1 Token–based Dynamic Trust Establishment for Web Services Zhengping Wu and Alfred C. Weaver Department of Computer Science University of Virginia March.

Slides:



Advertisements
Similar presentations
QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED.
Advertisements

GT 4 Security Goals & Plans Sam Meder
Trust Management of Services in Cloud Environments:
Directory and Trust Services (D&TS) Define an Abstract Model Purpose: Document a common terminology that the group can use between the various tracks Identify.
Automatic Trust Negotiation 1Dennis Kafura – CS5204 – Operating Systems.
HRMS 8.9 Upgrade Person Model. Introduction One of the significant changes to HRMS with the upgrade to 8.9 is the new Person Model. This course provides.
CSE300-1 Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The.
1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.
Securing the Broker Pattern Patrick Morrison 12/08/2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Using Digital Credentials On The World-Wide Web M. Winslett.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
1 Clark Wilson Implementation Shilpa Venkataramana.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Enterprise Portal Authentication: who are you? Authorization: what are you permitted to do? Personalization: the web pages you see are dynamically created.
Elisa Bertino Dept. of Computer Science University of Milano Page 1 Author-X Secure and selective access and flexible distribution mechanisms for XML documents.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Information Privacy Policy in Canada Presented By: Sue Wu.
United States Department of Justice The goal : Enable justice information sharing and protect privacy.
Cloud Computing Cloud Security– an overview Keke Chen.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, October 2002 Marco Casassa Mont Richard.
Adaptive Trust Negotiation and Access Control Tatyana Ryutov, et.al. Presented by: Carlos Caicedo.
TRUST NEGOTIATION IN ONLINE BUSINESS TRANSACTIONS BY CHANDRAKANTH REDDY.
Hao Wang Computer Sciences Department University of Wisconsin-Madison Security in Condor.
1 Dynamic Context-Aware Access Control for Protecting Medical Records Junzhe Hu July 26, 2004 Master's Project Presentation.
Privacy provision in e-learning standardized systems: status and improvements 指導教授:溫嘉榮教授 暑資碩三:吳清淵 M
Semantic Web and Policy Workshop Panel Contribution Norman M. Sadeh School of Computer Science Carnegie Mellon University Director, e-Supply Chain Management.
A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.
RADIUS Crypto-Agility Requirements November 18, 2008 David B. Nelson IETF 73 Minneapolis.
17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.
Global Name Registry Proposal to Modify Appendix O: WHOIS Data Access.
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko.
A security framework combining access control and trust management for mobile e-commerce applications Gregor v.Bochmann, Zhen Zhang, Carlisle Adams School.
Security Protection on Trust Delegated Medical Data in Public Mobile Networks Dasun Weerasinghe, Muttukrishnan Rajarajan and Veselin Rakocevic Mobile Networks.
22/01/2004Daniel Olmedilla1 INTEGRATING PROLOG IN TRUST NEGOTIATION Software Project / Summer Semester /04/2004 Daniel Olmedilla L3S / University.
Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Automatic Trust Negotiation Rajesh Gangam
M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proc. of the 17 th Symposium on Security and Privacy, pages IEEE Computer.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Hidden Access Control Policies with Hidden Credentials Keith Frikken, Mikhail Atallah, Jiangtao Li CERIAS and Department of Computer Sciences Purdue University.
Web Services Security Patterns Alex Mackman CM Group Ltd
X.509 Proxy Certificates for Dynamic Delegation Ian Foster, Jarek Gawor, Carl Kesselman, Sam Meder, Olle Mulmo, Laura Perlman, Frank Siebenlist, Steven.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
© Drexel University Software Engineering Research Group (SERG) 1 The OASIS SOA Reference Model Brian Mitchell.
Policy-Based Dynamic Negotiation for Grid Services Authorization Ionut Constandache, Daniel Olmedilla, Wolfgang Nejdl Semantic Web Policy Workshop, ISWC’05.
“A presence based multimedia call screening service” Egil C. Østhus, now with TANDBERG Lill Kristiansen, Dept of Telematics, NTNU.
Functioning as a Business Associate Under HIPAA William F. Tulloch Director, PCBA March 9, 2004.
SharePoint and Active Directory Update March 18, 2010.
Tracking electronic resources acquisitions: Using a helpdesk system to succeed where your ERMS failed Charleston Conference 2009 Xan Arch Electronic Resources.
Understanding Privacy An Overview of our Responsibilities.
Access Policy - Federation March 23, 2016
Trust Profiling for Adaptive Trust Negotiation
Al-Ahli Commercial Bank
Cloud Security– an overview Keke Chen
Kent Seamons Brigham Young University Marianne Winslett, Ting Yu
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
The New Virtual Organization Membership Service (VOMS)
Laws for Secure Credentialing
Protecting Privacy During On-line Trust Negotiation
Presentation transcript:

1 Token–based Dynamic Trust Establishment for Web Services Zhengping Wu and Alfred C. Weaver Department of Computer Science University of Virginia March 2005

2 Outline Motivation and Contributions State of the Art Trust Primitive and Selective Disclosure Trust Group and Dynamic Validation Token-based Solution for Web Service Trust Establishment Conclusion and Future Work

3 Motivation - 1 Step 1: A consumer requests enrollment service from a bank Step 2: The bank discloses its policy P to the consumer Step 4: The bank grants access to the enrollment service Step 3: The consumer discloses her driver’s license to the bank Bank Enrollment Service Consumer

4 Motivation - 2 Need for trust relationships in web services environment Need for security and privacy protection for sensitive information Need for better mechanisms to address information leakage in trust establishment processes Need for dynamic capability to keep track of changes in trust relationships

5 Contributions The proposed trust establishment mechanism fully protects the requester’s privacy. The proposed trust establishment mechanism is capable of disclosing private attributes selectively. The proposed trust establishment mechanism allows the established trust relationship to be updated by following the changes of the service provider’s policy.

6 Motivation and Contributions State of the Art Trust Primitive and Selective Disclosure Trust Group and Dynamic Validation Token-based Solution for Web Service Trust Establishment Conclusion and Future Work

7 State of the Art Identity-based trust establishment mechanisms (common in e-commerce) Role-based trust establishment mechanisms Group-based trust establishment mechanisms

8 Motivation and Contributions State of the Art Trust Primitive and Selective Disclosure Trust Group and Dynamic Validation Token-based Solution for Web Service Trust Establishment Conclusion and Future Work

9 Selective Disclosure Causes of information leakage in real life trust establishment A credential may not be used for its intended purpose A pre-packaged credential may reveal more information than is necessary Selective Disclosure Use of available pre-packaged credentials Control of information disclosure with credential holder’s will Trust primitive

10 Trust Primitive Attributes: Attribute 1 (name) Attribute 2 (ID number) Attribute 3 (gender) Attribute 4 (student/faculty/ staff status) Attribute 5 (address) Attribute 6 (token expiration) Attribute 7 (token issuer) Trust primitive 1 (electronic library access) Trust primitive 2 (library checkout) Trust primitive 3 (dorm floor entrance)

11 Trust Primitive Service provider’s security domain Requester’s security domain Requester Service Provider Security Token Service Attribute Service Security Token Service 4 Workflow of Negotiation Using Trust Primitives

12 Motivation and Contributions State of the Art Trust Primitive and Selective Disclosure Trust Group and Dynamic Validation Token-based Solution for Web Service Trust Establishment Conclusion and Future Work

13 Dynamic Validation Representation of the established trust relationship Trust group element in security token Requirement of trust group element in policy Same policy with same trust group name Dynamic validation Change of policy indicates new trust relationship Change of policy requires revalidation of trust group element

14 Trust Group Banking Customers share the same set of requirements in policy 1. Mortgage Customers share the same set of requirements in policy 2.

15 Motivation and Contributions State of the Art Trust Primitive and Selective Disclosure Trust Group and Dynamic Validation Token-based Solution for Web Service Trust Establishment Conclusion and Future Work

16 dynamic trust (trust group) request Security Token Service Negotiation Engine Web Service Provider Web Service Requester Security Token Service Negotiation Engine Attribute Service Architecture of the Solution

17 Motivation and Contributions State of the Art Trust Primitive and Selective Disclosure Trust Group and Dynamic Validation Token-based Solution for Web Service Trust Establishment Conclusion and Future Work

18 Conclusion The proposed trust establishment mechanism allows the requestor to control what attributes are disclosed to the service provider avoids disclosing more than is necessary which may happen with pre-packaged credentials dynamically negotiates new credentials as necessary to follow changes in policy

19 Future work Extension of trust primitive and trust group mechanisms to allow privacy control during delegation to allow privacy protection during delegation

20 The End Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.