Semantic Policy-based Security Framework for Business Processes, Huang

http://www.csee.umbc.edu/swpw/papers/huang.pdf

Semantic Descriptions ofWeb Services Security Constraints,Huang

http ://iaks-www.ira.uka.de/iaks-calmet/papers/huang06-2.pdf

Resources Integration of KAoS Policy Services with Semantic Web Services,Uszok et al. http://iswc2004.semanticweb.org/demos/08/paper.pdf KAoS Policy Management for Semantic Web Services , Uszok et al http ://www.aiai.ed.ac.uk/project/ix/documents/2004/2004-ieee-is-uszok-kaos.pdf Expressing Semantic web services authorization. patterson,miller http://lsdis.cs.uga.edu/~rsp/Expressing%20Authorization%20for%20Semantic%20Discovery%20of%20Web%20Services.ppt OASIS and Web Services Standards, Patrick Gannon http://www.daml.org/services/swsa/working/oasis-semantic-ws-briefing-040817-JBC.ppt Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder http://www.ihmc.us/research/projects/KAoS/FinalIHMC_DEIS.pdf

Integration of KAoS Policy Services with Semantic Web Services,Uszok et al.

http://iswc2004.semanticweb.org/demos/08/paper.pdf

KAoS Policy Management for Semantic Web Services , Uszok et al http ://www.aiai.ed.ac.uk/project/ix/documents/2004/2004-ieee-is-uszok-kaos.pdf

Expressing Semantic web services authorization. patterson,miller

http://lsdis.cs.uga.edu/~rsp/Expressing%20Authorization%20for%20Semantic%20Discovery%20of%20Web%20Services.ppt

OASIS and Web Services Standards, Patrick Gannon

http://www.daml.org/services/swsa/working/oasis-semantic-ws-briefing-040817-JBC.ppt

Semantic Web Languages for Policy Representation

and Reasoning: A Comparison of KAoS, Rei, and Ponder

http://www.ihmc.us/research/projects/KAoS/FinalIHMC_DEIS.pdf

Resources Integration of KAoS Policy Services with Semantic Web Services,Uszok et al. http://iswc2004.semanticweb.org/demos/08/paper.pdf KAoS Policy Management for Semantic Web Services , Uszok et al http ://www.aiai.ed.ac.uk/project/ix/documents/2004/2004-ieee-is-uszok-kaos.pdf Expressing Semantic web services authorization. patterson,miller http://lsdis.cs.uga.edu/~rsp/Expressing%20Authorization%20for%20Semantic%20Discovery%20of%20Web%20Services.ppt OASIS and Web Services Standards, Patrick Gannon http://www.daml.org/services/swsa/working/oasis-semantic-ws-briefing-040817-JBC.ppt Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder http://www.ihmc.us/research/projects/KAoS/FinalIHMC_DEIS.pdf

Integration of KAoS Policy Services with Semantic Web Services,Uszok et al.

http://iswc2004.semanticweb.org/demos/08/paper.pdf

KAoS Policy Management for Semantic Web Services , Uszok et al http ://www.aiai.ed.ac.uk/project/ix/documents/2004/2004-ieee-is-uszok-kaos.pdf

Expressing Semantic web services authorization. patterson,miller

http://lsdis.cs.uga.edu/~rsp/Expressing%20Authorization%20for%20Semantic%20Discovery%20of%20Web%20Services.ppt

OASIS and Web Services Standards, Patrick Gannon

http://www.daml.org/services/swsa/working/oasis-semantic-ws-briefing-040817-JBC.ppt

Semantic Web Languages for Policy Representation

and Reasoning: A Comparison of KAoS, Rei, and Ponder

http://www.ihmc.us/research/projects/KAoS/FinalIHMC_DEIS.pdf