Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Token–based Dynamic Trust Establishment for Web Services Zhengping Wu and Alfred C. Weaver Department of Computer Science University of Virginia March.

Published byMorgan Dixon Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Token–based Dynamic Trust Establishment for Web Services Zhengping Wu and Alfred C. Weaver Department of Computer Science University of Virginia March."— Presentation transcript:

1 1 Token–based Dynamic Trust Establishment for Web Services Zhengping Wu and Alfred C. Weaver Department of Computer Science University of Virginia March 2005

2 2 Outline Motivation and Contributions State of the Art Trust Primitive and Selective Disclosure Trust Group and Dynamic Validation Token-based Solution for Web Service Trust Establishment Conclusion and Future Work

3 3 Motivation - 1 Step 1: A consumer requests enrollment service from a bank Step 2: The bank discloses its policy P to the consumer Step 4: The bank grants access to the enrollment service Step 3: The consumer discloses her driver’s license to the bank Bank Enrollment Service Consumer

4 4 Motivation - 2 Need for trust relationships in web services environment Need for security and privacy protection for sensitive information Need for better mechanisms to address information leakage in trust establishment processes Need for dynamic capability to keep track of changes in trust relationships

5 5 Contributions The proposed trust establishment mechanism fully protects the requester’s privacy. The proposed trust establishment mechanism is capable of disclosing private attributes selectively. The proposed trust establishment mechanism allows the established trust relationship to be updated by following the changes of the service provider’s policy.

6 6 Motivation and Contributions State of the Art Trust Primitive and Selective Disclosure Trust Group and Dynamic Validation Token-based Solution for Web Service Trust Establishment Conclusion and Future Work

7 7 State of the Art Identity-based trust establishment mechanisms (common in e-commerce) Role-based trust establishment mechanisms Group-based trust establishment mechanisms

8 8 Motivation and Contributions State of the Art Trust Primitive and Selective Disclosure Trust Group and Dynamic Validation Token-based Solution for Web Service Trust Establishment Conclusion and Future Work

9 9 Selective Disclosure Causes of information leakage in real life trust establishment A credential may not be used for its intended purpose A pre-packaged credential may reveal more information than is necessary Selective Disclosure Use of available pre-packaged credentials Control of information disclosure with credential holder’s will Trust primitive

10 10 Trust Primitive Attributes: Attribute 1 (name) Attribute 2 (ID number) Attribute 3 (gender) Attribute 4 (student/faculty/ staff status) Attribute 5 (address) Attribute 6 (token expiration) Attribute 7 (token issuer) Trust primitive 1 (electronic library access) Trust primitive 2 (library checkout) Trust primitive 3 (dorm floor entrance)

11 11 Trust Primitive Service provider’s security domain Requester’s security domain 10 9 8 7 6 53 2 1 Requester Service Provider Security Token Service Attribute Service Security Token Service 4 Workflow of Negotiation Using Trust Primitives

12 12 Motivation and Contributions State of the Art Trust Primitive and Selective Disclosure Trust Group and Dynamic Validation Token-based Solution for Web Service Trust Establishment Conclusion and Future Work

13 13 Dynamic Validation Representation of the established trust relationship Trust group element in security token Requirement of trust group element in policy Same policy with same trust group name Dynamic validation Change of policy indicates new trust relationship Change of policy requires revalidation of trust group element

14 14 Trust Group Banking Customers share the same set of requirements in policy 1. Mortgage Customers share the same set of requirements in policy 2.

15 15 Motivation and Contributions State of the Art Trust Primitive and Selective Disclosure Trust Group and Dynamic Validation Token-based Solution for Web Service Trust Establishment Conclusion and Future Work

16 16 dynamic trust (trust group) request Security Token Service Negotiation Engine Web Service Provider Web Service Requester Security Token Service Negotiation Engine Attribute Service Architecture of the Solution

17 17 Motivation and Contributions State of the Art Trust Primitive and Selective Disclosure Trust Group and Dynamic Validation Token-based Solution for Web Service Trust Establishment Conclusion and Future Work

18 18 Conclusion The proposed trust establishment mechanism allows the requestor to control what attributes are disclosed to the service provider avoids disclosing more than is necessary which may happen with pre-packaged credentials dynamically negotiates new credentials as necessary to follow changes in policy

19 19 Future work Extension of trust primitive and trust group mechanisms to allow privacy control during delegation to allow privacy protection during delegation

20 20 The End Questions?

Download ppt "1 Token–based Dynamic Trust Establishment for Web Services Zhengping Wu and Alfred C. Weaver Department of Computer Science University of Virginia March."

Similar presentations

QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED.

QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
Trust Management of Services in Cloud Environments:

Trust Management of Services in Cloud Environments:
Directory and Trust Services (D&TS) Define an Abstract Model Purpose: Document a common terminology that the group can use between the various tracks Identify.

Directory and Trust Services (D&TS) Define an Abstract Model Purpose: Document a common terminology that the group can use between the various tracks Identify.
Automatic Trust Negotiation 1Dennis Kafura – CS5204 – Operating Systems.

Automatic Trust Negotiation 1Dennis Kafura – CS5204 – Operating Systems.
HRMS 8.9 Upgrade Person Model. Introduction One of the significant changes to HRMS with the upgrade to 8.9 is the new Person Model. This course provides.

HRMS 8.9 Upgrade Person Model. Introduction One of the significant changes to HRMS with the upgrade to 8.9 is the new Person Model. This course provides.
CSE300-1 Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The.

CSE300-1 Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The.
1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, 2013 © Ravi Sandhu World-Leading Research.

1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.

Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.
Securing the Broker Pattern Patrick Morrison 12/08/2005.

Securing the Broker Pattern Patrick Morrison 12/08/2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.

 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.

Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
1 Clark Wilson Implementation Shilpa Venkataramana.

1 Clark Wilson Implementation Shilpa Venkataramana.

Similar presentations

Ads by Google