security in semantic web services

Security in Semantic Web Services : Role of Security , Authorization , Privacy and Trust in Semantic Web

Nima Dokoohaki

OASIS Adoption ForumLondon 2006

Agenda

• Semantic Web Services; Semantic Web Services; Concept and technologiesConcept and technologies

• Role of Semantic Web Services and current position of it

• Describing the Security Dimensions in the context of Semantic Web Services

• Defining and Describing an adoption model for standards defined in practice

Semantic Web Services

• Intelligent Distributed Systems• Syntactic Vs. Semantic Web Services• Impact of lack of semantics;

– Lack of machine readability prevents their usage in Complex Business Contexts

• Adding rich formal description of Capabilities to Web services, solves this problem allowing them to be consumed and utilized by businesses without human intervention(main goal of bringing semantics to context of web services)

• Semantic Web Services (SWS) eliminates this obstacle by adding Web services ,rich formal descriptions of their capabilities, facilitating automated composition, discovery, dynamic binding, and invocation of services within an open environment

• Requirememt and Prequisite ;– Emergence and evolution of

A semantic execution environment (A real practical presentation of Semantic Web Vision)

Selection

Invocation

Composition

OntologyManagement

Publishing

Deployment

Discovery

ActivitieActivitiess

Register

ReasonerDecomposer Invoker

Matchmaker

ArchitectureArchitecture

Pre-condition

input

Cost

output

Atomic ServicePost-condition

Composite Service

Category

Service OntologyService Ontology

SWSSWS

Agenda

• Semantic Web Services; Concept and technologies

• Role of Semantic Web Services and Role of Semantic Web Services and current position of itcurrent position of it



The main and Original Motivation

• Enhance interoperabilityinteroperability between heterogeneous information systems

• Two majors areas of application:– Enterprise Application Integration (EAI)Enterprise Application Integration (EAI)

Connecting separated systems quickly and at low costs;

– Business to Business (B2B) IntegrationBusiness to Business (B2B) Integration, Reducing costs and Enhancing flexibility of cooperation.

• Efficiency (Cost and Time)– Human interaction between UDDI and web

services , lookup time ;

”Semantics can save time and cost”• Simple maintenance• Promising

Semantics driven solutions;Final Destination,or Next Step?

• Semantic Business Services– Making business web based

• Bringing the Web services and Semantic Web Services to the next level , to Semantic Business Services or Semantic e-Services

• Still a big challenge :– Large Scale IntegrationLarge Scale Integration that consumes

and utilizes multiple web services

– Bringing the businesses to their full potential

• Semantically enriching is a solution toward appropriate large scale integration

Current frameworks for Semantic Web Services and their orientations

• Three Main frameworks for SWS:• IRS-III (The Internet Reasoning Service);

• Knowledge Based • OWL-S (OWL-based Web Service

Ontology) ; • Agent oriented

• WSMF (Web Services Modelling framework) ; • Business oriented• Focusing on a set of

ecommerce/ebusiness requirements for Web Services including ”trust and security”.

Current progress; Focus on WSMX

• WSMXWSMX (Web Services execution environment): – Reference implementation of WSMO.WSMO.

• An execution environment for business application integration, where enhanced web services are integrated for various business applications:

– increase business processes automation in a very flexible manner while providing scalable integration solution

OASIS and Semantic works

• SEE SEE ( Semantic Execution Environment )( Semantic Execution Environment ) technical committee – Guidelines, Justifications and

ImplementationImplementation directions for an execution environment for Semantic Web services (proposed WSMXWSMX).

– SEE is Engineering a standardized globally-recognized architecture of an intelligent distributed system, where semantically-enriched components can be plugged in and executed according to dynamic execution semantics.

• A committee focusing on practical ebusiness applications of SWS

OASIS and Semantic works:Progress and deliverables• A brief intro to their past and ongoing

work:– Infrastractural work for SWS;

Justifications,guidelines and also implementations for semantically-enriched SOA and SWS applications ;

• eHealth,• eBanking,• eGovernment services,• GIS ( Geographical Information Systems )

Agenda



• Describing the Security Dimensions in Describing the Security Dimensions in the context of Semantic Web Servicesthe context of Semantic Web Services


SWS security requirements:Security,Privacy and Trust• Requirements are arising from three kinds of

policies :– Security policies – Privacy policies – Trust-based policies

• Functional:– Semantically described security policies. – Semantically described privacy policies.– Respecting individual client requirements.

• Architectural:– Protocols for publication and description of service

security policies and authentication requirements. – Semantic policy evaluation mechanisms. – Semantically controlled policy enforcement. – Trust-based authentication and authorization.– Communication and logging of security evaluation

results

Role of OASIS in SWS Security• Fact1:OASIS Security works have the following

properties:– ModularityModularity : easier to implement as building block in a

solution– ComposabilityComposability : easier solution engineering and

maintenance• Fact2: OASIS has the history of converging many

industry leading standards• Fact3: OASIS is a globally recognized the scenarios and

usecases library• Fact4: ongoing work for semantics and security driven

efforts is undergoing within OASIS

• Conclusion:

OASIS is where all efforts from different directions should OASIS is where all efforts from different directions should and will merge and makeup tommorow’s Industry and will merge and makeup tommorow’s Industry recognized standards and guidelines for any semantically recognized standards and guidelines for any semantically driven service oriented architecturedriven service oriented architecture

Solution: Semantic Policy Framework• semantically-rich policy representations

– Human error reduction, – Simplification of policy analysis, – policy conflicts reduction,– Interoperability facilitation

• The adoption of a policy grounded-approach for controlling a system requires an appropriate policy representation and the design and development of a policy management framework, realizing the need for a Semantic Policy Framework

• Policies will be increasingly important to the real world implementation of Semantic Web Services

• Policy ontology is an enabler for Semantic policy framework

adoption of policy Ontologies :pros

– Ontology simplifies the task of governing the behavior of complex ,Increasingly dynamic, multi -disciplinary business environments .

– Adaptation with several kinds of business and workflow contexts

– High-level management requirements

– Simplification in many aspects of policy engineering such as policy description, analysis and access

adoption of policy Ontologies :cons

• the adoption of Ontologies for policy specification requires addressing some technical difficulties in presentation and implementation;

– Semantic web languages used for ontology representation still present a complex description making the code very difficult to read

– The gap between the specification and the implementation of policies cannot be completely overcome in an automated manner.

Agenda




• Defining and Describing an adoption Defining and Describing an adoption model for standards defined in model for standards defined in practicepractice

Semantic Web Semantic Web ServicesServices

Semantic Semantic Execution Execution

EnvironmentEnvironmenteGovernments,eGovernments,

Businesses,Businesses,CitizensCitizens

OASIS Security OASIS Security StandardsStandards

OASIS OASIS Web Services Web Services

WorksWorks

OASIS OASIS Semantics Semantics

EffortEffort

Semantic Requirements

Requester’sAuthorization

information

ServiceRequester

Distributed Registry(UDDI /

ebXML RR)

ServiceServiceDiscoveryDiscovery

DistibutedOntology Repository

Policy Ontology

Domain Ontology Trust

Negotiator

TrustTrustWarehouseWarehouse

Distributed Trust(Web of Trust)

SemanticWeb Service

Service sends requester’s authorization info

to requester

TrustNegotiation

Service InvocationService Invocation

Authorization Manager

SemanticExecution

Environment

Remaining issues:policy framework obstacles

• Approaches toward a common global semantic policy framework have generated divergent solutions ;– best suited for particular ranges of

applications

– discourage a common approach for all situations

• it is still not clear ”why a common approach should succeed for policy specification,presentation and deployment”.– Clearly stating the need for

standardization and convergence efforts

Remaining issues: semantic efforts

• Immaturity of the most important of dimensions of SWS

• Immaturity of essential standards supporting semantic web and semantic web services

• The importance and efficiency of Semantical-enrichment has not yet realized by many industries and businesses

• Most important, semantic efforts are progressing and are shaping but still semantic web services security research and development needs more attention and investment from academia and industry .

Role of OASIS : Creating the ”Concrete” for the road construction

• Standardization of a common service execution environment, sets a great starting point for the implementation, deployment and most important ,convergence of ongoing, existing and future semantic works.

• Liaisons with related standardizations and industrial consortia

• “Clearly, the time to forge a common framework based on Semantic interoperability standards and e-Business web services standards is now.”

Patrick Gannon,CEO and President, OASIS – Book foreword

Q&A

• Question and answer–Frågar och svara

• question et réponse– پاسخ وپرسش

»问题和解答

Thanks!

• Thank you for participating

Contact Details

Nima Dokoohaki

Solution ArchitectM.Sc in Software Engineering ofDistributed SystemsStockholmSwedenMobile:+46762697630Email:[email protected]:nimakth