1 / 20

Token–based Dynamic Trust Establishment for Web Services

Token–based Dynamic Trust Establishment for Web Services. Zhengping Wu and Alfred C. Weaver Department of Computer Science University of Virginia March 2005. Outline. Motivation and Contributions State of the Art Trust Primitive and Selective Disclosure Trust Group and Dynamic Validation

danica
Download Presentation

Token–based Dynamic Trust Establishment for Web Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Token–based Dynamic Trust Establishment for Web Services Zhengping Wu and Alfred C. Weaver Department of Computer Science University of Virginia March 2005

  2. Outline • Motivation and Contributions • State of the Art • Trust Primitive and Selective Disclosure • Trust Group and Dynamic Validation • Token-based Solution for Web Service Trust Establishment • Conclusion and Future Work

  3. Consumer Bank Enrollment Service Step 1: A consumer requests enrollment service from a bank Step 2: The bank discloses its policy P to the consumer Step 3: The consumer discloses her driver’s license to the bank Step 4: The bank grants access to the enrollment service Motivation - 1

  4. Motivation - 2 • Need for trust relationships in web services environment • Need for security and privacy protection for sensitive information • Need for better mechanisms to address information leakage in trust establishment processes • Need for dynamic capability to keep track of changes in trust relationships

  5. Contributions • The proposed trust establishment mechanism fully protects the requester’s privacy. • The proposed trust establishment mechanism is capable of disclosing private attributes selectively. • The proposed trust establishment mechanism allows the established trust relationship to be updated by following the changes of the service provider’s policy.

  6. Motivation and Contributions • State of the Art • Trust Primitive and Selective Disclosure • Trust Group and Dynamic Validation • Token-based Solution for Web Service Trust Establishment • Conclusion and Future Work

  7. State of the Art • Identity-based trust establishment mechanisms (common in e-commerce) • Role-based trust establishment mechanisms • Group-based trust establishment mechanisms

  8. Motivation and Contributions • State of the Art • Trust Primitive and Selective Disclosure • Trust Group and Dynamic Validation • Token-based Solution for Web Service Trust Establishment • Conclusion and Future Work

  9. Selective Disclosure • Causes of information leakage in real life trust establishment • A credential may not be used for its intended purpose • A pre-packaged credential may reveal more information than is necessary • Selective Disclosure • Use of available pre-packaged credentials • Control of information disclosure with credential holder’s will • Trust primitive

  10. Attributes: Attribute 1 (name) Attribute 2 (ID number) Attribute 3 (gender) Attribute 4 (student/faculty/ staff status) Attribute 5 (address) Attribute 6 (token expiration) Attribute 7 (token issuer) Trust primitive 3 (dorm floor entrance) Trust primitive 2 (library checkout) Trust primitive 1 (electronic library access) Trust Primitive

  11. Attribute Service Service provider’s security domain Requester’s security domain 2 7 8 Security Token Service Security Token Service 6 3 5 9 1 10 Requester Service Provider 4 Workflow of Negotiation Using Trust Primitives Trust Primitive

  12. Motivation and Contributions • State of the Art • Trust Primitive and Selective Disclosure • Trust Group and Dynamic Validation • Token-based Solution for Web Service Trust Establishment • Conclusion and Future Work

  13. Dynamic Validation • Representation of the established trust relationship • Trust group element in security token • Requirement of trust group element in policy • Same policy with same trust group name • Dynamic validation • Change of policy indicates new trust relationship • Change of policy requires revalidation of trust group element

  14. Trust Group • Banking Customers share the same set of requirements in policy 1. • Mortgage Customers share the same set of requirements in policy 2.

  15. Motivation and Contributions • State of the Art • Trust Primitive and Selective Disclosure • Trust Group and Dynamic Validation • Token-based Solution for Web Service Trust Establishment • Conclusion and Future Work

  16. Security Token Service Security Token Service Attribute Service Attribute Service Web Service Provider Web Service Requester request Negotiation Engine Negotiation Engine dynamic trust (trust group) Architecture of the Solution

  17. Motivation and Contributions • State of the Art • Trust Primitive and Selective Disclosure • Trust Group and Dynamic Validation • Token-based Solution for Web Service Trust Establishment • Conclusion and Future Work

  18. Conclusion • The proposed trust establishment mechanism • allows the requestor to control what attributes are disclosed to the service provider • avoids disclosing more than is necessary which may happen with pre-packaged credentials • dynamically negotiates new credentials as necessary to follow changes in policy

  19. Future work • Extension of trust primitive and trust group mechanisms • to allow privacy control during delegation • to allow privacy protection during delegation

  20. The End Questions?

More Related