An Analysis of Trust Requirements and Design Choices for Trust Management in Web Services Based Service Oriented Architectures Bienvenida Pagdanganan Supervisor: Prof Vijay Varadharajan 10/29/20151Bienvenida Pagdanganan

Main Problem 22 With Web Services: Who the requestors are Who the providers are What credential is being requested What specific services are being requested Who is trustable Who is not How are they trusted 10/29/2015Bienvenida Pagdanganan

Main Problem 33 BPAY Scenario: Alice pays electricity bill through BPAY Alice logs in to her Internet Banking system using Username AND Password Alice enters her electricity account number and other identity information Alice’s bank and electricity provider has some agreement that facilitates the service Alice trusts that the service has been completed in her behalf by the bank 10/29/2015Bienvenida Pagdanganan

Main Problem 44 Authentication in Web services: M echanism by which clients and service providers prove to one another that they are acting on behalf of specific users or systems Client usually presents identifier Service provider verifies client’s claimed identity 10/29/2015Bienvenida Pagdanganan Authorization Allow only authenticated service identities to access resources, such as hosts, files, Web pages, components, and database entries, to name a few

Aim 55 To address the trust requirements needed to use or provide a Web service through studies about trust model and language trust policy language trust management systems federation and trust in relation to trust management 10/29/2015Bienvenida Pagdanganan

Significant Achievements 66 This study provides the following: A framework for a hybrid trust model incorporating hard trust and soft trust, and the attributes in hard trust and soft trust A methodology by example for evaluating reputation-based soft trust attribute A methodology by example for incorporating soft trust attributes in a service policy A federation and trust scenario in Web services incorporating soft trust body, Reputation Authority, and soft trust attributes 10/29/2015Bienvenida Pagdanganan

Roadmap to achievements: Project Scope Studies on Web Services Trust Model Trust Policy for Web Services Trust Management in Web Services Based SOA Federation and Trust in Web Services 7710/29/2015Bienvenida Pagdanganan

What is.... Web service self- contained software module available via a network, such as the Internet completes tasks, solves problems, or conducts transactions service on behalf of a user or application Service Oriented Architecture a logical way of designing a software system provide services either to end-user applications or to other services distributed in a network use published and discoverable interfaces 8810/29/2015Bienvenida Pagdanganan

Roadmap – Web Services Trust Model Studies on Hoffman, Lawson-Jenkins et al Lin and Varadharajan 2007 Web Services Security Plan and Roadmap (2002) WS-Trust 9910/29/2015Bienvenida Pagdanganan

Roadmap – Web Services Trust Model Hoffman, Lawson-Jenkins et al Develop improved trust model and related metrics for distributed computer-based systems Incorporate security, privacy, safety, usability, reliability, and availability factors into trust vector Incorporate factors such as verification techniques, user knowledge, user experience, and trust propagation in their model Define ‘expectation’ - experience with an application or service, and the reputation of the vendor providing the service or product (we discuss as soft trust attributes) Consider metrics (we discuss as trust attributes) 10 10/29/2015Bienvenida Pagdanganan

Roadmap – Web Services Trust Model Lin and Varadharajan 2007 Propose a hybrid trust model for enhancing security in distributed systems by combining hard and soft trust relationships and associated operations Consider soft trust decision making, based on behaviour and evidence and the specified thresholds for these opinion-based soft trust requirements Our paper similarly discusses hard and soft trust attributes and trust relationships, we consider Web services rather than mobile agent system 11 10/29/2015Bienvenida Pagdanganan

Roadmap – Web Services Trust Model IBM and Microsoft End to End Security Web Service – require incoming message prove a set of claims (referred to as policy) Requester – send messages with proof of required claims (security tokens) with the messages. Messages demand specific action Messages prove their sender has claim to demand the action Requester can obtain claim through the Security Token Services (STS broker trust by issuing security tokens) 12 10/29/2015Bienvenida Pagdanganan

Roadmap – Web Services Trust Model WS- Trust TRUST – represented through exchange and brokering of security tokens Specifications to enable application to construct trusted SOAP message exchange Web Services trust specification for Requesting and obtaining security tokens Managing trusts and establishing relationships Establishing and assessing trust relationships 13 10/29/2015Bienvenida Pagdanganan

Roadmap – Web Services Trust Model WS- Trust : managing trusts and establishing and assessing trust relationships Verify that claims in token are sufficient to comply with policy and that message conforms to policy Verify that attributes of claimant are proven by signatures, claims are either proven or not based on policy Verify that issuers of security tokens (including all related and issuing security token) are trusted to issue claims they have made 14 10/29/2015Bienvenida Pagdanganan

Roadmap – Web Services Trust Model WS-Trust - Trust relationships can be: Direct trust - relying party accepts as true all (or some subset of) the claims in token sent by the requestor Requester Web service Brokered trust, a trust proxy (second party) – read policy information and request appropriate security tokens from an issuer of security tokens, thus vouching for a third party Security Token Service Requester Web service 15 10/29/2015Bienvenida Pagdanganan

Roadmap – Trust Policy for Web Services Studies on Vuong, Smith et al Nagarajan, Varadharajan et al WS-Policy 16 10/29/2015Bienvenida Pagdanganan

Roadmap – Trust Policy for Web Services Vuong, Smith et al Discuss practical concepts employed in enterprise environment for managing security policies Use eXtensible Markup Language (XML) Design specification for security policy use structured language model (XML), separate semantics API, and standardized policy schema model to represent and implement security policies. We consider their methodology in our study to develop a methodology by example for incorporating soft trust attributes in a service policy 17 10/29/2015Bienvenida Pagdanganan

Roadmap – Trust Policy for Web Services Nagarajan, Varadharajan et al Propose a 3-level granularity model with levels, high, mid and low properties for authorization credentials for trusted platform Present methodology for capturing requirements through compositions and Component Property Certificate We adapt their methodology as a way in establishing our work to develop a methodology by example for evaluating reputation-based soft trust attributes 18 10/29/2015Bienvenida Pagdanganan

Roadmap – Trust Policy for Web Services 19 10/29/2015Bienvenida Pagdanganan (01) <wsp:Policy xmlns:sp=" xmlns:wsp=" > (02) (03) (04) (05) (06) An example of a security policy WS-Policy An XML Infoset called a policy expression that contains domain-specific, Web Service policy information Core set of constructs to indicate how choices and/or combinations of domain specific policy assertions apply in Web services environment

Roadmap – Trust Management in Web Services Based SOA Studies on: The PolicyMaker Trust Management System (Blaze, Feigenbaum et al. 1996) REFEREE: Trust Management for Web Applications (Chu, Feigenbaum et al. 1997) The KeyNote Trust Management System(Blaze, Feigenbaum et al. 1999) Then……. Our Approach Incorporating Hybrid Trust Attributes in Policy 20 10/29/2015Bienvenida Pagdanganan

Roadmap – Trust Management in Web Services Based SOA The PolicyMaker Trust Management System (Blaze, Feigenbaum et al. 1996) Interface that separates generic mechanisms from application-specific policy Return simple yes/no answer or additional restrictions that would make the proposed action acceptable Our interest is language structure Way policy is written through queries of the form: key1,key2,...keyn Requests ActionString Source ASSERTS AuthorityStruct WHERE Filter 21 10/29/2015Bienvenida Pagdanganan

Roadmap – Trust Management in Web Services Based SOA REFEREE: Trust Management for Web Applications (Chu, Feigenbaum et al. 1997) Rule-controlled Environment for Evaluation of Rules, and Everything Else Provides both general policy-evaluation mechanism and language for specifying policies Return value when asking for authorization Yes, the action may be taken because sufficient credentials exist for the action to be approved” “No, the action may not be taken because sufficient credentials exist to deny the action” “The trust management system was unable to find sufficient credentials to approve or to deny the requested action” 22 10/29/2015Bienvenida Pagdanganan

Roadmap – Trust Management in Web Services Based SOA The KeyNote Trust Management System (Blaze, Feigenbaum et al. 1999) Language describing policy and credential assertion, structures of action descriptions and model of computation Evaluates policy through a policy compliance value (PCV) PCV advises application how to process the requested action. In simplest case, the compliance value is Boolean (e.g., reject or approve) 23 10/29/2015Bienvenida Pagdanganan

Roadmap – Trust Management in Web Services Based SOA The KeyNote Trust Management System (Blaze, Feigenbaum et al. 1999) == 0 -> “full_access”; # clause “user_access”;#clause “guest_access”;#clause (3) user_name == “root” -> “full_access”;#clause (4) Given “user_id” is “1073” and the “user_name” attribute is “root”, possible compliance value set would contain the following: “guest_access” (by clause (3)) and “full_access” (by clause (4)) 24 10/29/2015Bienvenida Pagdanganan

Roadmap – Trust Management in Web Services Based SOA Our Approach A framework for trust management A hybrid trust model for managing trust incorporating hard trust and soft trust 25 10/29/2015Bienvenida Pagdanganan

Our Approach – Trust Management in Web Services Based SOA Hybrid Trust Composition Trust relationships based on exchange and brokering of hard trust attributes and on support of soft trust attributes established by corresponding security authorities 26 10/29/2015Bienvenida Pagdanganan

Our Approach – Trust Management in Web Services Based SOA Hard Trust Composition “strong security” mechanisms Result is a binary decision- trusted or not 27 10/29/2015Bienvenida Pagdanganan

Our Approach – Trust Management in Web Services Based SOA Soft Trust Composition “soft computational” approach, a method of evaluation of soft trust attributes developed by illustration through a hypothetical example 28 10/29/2015Bienvenida Pagdanganan

10/29/2015Bienvenida Pagdanganan29 Hypothetical Example: A Web service provided by ABC company for purchasing shares of stocks - Must be citizens of its country only - May have loyalty cards with the company - Have transactions above a threshold amount $D - Have reference from company staff Company Assertions: Is_Citizen = ‘Y’#clause (1) has_LoyaltyCard = ‘Y’#clause (2) has_No_LoyaltyCard = ‘Y’#clause (3) has_Transaction_Threshold > $D = ‘Y’#clause (4) has_Reference_From_Staff = ‘Y’#clause (5) Our Approach – Trust Management in Web Services Based SOA

10/29/2015Bienvenida Pagdanganan30 Hypothetical Example cont.: Company has set to true (‘Y’) only the following composition Order of assertion: ascending, highest to lowest All other combinations are not acceptable. (1) {“Is_Citizen”, “has_LoyaltyCard”, “has_Transaction_Threshold > $D”, “has_Reference_From_Staff”}, (2) {“Is_Citizen”, “has_LoyaltyCard”, “has_Transaction_Threshold > $D”}, (3) {“Is_Citizen”, “has_LoyaltyCard”, “has_Reference_From_Staff ”}, (4) {“Is_Citizen”, “has_No_LoyaltyCard”, “has_Transaction_Threshold > $D”}, (5) {“Is_Citizen”, “has_No_LoyaltyCard”, “has_Reference_From_Staff ”} Our Approach – Trust Management in Web Services Based SOA

10/29/2015Bienvenida Pagdanganan31 Hypothetical Example cont.: Evaluation of assertions A decision response (Y or N) for reputation will be delivered for compositions (1) through (5). Each composition has weight value corresponding to reputation of requestor of Web service Notation use to indicate weight value where weight value is a function of composition; R1 = W(C1) = Extremely high reputation R2 = W(C2) = Strongly high reputation R3 = W(C3) = Very high reputation R4 = W(C4) = Moderately high reputation R5 = W(C5) = High reputation Reputation weight value is referred to as ‘Reputation Token’ Our Approach – Trust Management in Web Services Based SOA

10/29/2015Bienvenida Pagdanganan32 Our Approach – Trust Management in Web Services Based SOA Reputation Authority Soft trust authority body The Reputation Authority can then validate the Reputation Rating of the user for a given role or capability as Identity based attributes for the user.

10/29/2015Bienvenida Pagdanganan33 Incorporating Hybrid Trust Attributes in Policy Our Approach – Trust Management in Web Services Based SOA (01) <wsp:Policy wsu:Id=”tokens” xmlns:wsse=" xmlns:wsp=" > (02) (03) (04) (05) wsse:ReputationToken (06) (07) (08) wsse:LoyaltyCardNumber (09) (10) (11) wsse:UsernameToken (12) (13) (14) (15) (16) wsse:ReputationToken (17) (18) (19) (20) (21) (22) wsse:UsernameToken (23) (24) (25) (26)

10/29/2015Bienvenida Pagdanganan34 Mechanism to federate across trusted authorities incorporating Reputation Authorities Our Approach – Federation and Trust in Web Service

10/29/2015Bienvenida Pagdanganan35 1. ABC Company issued Alice a Kerberos security token and a reputation token. 2. Currency service’s policy only accepts security and reputation tokens issued by its own security token service and reputation authority. 3. We assume the administrators at ABC Company and Business456 have exchanged public key certificates and reputation tokens in order to federate security. 4. We further assume that Alice only supports symmetric key technology. 5. Based on the Currency Web service policy, Alice needs to acquire a security token and a reputation token that can be used to access the security token service and the reputation authority at Business Alice first contacts her security token service and reputation authority that is intended for the Business456 security token service and reputation authority. 7. Using the security and reputation token intended for the Business456 security token service and reputation authority, Alice requests security and reputation token for the Currency service. 8. The Business456 security token service provides Alice security token for the Currency service, and reputation token required by the Currency service policy. 9. Using the security and reputation token intended for the Currency service and the associated symmetric key, Alice makes the requests to the Currency service. Our Approach – Federation and Trust in Web Service

10/29/2015Bienvenida Pagdanganan36 Future Work Suggested Work: Development of a trust management system incorporating reputation- based token in its language for policy formulation Study to consider the formal institution of Reputation Authority In our approach to evaluate reputation using weighted values, further work may adapt such methodology and compare and contrast with some existing models Concept of quality trust can be further studied