• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Security in Semantic Web Services
 

Security in Semantic Web Services

on

  • 6,574 views

Security in Semantic Web Services: Role of Security, Authorization, Privacy and Trust in Semantic Web, OASIS adoption forum, Fall 2006, London

Security in Semantic Web Services: Role of Security, Authorization, Privacy and Trust in Semantic Web, OASIS adoption forum, Fall 2006, London

Statistics

Views

Total Views
6,574
Views on SlideShare
6,531
Embed Views
43

Actions

Likes
7
Downloads
256
Comments
0

3 Embeds 43

http://web.it.kth.se 31
http://www.slideshare.net 11
http://www.docseek.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Security in Semantic Web Services Security in Semantic Web Services Presentation Transcript

    • Security in Semantic Web Services : Role of Security , Authorization , Privacy and Trust in Semantic Web Nima Dokoohaki OASIS Adoption Forum London 2006
    • Agenda
      • Semantic Web Services;
      • Concept and technologies
      • Role of Semantic Web Services and current position of it
      • Describing the Security Dimensions in the context of Semantic Web Services
      • Defining and Describing an adoption model for standards defined in practice
    • Semantic Web Services
      • Intelligent Distributed Systems
      • Syntactic Vs. Semantic Web Services
      • Impact of lack of semantics;
        • Lack of machine readability prevents their usage in Complex Business Contexts
      • Adding rich formal description of Capabilities to Web services, solves this problem allowing them to be consumed and utilized by businesses without human intervention(main goal of bringing semantics to context of web services)
      • Semantic Web Services (SWS) eliminates this obstacle by adding Web services ,rich formal descriptions of their capabilities, facilitating automated composition, discovery, dynamic binding, and invocation of services within an open environment
      • Requirememt and Prequisite ;
        • Emergence and evolution of
        • A semantic execution environment
        • (A real practical presentation of Semantic Web Vision)
    • Selection Invocation Composition Ontology Management Publishing Deployment Discovery Activities Register Reasoner Decomposer Invoker Matchmaker Architecture Pre-condition input Cost output Atomic Service Post-condition Composite Service Category Service Ontology SWS
    • Agenda
      • Semantic Web Services;
      • Concept and technologies
      • Role of Semantic Web Services and current position of it
      • Describing the Security Dimensions in the context of Semantic Web Services
      • Defining and Describing an adoption model for standards defined in practice
    • The main and Original Motivation
      • Enhance interoperability between heterogeneous information systems
      • Two majors areas of application:
        • Enterprise Application Integration (EAI)
        • Connecting separated systems quickly and at low costs;
        • Business to Business (B2B) Integration ,
        • Reducing costs and Enhancing flexibility of cooperation.
      • Efficiency (Cost and Time)
        • Human interaction between UDDI and web services , lookup time ;
          • ” Semantics can save time and cost”
      • Simple maintenance
      • Promising
    • Semantics driven solutions; Final Destination,or Next Step?
      • Semantic Business Services
        • Making business web based
      • Bringing the Web services and Semantic Web Services to the next level , to Semantic Business Services or Semantic e-Services
      • Still a big challenge :
        • Large Scale Integration that consumes and utilizes multiple web services
        • Bringing the businesses to their full potential
      • Semantically enriching is a solution toward appropriate large scale integration
    • Current frameworks for Semantic Web Services and their orientations
      • Three Main frameworks for SWS:
        • IRS-III ( The Internet Reasoning Service);
          • Knowledge Based
        • OWL-S (OWL-based Web Service Ontology) ;
          • Agent oriented
        • WSMF (Web Services Modelling framework) ;
          • Business oriented
          • Focusing on a set of ecommerce/ebusiness requirements for Web Services including
          • ” trust and security ”.
    • Current progress; Focus on WSMX
      • WSMX (Web Services execution environment):
        • Reference implementation of WSMO.
      • An execution environment for business application integration, where enhanced web services are integrated for various business applications:
        • increase business processes automation in a very flexible manner while providing scalable integration solution
    • OASIS and Semantic works
      • SEE
      • ( Semantic Execution Environment ) technical committee
        • Guidelines , Justifications and Implementation directions for an execution environment for Semantic Web services (proposed WSMX ).
        • SEE is Engineering a standardized globally-recognized architecture of an intelligent distributed system, where semantically-enriched components can be plugged in and executed according to dynamic execution semantics.
      • A committee focusing on practical ebusiness applications of SWS
    • OASIS and Semantic works: Progress and deliverables
      • A brief intro to their past and ongoing work:
        • Infrastractural work for SWS ; Justifications,guidelines and also implementations for semantically-enriched SOA and SWS applications ;
          • eHealth,
          • eBanking,
          • eGovernment services,
          • GIS ( Geographical Information Systems )
    • Agenda
      • Semantic Web Services;
      • Concept and technologies
      • Role of Semantic Web Services and current position of it
      • Describing the Security Dimensions in the context of Semantic Web Services
      • Defining and Describing an adoption model for standards defined in practice
    • SWS security requirements: Security,Privacy and Trust
      • Requirements are arising from three kinds of policies :
        • Security policies
        • Privacy policies
        • Trust-based policies
      • Functional:
        • Semantically described security policies.
        • Semantically described privacy policies.
        • Respecting individual client requirements.
      • Architectural:
        • Protocols for publication and description of service security policies and authentication requirements.
        • Semantic policy evaluation mechanisms.
        • Semantically controlled policy enforcement.
        • Trust-based authentication and authorization.
        • Communication and logging of security evaluation results
    • Role of OASIS in SWS Security
      • Fact1: OASIS Security works have the following properties:
        • Modularity : easier to implement as building block in a solution
        • Composability : easier solution engineering and maintenance
      • Fact2 : OASIS has the history of converging many industry leading standards
      • Fact3 : OASIS is a globally recognized the scenarios and usecases library
      • Fact4 : ongoing work for semantics and security driven efforts is undergoing within OASIS
      • Conclusion :
      • OASIS is where all efforts from different directions should and will merge and makeup tommorow’s Industry recognized standards and guidelines for any semantically driven service oriented architecture
    • Solution: Semantic Policy Framework
      • semantically-rich policy representations
        • Human error reduction,
        • Simplification of policy analysis,
        • policy conflicts reduction,
        • Interoperability facilitation
      • The adoption of a policy grounded-approach for controlling a system requires an appropriate policy representation and the design and development of a policy management framework, realizing the need for a Semantic Policy Framework
      • Policies will be increasingly important to the real world implementation of Semantic Web Services
      • Policy ontology is an enabler for Semantic policy framework
    • adoption of policy Ontologies :pros
        • Ontology simplifies the task of governing the behavior of complex ,Increasingly dynamic, multi -disciplinary business environments .
        • Adaptation with several kinds of business and workflow contexts
        • High-level management requirements
        • Simplification in many aspects of policy engineering such as policy description, analysis and access
    • adoption of policy Ontologies :cons
      • the adoption of Ontologies for policy specification requires addressing some technical difficulties in presentation and implementation ;
        • Semantic web languages used for ontology representation still present a complex description making the code very difficult to read
        • The gap between the specification and the implementation of policies cannot be completely overcome in an automated manner.
    • Agenda
      • Semantic Web Services;
      • Concept and technologies
      • Role of Semantic Web Services and current position of it
      • Describing the Security Dimensions in the context of Semantic Web Services
      • Defining and Describing an adoption model for standards defined in practice
    • Semantic Web Services Semantic Execution Environment eGovernments, Businesses, Citizens OASIS Security Standards OASIS Web Services Works OASIS Semantics Effort
    • Semantic Requirements Requester’s Authorization information Service Requester Distributed Registry (UDDI / ebXML RR) Service Discovery Distibuted Ontology Repository Policy Ontology Domain Ontology Trust Negotiator Trust Warehouse Distributed Trust (Web of Trust) Semantic Web Service Service sends requester’s authorization info to requester Trust Negotiation Service Invocation Authorization Manager Semantic Execution Environment
    • Remaining issues: policy framework obstacles
      • Approaches toward a common global semantic policy framework have generated divergent solutions ;
        • best suited for particular ranges of applications
        • discourage a common approach for all situations
      • it is still not clear ” why a common approach should succeed for policy specification,presentation and deployment ”.
        • Clearly stating the need for standardization and convergence efforts
    • Remaining issues: semantic efforts
      • Immaturity of the most important of dimensions of SWS
      • Immaturity of essential standards supporting semantic web and semantic web services
      • The importance and efficiency of Semantical-enrichment has not yet realized by many industries and businesses
      • Most important, semantic efforts are progressing and are shaping but still semantic web services security research and development needs more attention and investment from academia and industry .
    • Role of OASIS : Creating the ” Concrete ” for the road construction
      • Standardization of a common service execution environment, sets a great starting point for the implementation, deployment and most important ,convergence of ongoing, existing and future semantic works.
      • Liaisons with related standardizations and industrial consortia
      • “ Clearly, the time to forge a common framework based on Semantic interoperability standards and e-Business web services standards is now.”
      Patrick Gannon, CEO and President, OASIS – Book foreword
    • Q&A
      • Question and answer
        • Frågar och svara
          • question et réponse
            • پرسش و پاسخ
              • 问题和解答
    • Thanks!
      • Thank you for participating
    • Contact Details
      • Nima Dokoohaki
        • Solution Architect
        • M.Sc in Software Engineering of
        • Distributed Systems
        • Stockholm
        • Sweden
        • Mobile:+46762697630
        • Email:nimadokoohaki@gmail.com
        • Skype:nimakth
    • Resources
      • Intelligent Web Services (Alun Preece, Stefan Decker),IEEE
        • http://www.csd.abdn.ac.uk/~apreece/research/download/ieeeis2002.pdf
      • Approaches to Semantic Web Services:An Overiew and Comparisons, Cabral et al.
        • http://kmi.open.ac.uk/projects/irs/cabralESWS04.pdf
      • Semantic Web Services, Processes and Applications ,Jorge Cardoso, Amit Sheth
        • http://dme.uma.pt/jcardoso/Books/Semantic-Web-Services-Processes-and-Applications/index.php?file=19
      • Semantic Driven Solutions
        • http://www.plirosoft.ethz.ch/services/BySubject/semdatamining/index_EN
      v
    • Resources
      • OASIS SEE TC online resources
        • http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=semantic-ex
      • The web services modelling framework. Fensel,Bussler
        • http://www.swsi.org/resources/wsmf-paper.pdf
      • Semantic Web Services Architecture RequirementsVersion 1.0 (1 June 2004)
        • http://www.daml.org/services/swsa/swsa-requirements.html
      • Semantic Policy-based Security Framework for Business Processes, Huang
        • http://www.csee.umbc.edu/swpw/papers/huang.pdf
      • Semantic Descriptions ofWeb Services Security Constraints,Huang
        • http ://iaks-www.ira.uka.de/iaks-calmet/papers/huang06-2.pdf
    • Resources
      • Integration of KAoS Policy Services with Semantic Web Services,Uszok et al.
        • http://iswc2004.semanticweb.org/demos/08/paper.pdf
      • KAoS Policy Management for Semantic Web Services , Uszok et al http ://www.aiai.ed.ac.uk/project/ix/documents/2004/2004-ieee-is-uszok-kaos.pdf
      • Expressing Semantic web services authorization. patterson,miller
      • http://lsdis.cs.uga.edu/~rsp/Expressing%20Authorization%20for%20Semantic%20Discovery%20of%20Web%20Services.ppt
      • OASIS and Web Services Standards, Patrick Gannon
      • http://www.daml.org/services/swsa/working/oasis-semantic-ws-briefing-040817-JBC.ppt
      • Semantic Web Languages for Policy Representation
      • and Reasoning: A Comparison of KAoS, Rei, and Ponder
      • http://www.ihmc.us/research/projects/KAoS/FinalIHMC_DEIS.pdf
    • Resources
      • Integration of KAoS Policy Services with Semantic Web Services,Uszok et al.
        • http://iswc2004.semanticweb.org/demos/08/paper.pdf
      • KAoS Policy Management for Semantic Web Services , Uszok et al http ://www.aiai.ed.ac.uk/project/ix/documents/2004/2004-ieee-is-uszok-kaos.pdf
      • Expressing Semantic web services authorization. patterson,miller
      • http://lsdis.cs.uga.edu/~rsp/Expressing%20Authorization%20for%20Semantic%20Discovery%20of%20Web%20Services.ppt
      • OASIS and Web Services Standards, Patrick Gannon
      • http://www.daml.org/services/swsa/working/oasis-semantic-ws-briefing-040817-JBC.ppt
      • Semantic Web Languages for Policy Representation
      • and Reasoning: A Comparison of KAoS, Rei, and Ponder
      • http://www.ihmc.us/research/projects/KAoS/FinalIHMC_DEIS.pdf