PoSecCo: modelling services

for the Future Internet

Antonio Lioy

Politecnico di Torino

<lioy@polito.it>

Amsterdam - July 4-5, 2011

2

Posecco scenario: Future Internet seen

from a Service Provider (SP)

Service Service Service service

application application

application

application

application

system system system

DB DB

network

Se

rvic

e

Pro

vid

er

security reqs

from customers

Su

pp

lier

Su

pp

lier

SP-customers

sec reqs

from mgmt

SP-staff

security reqs

from suppliers

security reqs from

laws and regulations

3

PoSecCo view: services in FI

companies run business processes/services

the interesting ones are the ones implemented using IT resources

SP main goal? reducing costs

infrastructure

re-use existing services

avoid re-implementing a service for each customer

… if the policy allows it

implementation and maintenance

integrated policy refinement using the “policy chain”

… with a higher level of security

PoSecCo aims at supporting SPs with models and tools

4

What to model?

business services (BS) can be implemented by a number of different IT services (i.e., abstract service profiles)

several customers can buy the same BS and every customer may use one or more instances of an IT service

IT service = components + choreography

IT services interact with other IT services or use other IT services as sub-components

every IT service may have different instantiationsusing different physical or virtual resources (running services) and sub-services

running services can execute several components of the same IT service

running services can execute several components from different IT services

SP can outsource (sub-)services, applications, or HW (hosting providers)

5

Main requirements …

6

A quick look at Posecco meta-models

Business meta-model

IT service meta-model

Infrastructure meta-model

Business policy

meta-model

IT policy (access control,

confidentiality, filtering, …)

configurations for policy

enabled security elements

Services Policies

7

A quick look at Posecco meta-models

current service

meta-model

Business meta-model

IT service meta-model

Infrastructure meta-model

Services

8

Service modelling layersIT

la

ye

rIn

fra

stru

ctu

re

9

Some more details: the concepts

institutionsbusiness

service

business

process

customersservice

providers

hosting

providers

IT service

model

business

information

IT service

interface

IT Resource

modelLinks Data

IT serviceIT resourceIT resource

interface

nodeIT resource interfacechannel

physical

node

virtual

node

business services (BS) are structured in processes

terminology from TUe and not in contrast with BPMN

BS are not necessarily the ones implemented using IT technologies

implemented by a number of different IT services (i.e., abstract service

profiles)

business processes (BP) may be structured in hierarchies and may depend on other

BPs

10

Business layer: business services

BP customers

several customers can buy the same BS and every customer may use one or

more instances of an IT service

service providers (SP) and their relationships: SPs buying services from other SPs

hosting providers11

Business layer: institutions

very abstract concepts to be further instantiated and adapted

roles

not the same as the standard “access control role”, described in the IT policy

meta-model

more abstract, associated to company-dependent functions12

Business layer: business info

13

IT layer: the service models

IT service model: abstract definition corresponding to the interface it exposes

IT services interact with other IT services or use them as sub-components

IT service models are described by

components: IT resources (the Applications)

choreography: a link connects a resource to an interface

IT resource is an abstract definition of the component/application

web server, FTP server, Invoice application, EDI, …

every IT service may have different implementations

using different physical or virtual resources (running services) and sub-services

14

IT layer: data

first class entities in the access control meta-model

need to be customized in the model

according to customer and SP needs

used to enumerate all the service models sold by a SP

Crossgate requirement: modern way of managing It services

instead of defining a general service model with configurable parameters

(e.g., communication protocols, web server types) good for academia

e.g., if the SP sells two versions of the “invoicing BS”, one allowing

access to the front end using SFTP and one HTTPS, the catalog will

include two instances of ITServiceProfile

15

Catalog: what an SP sells

every IT service model may be implemented

using different physical or virtual resources (running services) and sub-services

to re-use components and save time and money:…

running services can execute several components of the same IT service

running services can execute several components from different IT services

e.g., web servers running front ends, DBs 16

Infrastructure layer: running services

virtual and physical nodes connected through interfaces

located somewhere (for dependability and risk analysis purposes)

full topology information may be described

according to the required level of details

PoSecCo uses full topology view for the configuration generation

e.g., to configure all the firewalls and VPN terminators in the landscape 17

Infrastructure layer: the landscape

extend concepts in meta-models with a semantically richer tool

use the “inclusion” and “equivalence”features to link the separated ontologies

18

The PoSecCo ontology(ies)

business meta-model

business ontology (?)

IT layer meta-model

IT layer ontology

infrastructure meta-model

infrastructure ontology

meta-models as standard UML class diagrams

from meta-models to models

constrain the model derivation process to avoid integration issues

XML representation in the PoSecCo repository

meta-models

models

instances

…ongoing effort

ontologies represented in OWL

19

Tools and formats

PoSecCo will provide:

meta-models for services in a SP-oriented scenario

layered architecture: business, IT and infrastructure

full details in a document that will come soon

inputs:

test your service description with our model and provide us the missing requirements

e.g., more info on service virtualization

collaboration:

a service modelling working group?

common output:

unified meta-model for Future Internet

… agreed and adopted by all the EffectPlus partners (at least)

20

PoSecCo and EffectPlus

THANK YOU!

EU DisclaimerPoSecCo project (project no. 257129) is partially supported/co-funded by the European

Community/ European Union/EU under the Information and Communication Technologies (ICT)

theme of the 7th Framework Programme for R&D (FP7).

This document does not represent the opinion of the European Community, and the European

Community is not responsible for any use that might be made of its content.

PoSecCo DisclaimerThe information in this document is provided "as is", and no guarantee or warranty is given that

the information is fit for any particular purpose. The above referenced consortium members shall

have no liability for damages of any kind including without limitation direct, special, indirect, or

consequential damages that may result from the use of these materials subject to any liability

which is mandatory due to applicable law.

Disclaimer

22

23

24