Upload
zaria-leap
View
215
Download
1
Embed Size (px)
Citation preview
Seminar:Solutions and
Infrastructure to ensure
Trust in E-Commerce
Marco Casassa [email protected]
Trusted E-Services LaboratoryHewlett-Packard Laboratories,
Bristol, UKwww.hpl.hp.com
Presentation Outline
1. Overview of Concepts and basic Infrastructure: - Access Control - PKI & Trust - Policy and Policy Management
2. Solutions and Infrastructure to underpin Trust in E-Commerce: - PASTELS (HPL Bristol): Trust & Authorization Management in B2B
3. Moving Towards the Future - Trust Services eco-system … creating a Safety Net for E-Commerce
Terminology• Access Control: controllo di accessoAccess Control: controllo di accesso
• Role: ruoloRole: ruolo
• Authorization: autorizzazioneAuthorization: autorizzazione
• Authentication: identificazioneAuthentication: identificazione
• Policy: politiche, regole, condizioniPolicy: politiche, regole, condizioni
• PKI: Public Key InfrastructurePKI: Public Key Infrastructure (infrastr. di crittografia pubblica)(infrastr. di crittografia pubblica)
• Trust: fiducia, …Trust: fiducia, …
• Certificate, Credential: certificato, credenzialeCertificate, Credential: certificato, credenziale
PART 1
Overview of Concepts and
Basic Infrastructure
Access ControlOverview
Access Control
• Defines what a user can do on a resource
• Limits the operations that a user of a system can do
• It is enforced by a Reference Monitor which mediates every attempted access by a user to objects in the system
Access Control Lists
User 1User 1
User 2User 2
User 3User 3
User nUser n
Resource 1Resource 1 Resource 2Resource 2 Resource 3Resource 3 Resource KResource K
R, W, ER, W, E
RR
R, WR, W
EE
Access Control ListAccess Control List
• Complexity in administering large number of users
Role Based Access Control (RBAC)
• Role (General) : set of actions and responsabilities associated with a particular activity
• Definition of Roles in the system (administrator, engineer, project manager, etc.) • Role: contains authorizations on objects
• Users are assigned to roles
• Simple RBAC model = Group-based ACL (Windows NT access control, …)
Role Based Access Control (RBAC)
User 1User 1
Resource 1:Resource 1: Document XYZDocument XYZUser 2User 2
User 3User 3
Rights 1:Rights 1: - read- read - write- write
Rights 2:Rights 2: - read- read
Role 1: ManagerRole 1: Manager
Role 2: EmployeeRole 2: Employee
Public Key Infrastructure (PKI)
and Trust
Outline
• Basic Problem: Confidence and Trust
• Background: Cryptography, Digital Signature, Digital Certificates
• (X509) Public Key Infrastructure (PKI)
Basic Problem
IntranetIntranetExtranetExtranetInternetInternet
AliceAliceBobBob
Bob and Alice want to exchange data in a digital world.
There are Confidence and Trust Issues …
Confidence and Trust Issues• In the Identity of an Individual or Application
AUTHENTICATION
• That the information will be kept Private
CONFIDENTIALITY
• That information cannot be Manipulated
INTEGRITY
• That information cannot be Disowned
NON-REPUDIATION
IntranetIntranetExtranetExtranetInternetInternet
AliceAliceBobBob
Starting Point: Cryptography
Cryptography
It is the science of making the cost of acquiring or altering data greater than the potential value gained
PlaintextPlaintext EncryptionEncryption DecryptionDecryption PlaintextPlaintextCiphertextCiphertext
KeyKey KeyKeyHello WorldHello World &$*£(“!273&$*£(“!273 Hello WorldHello World
Cryptographic AlgorithmsAll cryptosystems are based only on three Cryptographic Algorithms:
• MESSAGE DIGEST (MD2-4-5, SHA, SHA-1, …)
• SECRET KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …)
• PUBLIC KEY (DSA, RSA, …)
Maps variable length plaintext into fixed length ciphertextNo key usage, computationally infeasible to recover the plaintext
Encrypt and decrypt messages by using the same Secret Key
Encrypt and decrypt messages by using two different Keys: Public Key, Private Key (coupled together)
PlaintextPlaintext EncryptionEncryption DecryptionDecryption PlaintextPlaintextCiphertextCiphertext
KeyKey KeyKey
Digital Signature
A Digital Signature is a data item that vouches the origin and the integrity of a Message
IntranetIntranetExtranetExtranetInternetInternet
AliceAliceBobBob
CERTIFICATE
Digital Identity Certificate
Issuer
Subject
IssuerDigitalSignature
Subject Public Key
Digital Certificate
• How are Digital Certificates Issued?
• Who is issuing them?
• Why should I Trust the Certificate Issuer?
• How can I check if a Certificate is valid?
• How can I revoke a Certificate?
• Who is revoking Certificates?
Problems
Moving towards PKI …
Public Key Infrastructure (PKI)
•A Public Key Infrastructure is an Infrastructure
to support and manage Public Key-based
Digital Certificates
• Potentially it is a complex distributed Infrastructure over the Internet
Public Key Infrastructure (PKI)
Focus on: on:
• X509 PKIX509 PKI
• X509 Digital CertificatesX509 Digital Certificates
Standards defined by IETF, PKIX WG: Standards defined by IETF, PKIX WG:
http://www.ietf.org/http://www.ietf.org/
… … even if X509 is not the only approach (e.g. SPKI)even if X509 is not the only approach (e.g. SPKI)
X509 PKI – Technical ViewBasic Components:
• Certificate Authority (CA)
• Registration Authority (RA)
• Certificate Distribution System
• PKI enabled applications“Consumer” Side
“Provider” Side
X509 PKI – Simple Model
CA
RA
Certification
Entity
Directory
Application
Service
Remote
Person
Local
Person
Certs,
CRLs
Cert. Request
Signed Certificate
Internet
Try to reflect Try to reflect Real world Trust ModelsReal world Trust Models
CA CA
CA
RA RA
CA
RA
LRALRA
CA
CA
RA
CA
CA
RA RA
DirectoryServices
InternetInternet
InternetInternet
CA Technology Evolution
Certificate Revocation List
Revoked Certificates
remain in CRL
until they expire
Certificate Revocation ListCertificate Revocation List
CRL vs OCSP Server
User CACRL
Directory
Download CRL
CRL
User CACRL
Directory
Download
CRL
Certificate IDs
to be checked
Answer about
Certificate States
OCSP
Server
OCSP
X509 PKI Trust by
Hierarchies andCross Certification
Each entity has its own certificate (and may have more than one). The root CA’s certificate is self signed and each sub-CA is signed by its parent CA.
Each CA may also issue CRLs. In particular the lowest level CAs issue CRLs frequently.
End entities need to “find” a certificate path to a CA that they trust.
Simple Certificate HierarchyRoot CA
Sub-CAs
End Entities
Certification Path
12 3
1. Multiple Roots
2. Simple cross-certificate
3. Complex cross-certificate
Cross-Certification andMultiple Hierarchies
Things are getting more and more
complex when Hierarchies and
Cross-Certifications are used
X509 PKI Approach to Trust : Problems
Identity is Not Enough:Attribute Certificates
IETF (PKIX WG) is also defining standards for Attribute Certificates (ACs):
• Visa Card (Attribute) vs. Passport (Identity)• Attribute Certificates specify Attributes associated
to an Identity• Attribute Certificates don’t contain a Public key
but a reference to an Identity Certificate
CERTIFICATE
Attribute Certificate
Issuer
Link toOwner’s IdentityCertificate
DigitalSignature
Attributes
Issuer: Bank of BristolSerial number: 4776457Identity certificate link: 64564656Expiration: 1/12/2001AttributesCredit card number: 54356 435 2343Issue date: 23/04/2000Expiration date: 23/04/2005
Digital Signature: 2kjr3rno2;klnm2
Policiesand
Policy Management
34
What is Policy
Policy is about the constraints and preferences on the state, or the state transition, of a system.
It is a guide on the way to achieving the overall objective which itself is also represented by a desirable system state.
Examples of Policies
• The IT infrastructure of this company must be secure
• Only authorised people can access company confidential documents
• Each employee must renew their password every 3 months
• The network throughput must at least be 2 Mbits/sec
Policies• Focus on multiple “IT infrastructure” levels • Can be very abstract: need for refinement
• Can be programmatically enforceable or not (focus on the former ones)
Policy Targets
Network Layer: - routers - firewall - etc.
System layer: - OSs - PCs - Servers - Domains - etc.
Application Layer: - storage (DBs) - web servers - workflow - etc.
Service Layer
policiesBusiness Layer
38
Policy Refinement
Policy P0Policy P0
policy P1,1 policy P1,1
Policy PXPolicy PX
policy P1,2 policy P1,2 policy P1,3 policy P1,3
I4I4I3
I3 IiIi
IX,2IX,2IX,1
IX,1
iterative refinementof policy
= State Transition Plan
Policy PYPolicy PY
II = implementable
S1 S2 S3 S4 SiSY
IY,1IY,1
OBJECTIVEOBJECTIVE
Si= desired state
high-level descriptionof what to achieve
concrete description of state to achieve
Policy Refinement: ExampleThe company
IT infrastructure must be secure
The company network
must be secure
The company systems
must be secure
The company applications
must be secure…
Each PC must run
an antivirus
Each PC must be
Passwordprotected
…
Work on Policies• Imperial College London - Morris Sloman, Emil Lupu http://www.doc.ic.ac.uk/~mss/MSSPubs.html Policies for Distributed Systems (Authorization, Obligation Policies …)
• IETF working groups: www.ietf.org policies at the networking level
• Other people: Masullo M.: Policy Management Wies, R. – Neumair, R.: Application of policies Wies: policy specification and transformation Heiler, K.: Policy driven Configuration Mnagement …
• …
Providing Solutions and Infrastructure
to underpin Trust in B2B E-Commerce
PASTELS
PART 2
Context Dynamic B2B Environment
User xUser x
Enterprise 1Enterprise 1
OperationOperation
Web Web Service1Service1
WebWebService2Service2
WebWebService3Service3
OperationOperation
OperationOperation
OperationOperation
OperationOperation
OperationOperation
OperationOperation
Service Service ProviderProvider
Service Service Provider KProvider K
InternetInternet
Enterprise Enterprise ZZ
B-2-BB-2-B
Enterprise 2Enterprise 2
Enterprise 3Enterprise 3
Not TrustedNot Trusted
TrustedTrusted
PASTELS Project: Focus
• Framework to deal with Digital Credentials - End to End Credential Exchange - Solutions for Client and Server Side
• Integration of Digital Credentials with Authorization at the E-Service level
Trust and Trust Management is potentially a huge area. Focus on:
E-Market Context
Market Governance
Market Makers
Market Mediator
Marketplaces
Enterprises
Traders
Internet
Trusted Third Parties
Market Governance
Market Mediator
Marketplaces
Bank
Enterprise/Trader
Credential Validation
Authorization Service
IC1IC1
Citizenship Credential (AC2)
Market Maker
Credential Credential ValidationValidation
AuthorizationAuthorization
Credential Credential Usage MonitoringUsage Monitoring
Trading Trading
ServicesServices
IdentityCredential (IC1)
Financial Credential(AC1)
Simplified E-Market Scenario
InternetInternet
Credential Issuance
User
Example: Market Maker
• The Market Maker Administrator has to decide which Credential Issuers it is going to Trust
• The Administrator has to decide how to deal with Credentials Content:
- Attribute Semantic - Defining policies on which Credential Attributes must be accepted - Map to Local Interpretation
Example: Market Maker• The Administrator has to define Vetting Policies to allow/deny an Enterprise to enter in a Marketplace:
- for example based on Credentials content: Credit Limit, Ranking, Issuer of Credentials, etc.
“A User with a Credit Limit greater that $100000 and Certified by Issuers “Issuer ABC“ can trade in the Marketplace XYZ, during business hours”
Example: Market Maker
• The Administrator has to define Authorization Policies for Marketplace Services:
- for example based on Credentials content: Credit Limit, Citizenship Validity, Ranking, etc.
“A User can bid if they have a valid Citizenship, the bid is less than the associated Credit Limit and greater than the current price”
PASTELSInfrastructure &
Solutions
PASTELS: Areas of Interest
Credential Credential ValidationValidation
AuthorizationAuthorization
Credential Credential Usage MonitoringUsage Monitoring
ServicesServices
Enterprise 1Enterprise 1ConsumerConsumer
Enterprise 2Enterprise 2Service ProviderService Provider
Common TrustedCommon TrustedThird PartiesThird Parties
Client Identity CertificateClient Identity Certificate
Server Identity CertificateServer Identity Certificate
Server Attribute CredentialsServer Attribute Credentials
Client Attribute CredentialsClient Attribute Credentials
Publishing MechanismPublishing Mechanismfor Semantic of Credentialfor Semantic of Credential
Credential Credential ManagementManagement
BrowserBrowserPlug-inPlug-in
Infrastructure and solutions to underpin Trust in B2B:
PASTELS
• Models: Credentials, User and Roles, Policies, Services
• Runtime Validation and Authorization Components
PASTELS:Model of
Digital Credentials
Digital Credentials
• Identity Certificates - real life: your passport, identity card, etc.
• Attribute Credentials - real life: your driving license, bank statement, your credit card, etc.
PASTELS: Attribute CredentialBased on Digital Signed XML
• Attribute Credentials are associated to Identity Certificates by using its Issuer DN and Serial Number:
Attribute Credential (XML File)
SignatureIdentity Credential
IssuerDN
Serial NumberName: …
IssuerDNSerial NumberCredit card: …Expiration: …
PASTELS:Attribute Credentials
• Attribute Credentials carry “Attributes” with no Explicit Authorization purposes
• Authorization Policies at Service Level are defined within the Enterprise that provides Services.
• An Attribute defined in a Credential becomes relevant for Authorization purposes in the context of an Authorization Policy
PASTELS:
Model of
Users and Roles
Model - Users, RolesUser1
Role1Role1
Role2Role2
User2
User3
User4
User-Role Association
User, Role, User-Role Association Models based on Attributes:
- Core Attributes - Management Attributes - Customisable Attributes
Name: Marco Casassa Mont
Organisation: Company1
email: [email protected]
Account creation date: 11/03/1999Account expiration date: 31/12/1999
createdBy: dddda
authorizedBy:cccc
Activation Condition: time>9:00, time<16:00
User: XYZUser: XYZ
Trade Limit: 500
Core Attributes
Management Attributes
Customizable Attributes
Role Name: Share Trader
creation date: 11/03/1999
expiration date: 31/12/1999
createdBy: eeee
authorizesBy:ffff
Activation Condition: true
Role: Share TraderRole: Share Trader
state: active
Can TradeCan Trade: yes
Core Attributes
Management Attributes
Customizable Attributes
creation date: 11/03/1999
expiration date: 31/12/1999
createdBy: dddda
authorizesBy:cccc
Activation Condition: true
User-Role AssociationUser-Role Association
state: active
Role Name: Share TraderUser Name: Marco Casassa Mont
Core Attributes
Management Attributes
Model - Users, Roles
PASTELS:
Model of
Authorization Policies
Policy• Logical expression containing constraints on user profile,
user’s roles, system information, service parameters, credential
content, nature of credentials, external information
• Java like policy language. No PROLOG.
• Interpreted at runtime by the Authorization Engine (policy internal representation)
• Policies can be used to describe constraints of different nature:
Validation, Credential Content Management, Authorization
Policy ExampleAuthorization Policy:
“A User can bid if they have a valid Citizenship Credential, the bid is less than the associated Credit Limit and greater than the current price”
EXISTS (ASSIGN(CitizenshipNumber, CONTEXT.CitizenshipNumber)) VERIFY ((CitizenshipNumber.value > 0) && (CitizenshipNumber.propertyQualifier == "attributeCredential") && ASSIGN(CitizenshipCredential, CitizenshipNumber.scope) && (CitizenshipCredential.IssuerDN == “CN=The MarketGovernance, …")) &&(bid.bidValue > 0 ) && (bid.bidValue > currentPrice.value ) &&(bid.bidValue <= CONTEXT.CreditLimit )
PASTELS
Model of Services
Model of Services
Service 1
Function 1
Function 2
Function 3
Authorization Policies
Explicit Service Model
Application/Service Name: Trading Service
Operation: Offer
Parameters:
endAuction: Date
initialPrice: Integer Operation: Bid
Parameters:
currentPrice: Integer bid: Integer
Authorization PolicyService Model (XML based)
EXISTS
(ASSIGN(CitizenshipNumber, CONTEXT.CitizenshipNumber))
VERIFY
((CitizenshipNumber.value > 0) &&
(CitizenshipNumber.propertyQualifier == "attributeCredential") &&
ASSIGN(CitizenshipCredential, CitizenshipNumber.scope) &&
(CitizenshipCredential.IssuerDN != “CN=The MarketGovernance,")) &&
(bid.bidValue > 0 ) &&
(bid.bidValue > currentPrice.value ) &&
(bid.bidValue <= CONTEXT.CreditLimit )
Explicit Service Model
PASTELS
Distributed System
Run-time
enterprise 3enterprise 3
e-service e-service credentialscredentials
e-servicee-service
PASTELS PASTELS frameworkframework
e-servicee-service
enterprise 2enterprise 2
e-service e-service credentialscredentials
PASTELS PASTELS frameworkframework
e-servicee-serviceenterprise 1enterprise 1
useruser
BrowserBrowser
the Internetthe Internet
SSL active sessionSSL active session
High Level Interaction
user attribute user attribute credentialscredentials
storagestorage
view server view server credentialscredentials
PULL server credentialsPULL server credentials
SSL active session
SSL active session
PULL server credentials
PULL server credentials
PULL newly-issued user credentialsPULL newly-issued user credentials
PUSH user credentials
PUSH user credentials
PASTELS FrameworkRuntime Components
- Login Service: manages login, after basic authentication
- Session Manager: manages user sessions
- Credential Validation Manager: validation of Credentials
- Credential Content Manager: manages credential’s content
- User Context Manager: collects user’s profile, roles and credentials
- Authorization Server: Policy driven Authorization Server
- Credential Proxy: PUSH/PULL of credentials (browser plug-in)
- User Context Gateway: gateway to the Credential Usage Monitoring Sys
- Object Pool Manager: cache for user’s profile, roles and credentials
ServicesServicesWebServer Function
Function
Plug In
RemoteUser’s
Browser
CredentialsCredentials
RemoteRemoteEnterpriseEnterprise
Internet
SSL
EnterpriseEnterprise
User’s Goal: Access Service
ServicesServices
Credential Credential Validation Validation
WebServer Function
Function
Plug In
RemoteUser’s
Browser
CredentialsCredentials
RemoteRemoteEnterpriseEnterprise
EnterpriseEnterprise
Internet
SSL
LoginService Identity
Certificate
Session Manager
Identity Certificate ValidationOCSP/CVSP
CA
AA
ServicesServices
AuthorizationAuthorization ServerServer
Credential Credential Validation Validation
WebServer Function
Function
Plug In
RemoteUser’s
Browser
CredentialsCredentials
RemoteRemoteEnterpriseEnterprise
EnterpriseEnterprise
Internet
SSL
Policy Evaluation Request
LoginService
OCSP/CVSP
CA
AA
Session Manager
- Service Model- Service Model- Authorization- Authorization PoliciesPolicies
Credential Validation Credential Validation and Managementand ManagementPoliciesPolicies
Identity Certificate Validation
ServicesServices
AuthorizationAuthorization ServerServer
Credential Credential Validation Validation
WebServer Function
Function
Plug In
RemoteUser’s
Browser
CredentialsCredentials
RemoteRemoteEnterpriseEnterprise
EnterpriseEnterprise
Internet
SSL
Policy Evaluation Request
LoginService
OCSP/CVSP
CA
AA
Session Manager
Credential Credential Content MgmtContent Mgmt
Policy Evaluation Request
AbstractorAbstractor
- Service Model- Service Model- Authorization- Authorization PoliciesPolicies
Credential Validation Credential Validation and Managementand ManagementPoliciesPolicies
Identity Certificate Content Mgmt
ServicesServices
AuthorizationAuthorization ServerServer
Credential Credential Validation Validation
WebServer Function
Function
Plug In
RemoteUser’s
Browser
CredentialsCredentials
RemoteRemoteEnterpriseEnterprise
EnterpriseEnterprise
Internet
SSL
Policy Evaluation Request
LoginService
OCSP/CVSP
CA
AA
Session Manager
Credential Credential Content MgmtContent Mgmt
Policy Evaluation Request
AbstractorAbstractor
Users’ profilesUsers’ RolesUsers’ Identity CredentialsUsers’ Attribute CredentialUsers’ Anonymous Credential
Object Pool Manager (Cache)Object Pool Manager (Cache)
User ContextUser Context
RepositoryRepository
User User ContextContextManagerManager
- Service Model- Service Model- Authorization- Authorization PoliciesPolicies
Credential Validation Credential Validation and Managementand ManagementPoliciesPolicies
User Context Manager
ServicesServices
AuthorizationAuthorization ServerServer
Credential Credential Validation Validation
WebServer Function
Function
Plug In
RemoteUser’s
Browser
CredentialsCredentials
RemoteRemoteEnterpriseEnterprise
EnterpriseEnterprise
Internet
SSL
Policy Evaluation Request
LoginService
OCSP/CVSP
CA
AA
Session Manager
Credential Credential Content MgmtContent Mgmt
Policy Evaluation Request
AbstractorAbstractor
Users’ profilesUsers’ RolesUsers’ Identity CredentialsUsers’ Attribute CredentialUsers’ Anonymous Credential
Object Pool Manager (Cache)Object Pool Manager (Cache)
User ContextUser Context
RepositoryRepository
User User ContextContextManagerManager
- Service Model- Service Model- Authorization- Authorization PoliciesPolicies
Credential Validation Credential Validation and Managementand ManagementPoliciesPolicies
CredentialsUsageMonitoringService
User ContextGateway
Link to “TrustView”
ServicesServices
AuthorizationAuthorization ServerServer
Credential Credential Validation Validation
WebServer Function
Function
Plug In
RemoteUser’s
Browser
CredentialsCredentials
RemoteRemoteEnterpriseEnterprise
EnterpriseEnterprise
Internet
SSL
Policy Evaluation Request
LoginService
OCSP/CVSP
CA
AA
Session Manager
Credential Credential Content MgmtContent Mgmt
Policy Evaluation Request
AbstractorAbstractor
Users’ profilesUsers’ RolesUsers’ Identity CredentialsUsers’ Attribute CredentialUsers’ Anonymous Credential
Object Pool Manager (Cache)Object Pool Manager (Cache)
User ContextUser Context
RepositoryRepository
User User ContextContextManagerManager
- Service Model- Service Model- Authorization- Authorization PoliciesPolicies
Credential Validation Credential Validation and Managementand ManagementPoliciesPolicies
CredentialsUsageMonitoringService
User ContextGateway
CredentialProxy
Push Credential
Pushing a User’s Attribute Credential
ServicesServices
AuthorizationAuthorization ServerServer
Credential Credential Validation Validation
WebServer Function
Function
Plug In
RemoteUser’s
Browser
CredentialsCredentials
RemoteRemoteEnterpriseEnterprise
EnterpriseEnterprise
Internet
SSL
Policy Evaluation Request
LoginService
OCSP/CVSP
CA
AA
Session Manager
Credential Credential Content MgmtContent Mgmt
Policy Evaluation Request
AbstractorAbstractor
Users’ profilesUsers’ RolesUsers’ Identity CredentialsUsers’ Attribute CredentialUsers’ Anonymous Credential
Object Pool Manager (Cache)Object Pool Manager (Cache)
User ContextUser Context
RepositoryRepository
User User ContextContextManagerManager
- Service Model- Service Model- Authorization- Authorization PoliciesPolicies
Credential Validation Credential Validation and Managementand ManagementPoliciesPolicies
CredentialsUsageMonitoringService
User ContextGateway
Credential Credential Issuer/PushIssuer/Push
CredentialProxy
Pull Credential
Pulling Attribute Credentials
ServicesServices
User User ContextContextManagerManager
CredentialsUsageMonitoringService
AuthorizationAuthorization ServerServer
- Service Model- Service Model- Authorization- Authorization PoliciesPolicies
Credential Validation Credential Validation and Managementand ManagementPoliciesPolicies
Credential Credential Validation Validation
WebServer
Session Manager
AuthorizationRequest
Function
Function
Credential Credential Issuer/PusherIssuer/Pusher
Plug In
RemoteUser’s
Browser
CredentialsCredentials
RemoteRemoteEnterpriseEnterprise
EnterpriseEnterprise
Internet
SSL
Policy Evaluation Request
CredentialProxy Credential Credential
Content MgmtContent Mgmt
Policy Evaluation Request
User ContextUser Context
Users’ profilesUsers’ RolesUsers’ Identity CredentialsUsers’ Attribute CredentialUsers’ Anonymous Credential
LoginService
User ContextGateway
AbstractorAbstractor
Object Pool Manager (Cache)Object Pool Manager (Cache)
RepositoryRepository
OCSP/CVSP
CA
AA
Authorization at Service Level
Credential UsageMonitoring Service
PASTELS Prototype• Prototype leverages State of the Art technology:Prototype leverages State of the Art technology:
- PKI and PKI toolkits (Baltimore UniCERT, J/PKI-Plus)- PKI and PKI toolkits (Baltimore UniCERT, J/PKI-Plus)
- Signed XML (Baltimore X/Secure)- Signed XML (Baltimore X/Secure)
- SSL with full handshake- SSL with full handshake
- Web server technology (IIS, JWS)- Web server technology (IIS, JWS)
- Enterprise Java Beans (EJB)- Enterprise Java Beans (EJB)
- Relational Database (MS SQL Server, MS Access)- Relational Database (MS SQL Server, MS Access)
- Object Oriented Database (Cloudscape)- Object Oriented Database (Cloudscape)
Trust Management Prior Relevant Work
• SPKI (Ellison): Delegation Model
• PolicyMaker (Blaze): Trust Management System - Assertions of certificates and policies - Policy: key <--> local policy - Verify that actions conform to policies and credentials
• IETF: X509 RFC, Attribute Certificate RFC
Trust Management Prior Relevant Work
• KeyNote (Blaze): Trust Management System - It derives from PolicyMaker - Common language for credentials and policies - Policy: action permitted by the holder of a public key
• REFEREE (LaMacchia): Trust Management System - Environment to evaluate compliance with policies - Self-regulated by policies - Based on Credentials
PART 3
Moving Towards The Future … …
Dealing with things when they go wrong
… Trust Services as a Safety Net
For E-Commerce
InternetInternet
B-2-BB-2-B
EnterprisEnterprisee
UseUserr
EnterprisEnterprisee
UseUserr
Trust Services
Moving Trust to the E-World
Trust Services exist in the physical
world. In the E-World the wheels still need greasing.
However, the interactions are
different.
Notary
Dispute Resolution
Underwriter
Repository Identitytracking
Greasing the wheels of E-Commerce
Notary
Restoration Services
Access Control
EvidentialAnalysis
Identitytracking
Storage-contracts-keys-evidential-documents
Monitoringreal time
Reliable Messaging
Underwriter
CredentialManagement
Policy
Trust Service Eco-system
Trust Services Research Problems …
• Integrity
• Authenticity
• Confidentiality
• Non-Repudiation
• Longevity
• Survivability
• Accountability
• Simplicity