posecco cluster meeting
DESCRIPTION
TRANSCRIPT
PoSecCo: modelling services
for the Future Internet
Antonio Lioy
Politecnico di Torino
Amsterdam - July 4-5, 2011
2
Posecco scenario: Future Internet seen
from a Service Provider (SP)
Service Service Service service
application application
application
application
application
system system system
DB DB
network
Se
rvic
e
Pro
vid
er
security reqs
from customers
Su
pp
lier
Su
pp
lier
SP-customers
sec reqs
from mgmt
SP-staff
security reqs
from suppliers
security reqs from
laws and regulations
3
PoSecCo view: services in FI
companies run business processes/services
the interesting ones are the ones implemented using IT resources
SP main goal? reducing costs
infrastructure
re-use existing services
avoid re-implementing a service for each customer
… if the policy allows it
implementation and maintenance
integrated policy refinement using the “policy chain”
… with a higher level of security
PoSecCo aims at supporting SPs with models and tools
4
What to model?
business services (BS) can be implemented by a number of different IT services (i.e., abstract service profiles)
several customers can buy the same BS and every customer may use one or more instances of an IT service
IT service = components + choreography
IT services interact with other IT services or use other IT services as sub-components
every IT service may have different instantiationsusing different physical or virtual resources (running services) and sub-services
running services can execute several components of the same IT service
running services can execute several components from different IT services
SP can outsource (sub-)services, applications, or HW (hosting providers)
5
Main requirements …
6
A quick look at Posecco meta-models
Business meta-model
IT service meta-model
Infrastructure meta-model
Business policy
meta-model
IT policy (access control,
confidentiality, filtering, …)
configurations for policy
enabled security elements
Services Policies
7
A quick look at Posecco meta-models
current service
meta-model
Business meta-model
IT service meta-model
Infrastructure meta-model
Services
8
Service modelling layersIT
la
ye
rIn
fra
stru
ctu
re
9
Some more details: the concepts
institutionsbusiness
service
business
process
customersservice
providers
hosting
providers
IT service
model
business
information
IT service
interface
IT Resource
modelLinks Data
IT serviceIT resourceIT resource
interface
nodeIT resource interfacechannel
physical
node
virtual
node
business services (BS) are structured in processes
terminology from TUe and not in contrast with BPMN
BS are not necessarily the ones implemented using IT technologies
implemented by a number of different IT services (i.e., abstract service
profiles)
business processes (BP) may be structured in hierarchies and may depend on other
BPs
10
Business layer: business services
BP customers
several customers can buy the same BS and every customer may use one or
more instances of an IT service
service providers (SP) and their relationships: SPs buying services from other SPs
hosting providers11
Business layer: institutions
very abstract concepts to be further instantiated and adapted
roles
not the same as the standard “access control role”, described in the IT policy
meta-model
more abstract, associated to company-dependent functions12
Business layer: business info
13
IT layer: the service models
IT service model: abstract definition corresponding to the interface it exposes
IT services interact with other IT services or use them as sub-components
IT service models are described by
components: IT resources (the Applications)
choreography: a link connects a resource to an interface
IT resource is an abstract definition of the component/application
web server, FTP server, Invoice application, EDI, …
every IT service may have different implementations
using different physical or virtual resources (running services) and sub-services
14
IT layer: data
first class entities in the access control meta-model
need to be customized in the model
according to customer and SP needs
used to enumerate all the service models sold by a SP
Crossgate requirement: modern way of managing It services
instead of defining a general service model with configurable parameters
(e.g., communication protocols, web server types) good for academia
e.g., if the SP sells two versions of the “invoicing BS”, one allowing
access to the front end using SFTP and one HTTPS, the catalog will
include two instances of ITServiceProfile
15
Catalog: what an SP sells
every IT service model may be implemented
using different physical or virtual resources (running services) and sub-services
to re-use components and save time and money:…
running services can execute several components of the same IT service
running services can execute several components from different IT services
e.g., web servers running front ends, DBs 16
Infrastructure layer: running services
virtual and physical nodes connected through interfaces
located somewhere (for dependability and risk analysis purposes)
full topology information may be described
according to the required level of details
PoSecCo uses full topology view for the configuration generation
e.g., to configure all the firewalls and VPN terminators in the landscape 17
Infrastructure layer: the landscape
extend concepts in meta-models with a semantically richer tool
use the “inclusion” and “equivalence”features to link the separated ontologies
18
The PoSecCo ontology(ies)
business meta-model
business ontology (?)
IT layer meta-model
IT layer ontology
infrastructure meta-model
infrastructure ontology
meta-models as standard UML class diagrams
from meta-models to models
constrain the model derivation process to avoid integration issues
XML representation in the PoSecCo repository
meta-models
models
instances
…ongoing effort
ontologies represented in OWL
19
Tools and formats
PoSecCo will provide:
meta-models for services in a SP-oriented scenario
layered architecture: business, IT and infrastructure
full details in a document that will come soon
inputs:
test your service description with our model and provide us the missing requirements
e.g., more info on service virtualization
collaboration:
a service modelling working group?
common output:
unified meta-model for Future Internet
… agreed and adopted by all the EffectPlus partners (at least)
20
PoSecCo and EffectPlus
THANK YOU!
EU DisclaimerPoSecCo project (project no. 257129) is partially supported/co-funded by the European
Community/ European Union/EU under the Information and Communication Technologies (ICT)
theme of the 7th Framework Programme for R&D (FP7).
This document does not represent the opinion of the European Community, and the European
Community is not responsible for any use that might be made of its content.
PoSecCo DisclaimerThe information in this document is provided "as is", and no guarantee or warranty is given that
the information is fit for any particular purpose. The above referenced consortium members shall
have no liability for damages of any kind including without limitation direct, special, indirect, or
consequential damages that may result from the use of these materials subject to any liability
which is mandatory due to applicable law.
Disclaimer
22
23
24