Future Internet of Services Future Internet of Services 3 - - PowerPoint PPT Presentation

Future Internet of Services Future Internet of Services From a TAS From a TAS3

3 Perspective

Perspective… … Danny De Cock

TAS3 Project Coordinator

Slides available from http://godot.be/slides Email: Danny.DeCock@esat.kuleuven.be

Future Networked Services

Need to converge to an environment which

– Consists of service providers

• Data repositories

– Authentic repositories inherently trusted by the user – Data aggregators

• Non-data related service providers

– That provide services to users and other service providers with

• Transparent business processes

Questions…

Who is responsible for security?

– There is no demand for secure services

• Users EXPECT services to be secure

– Infrastructure is insecure by nature

• Possibility to eavesdrop is a legal requirement

– Point-to-Point messaging is inherently insecure – End-to-End confidential sessions are discouraged/made impossible

• Secure End-to-End communication is a session/application layer

issue

– It is all about liability

• Users, content and service providers deal with mutual distrust

with contracts, SLAs, insurances

Questions…

How to make security accessible to users and service consumers?

– Security is built-into the architecture’s design

• No afterthought

– Sensible default security settings

• Securely managed, security policies are pushed to

service users

– Easy to understand security configuration

• Right-grained granularity of security settings

Questions…

Are our fundamental security mechanisms (crypto, biometrics, protocols) still adequate?

– Flexibility is key…

• Session-based negotiation of protocols, crypto

algorithms and cipher suites

– Authenticity of origin…

• Usually much more important than long-term

confidentiality

• Time stamping of authenticity proofs with state of the

art signing algorithms

Questions…

Consequences of user-centricity?

– Allows a user to become THE bottleneck if consulted whenever personal information is used – Solution:

• User-controlled sticky policies

– Sticky to the data concerned – Automatically policy evaluation

• Data stored by authentic repositories trusted by the

user

– Ante factum: repository enforces user’s policies – Post factum: transparent screening of repository’s logs

The Humble Answer… 

TAS3 focuses on services

– – T Trusted: it is trusted because you do not have to…

• Guaranteed through transparency & user-centricity
• Enforces authorization, trustworthiness, reputation and data protection

policies

– – A Architecture: technology-independent

• Integrating today’s systems, ready for tomorrow’s
• Connectors with legacy systems

– – S Securely: built-in by design

• End-to-End authentication
• Point-to-Point confidentiality

– – S Shared S Services: SOA by nature

• Distributed things provide TAS3 services ☺

Questions? ☺

Email:

– Danny.DeCock@esat.kuleuven.be – info@tas3.eu

Web:

– http://godot.be – http://tas3.eu

Business Process

Backend Service Frontend Service Bulletin Boards Backend Service Frontend Service Bulletin Boards

Business Process

Backend Service

Master PEP Master PDP Syntactic & Semantic Interoperability Engine

Frontend Service Bulletin Boards

Trust & Reputation Information Authentication Authority (e.g., IdP) Authorization Information Feedback Trust & Reputation Deciders Authenticity Deciders Audit Guard Log Analysis Service Service Authorization Deciders Syntactic & Semantic Interoperability Engine Entry Point Exit Point Services Engine & Business Intelligence Authenticity Guard Trust & Reputation Guard Authorization Guard Service Provider Selector Audit Guard Service Provider Guard Authenticity Guard Authenticity Deciders Service Request Preparator Lists of Obligations Obligations Business Intelligence

• Service

Providers

• Service

Types

• Services

Dash Board

• Audit Aspects
• Policy Aspects

Syntactic & Semantic Interoperability Engine Service Response Preparator Data Protection Policy Enforcers Obligations Service

Backend Service

Master PEP Master PDP Syntactic & Semantic Interoperability Engine

Frontend Service Bulletin Boards

Trust & Reputation Information Authentication Authority (e.g., IdP) Authorization Information Feedback Trust & Reputation Deciders Authenticity Deciders Audit Guard Log Analysis Service Service Authorization Deciders Syntactic & Semantic Interoperability Engine Entry Point Exit Point Services Engine & Business Intelligence Authenticity Guard Trust & Reputation Guard Authorization Guard Service Provider Selector Audit Guard Service Provider Guard Authenticity Guard Authenticity Deciders Service Request Preparator Lists of Obligations Obligations Business Intelligence

• Service

Providers

• Service

Types

• Services

Dash Board

• Audit Aspects
• Policy Aspects

Syntactic & Semantic Interoperability Engine Service Response Preparator Data Protection Policy Enforcers Obligations Service

Business Process

Backend Service

Master PEP Master PDP Syntactic & Semantic Interoperability Engine

Frontend Service Bulletin Boards

Trust & Reputation Information Authentication Authority (e.g., IdP) Authorization Information Feedback Trust & Reputation Deciders Authenticity Deciders Audit Guard Log Analysis Service Service Authorization Deciders Syntactic & Semantic Interoperability Engine Entry Point Exit Point Services Engine & Business Intelligence Authenticity Guard Trust & Reputation Guard Authorization Guard

2 3 4

Service Provider Selector Audit Guard Service Provider Guard Authenticity Guard Authenticity Deciders

1

Service Request Preparator Lists of Obligations Obligations Business Intelligence

• Service

Providers

• Service

Types

• Services

Dash Board

• Audit Aspects
• Policy Aspects

Syntactic & Semantic Interoperability Engine Service Response Preparator Data Protection Policy Enforcers Obligations Service

Backend Service

Master PEP Master PDP Syntactic & Semantic Interoperability Engine

Frontend Service Bulletin Boards

Trust & Reputation Information Authentication Authority (e.g., IdP) Authorization Information Feedback Trust & Reputation Deciders Authenticity Deciders Audit Guard Log Analysis Service Service Authorization Deciders Syntactic & Semantic Interoperability Engine Entry Point Exit Point Services Engine & Business Intelligence Authenticity Guard Trust & Reputation Guard Authorization Guard

2 3 4

Service Provider Selector Audit Guard Service Provider Guard Authenticity Guard Authenticity Deciders

1

Service Request Preparator Lists of Obligations Obligations Business Intelligence

• Service

Providers

• Service

Types

• Services

Dash Board

• Audit Aspects
• Policy Aspects

Syntactic & Semantic Interoperability Engine Service Response Preparator Data Protection Policy Enforcers Obligations Service

User-centric Use Cases Employability & Healthcare

Healthcare Service Providers

Primary & Secondary Care Providers

Schools Training Institutes Public & Private Employment Services Professional Associations Employability Service Providers Universities Social Security Services Social Network Employability Repositories Patient Associations Healthcare Service Providers

Primary & Secondary Care Providers

Schools Training Institutes Public & Private Employment Services Professional Associations Employability Service Providers Universities Social Security Services Social Network Employability Repositories Patient Associations