Using Facets of Security within a Knowledge-based Framework to Services

advertisement
Using Facets of Security within a
Knowledge-based Framework to
Broker and Manage Semantic Web
Services
Randy Howard, Larry Kerschberg
E-Center for E-Business, http://eceb.gmu.edu
George Mason University; Fairfax, VA USA
choward@gmu.edu, kersch@gmu.edu
More Publications at:
http://eceb.gmu.edu/publications.htm
September 25, 2004
SKM 2004
1
Research Goals




Provide a framework & methodology to create
Virtual Organizations (VO) via Semantic Web
Services
Support end-to-end requirements & life-cycle
tasks to create VO on the fly
Address layers that correspond to Specification,
Design and Implementation
Focus here is on Intelligent Middle-ware
Services for Secure Knowledge Management
September 25, 2004
SKM 2004
2
Where is the VO Knowledge?



Humans as part of the VO
Intellectual Property wrapped in Semantic Web
Services
Policies that govern the VO





Service-level agreements
QoS agreements
Security Policies and Protocols
Access Control, Authentication Services for VO
Virtual Security for GRID Services
September 25, 2004
SKM 2004
3
Problem Space

Automate Web Services



Apply Semantic Web Technologies (Semantic Web
Services)
Deal w/ Plethora of Standards and Protocols
Issues of a Virtual Organization



Rapid configuration needed due to temporal nature of
requirements;
Enterprise Issues of Resource Management, Quality
of Service and Negotiation, and
Security issues run through every facet of the VO
September 25, 2004
SKM 2004
4
Solution Space

Knowledge-based Dynamic Semantic Web
Services (KDSWS) Framework




Meta-Model for Semantic Web Services
Meta-Process (Methodology)
Specification Languages based on KDM/KDL
Specifies:




End-to-end tasks of the life-cycle for context,
Threads to deal with Management, Workflow,
Transaction Control, Interoperation, Security,
Transportation and Feedback
Enterprise and Local Perspectives
Functional Architecture Components
September 25, 2004
SKM 2004
5
Brokering and Management

Brokering, or matchmaking, involves [Paolucci,
2004]:




Services advertising themselves to a broker
Broker handling queries about the available services
Mediating the results for the requestor
Management Levels [Nayak, 2001]:



Strategic
Asset
Value-Chain
September 25, 2004
SKM 2004
6
KDSWS Framework-Processes
KDSWS Processes
Life-Cycle Tasks
Prepare for
Publish
Provider
Profile
Threads
Feedback and/or
Fulfilled Request
Available
Capabilities
Requestor
Profile (apriori)
Confirmed
Services
Request
(dynamic)
Publish
Certified
Services
Requestor
Prepare for
Request
Master
Service(s)
Request
Profile
Select
Request
Master Request
Provider
Service Profile
Configure
Deploy
Deliver
Workflow
Transactions
Quality of
Service
Security
Interoperation
Candidate Services
Transportation
Discover
Feedback
Interface
September 25, 2004
Management
Retire
SKM 2004
7
KDSWS Framework Design
Specification
Meta-metamodel
Meta-model
KDSWS Design Specification
Knowledge-based Dynamic
Services/Process Model &
Language
Knowledge/ Data
Model & Language
Methodology
Mappings
Map with
Knowledge Base
Schema(s)
Map with
BEPLWS
Map with KDSWS
Objects
Map with UDDI
September 25, 2004
Map with
Semantic Web
Services
Map with
WSDL
Map with Grid
Interface
Map with
WSRF
SKM 2004
Map with
Specialty Stores
Map with
WS-CDL
Map with Agent
Profiles
Map with OWLooo
S
8
KDSWS Functional Architecture
KDSWS Functional Architecture
Layer
Functional
Federation
Architecture
Functional
Knowledge
Architecture
User
Services
Federate
Functions
Semantic
Web Base
Federate
Agents
NonSemantic
Web Base
Intelligent
Middleware
Services
Federate
Knowledge
Functional Agent Services Architecture
Virtual
Line
Agency
Agents
Agents
Request
Process
Preparation
User Agency
Publication
Planning
Preparation
Functional
Services
Agency
Web Services Protocols
UDDI
BEPLWS
WSDL
OWL-S
SOAP
ooo
Web
Services
Services
Coordination
Agency
Grid Interface
September 25, 2004
SKM 2004
Support
Agents
User Profile
Administration
Order Tracking
Broker
Discovery
Ontology
Federation
Negotiation
Curation
Feedback
Contracting
QoS
Monitoring
Fulfillment
Service
Mediation
Security
Publication
Workflow
Coordination
Registration
Requesting
Transaction
Management
Certification
Deployment
Configuration
Testing
Delivery
Classification
Metrics
9
KDSWS Brokering Methodology Flow
Broker on Security Facets
Security Agent
Management
Establish Search
Request Profile
Search
Policies
Prepare for Publish
& Request
Profile Security
Facets
Publish
Security
Profiles
Discovery Agent
Security Structure Agent
Security
Facets
Request
Provider
Constraints/
Preferences
Invoke
Search
Knowledge
Sifter
A
Traverse
Workflow
Master
Request
Security
Negotiation
Policy
Differentiate
Services
Shortlist of
Services
Ranked
Web
Services
Selection
Policies
Compile
Selection
Results
A
Match
Protocols
Identify
Security- related
Elements
Negotiation
Tracking
Negotiate
Services
Manage
Alternatives
Choose
Service
Alternative
Services
Provider
/Service
History
Interrogate
Request Security
Structure
Security
Domain
Catalog
Search
Request
Profile
Selection Agent
Selected
Web
Service(s)
Match NonRepudiation &
Integrity
Signature
Identity
Establish
Security Domain
Match
Authentication
Encryption
Isolate Security
Constraints and
Preferences
Access
Roles
Match
Authorization
Policies
Match Trust, Access
Control, Rights
Receive Request
Feedback
Differentiate on Security Facets
Capture Service and Provider Performance
September 25, 2004
SKM 2004
10
KDSWS Brokering Methodology Flow
Produce and Compile Search Reslts
Discovery Agent
Request
Constraints/
Preferences
Establish Search
Request Profile
Management
Search
Priorities
Feedback Workflow
Search
Request
Profile
Search
Request
Profile
Establish
Domain
Broker Agent
Knowledge Sifter System Architecture
Select Search
Agent
A
Commence
Discovering
Invoke
Search
Preferences
Agent
User Agent
Ontology
Agent
Query
Formulation
Agent
Owl
Schemas
Ontological
Sources
Capture Agent
Performance
Select
UDDI
Web Services
Agent
WSDL
Provider Constraints/
Preferences
September 25, 2004
Decompose
Complex
Services
Compile
Selection
Results
UDDI
Search Agent
Capabilities
Adjust Search
Request Profile
Ranked
Web
Services
Integration
Agent
Domain of Request
Requestor
Profile
Decomposition Agent
Domain
Catalog
Master
Request
Request
Classification Agent
A
Select &
Negotiate
Services
Decompose
Workflow
Adapt Search
Agent
Search Agent
Profile
SKM 2004
11
KDL Specification Example
kdsdBlanketsSecurityConstraint
:DESCRIPTION Provider-side security constraints
:SUPERTYPES kdsdSecurity
kdsdConstraint
kdsdProvider
:SUBTYPES
kdsdPrivacy
:ATTRIBUTES kdsdDescription
:TYPE Object
kdsdAccessLevel
:TYPE Integer
kdsdAuthorityLevel
:TYPE Integer
kdsdEncryptMethod
:TYPE String :CONSTRAINT In ("x508?", "Kerberos")
kdsdSignatureSwitch
:TYPE Boolean
kdsdVisibility
:TYPE String :CONSTRAINT In ("Public", "Partner", "Internal")
kdsdIdentity
:TYPE Object
kdsdAuthorityLevel
:TYPE Integer
:CONSTRAINTS :CONSTRAINT-ID
C-02-1
:CONSTRAINT-CATEGORIES Supply, Security
Allow only partners to access
:PREFERENCES :PREFERENCE-ID
P-02-1
:PREFERENCE-CATEGORIES Supply, Security
Prefer medium security for assurace of fund transfer
:HEURISTICS
:HEURISTIC-ID
H-02-1
:HEURISTIC-CATEGORIES Supply, Security
Don't let security impede acquisition
:METHODS
:METHOD-ID
M-02-1
Check for partner and access level
September 25, 2004
SKM 2004
12
Knowledge-based Dynamic Services/Process
Language Specification Example
kdspSearchForProviders
:DESCRIPTION Core Broker activities
:GOALS
ProviderSearchGoal (Find services from providers that meet the goals of the request)
:TASK
kdspDiscover
:THREAD
kdspManagement
:OWNER
kdsdSearchAgent
:STEWARD
kdsdKnowledgeSifter
:PREDECESSORS kdspClassifyRequest
:SUCCESSORS kdspCompileSearchResults
:STEPS
:STEPNAME
kdspSearchUDDI
:SEQUENCE-NUMBER
1
:STEP-DESCRIPTION
Search the UDDI registry for acceptable providers and services
:DELEGATE
kdsdKnowledgeSifter
:DELEGATE-TYPE
AGENT
:DELEGATE-ROLE
LINE
:OPERATION
searchUDDI
:METHOD-NAME
kdsdKnowledgeSifter.Search
:STEP-SUCCESSORS
:STEP-SUCCESSOR-MODE Decision
:STEP-SUCCESSOR-BRANCH kdspAdjustSearchParameters :STEP-CONTROL-CONDITION Insufficient Results
:STEP-SUCCESSOR-MODE Sequential
:STEP-SUCCESSOR-BRANCH kdspRankResults
:STEP-CONTROL-CONDITION Sufficient Results
:CONTRAINTS :CONSTRAINT-ID
C-13-1
:CONSTRAINT-CATEGORIES Search
kdsdSearchReturnLimit (Return only the top 25)
:CONSTRAINT-ID
C-13-2
:CONSTRAINT-CATEGORIES Security
Select only partners that support PKI
:HEURISTIC-ID
H-13-1
:HEURISTICS
:HEURISTIC-CATEGORIES Search
Partners who are in bankruptcy are a bad risk; therefore, do not use services from providers who are in bankruptcy"
September 25, 2004
SKM 2004
13
KDSWS Contributions





Three-tiered framework for specification, design
and implementation of Virtual Organizations
using Semantic Web Services.
Languages for enhanced specification of
Semantic Web Service requirements for the VO.
Security issues are addressed in specification,
design and implementation phases of VO lifecycle.
Agency-based functional architecture allows for
agent specialization of functional capabilities
including security.
Workflow management of VO “transactions” with
end-to-end security.
September 25, 2004
SKM 2004
14
Future Work - Prototype
WfMS
Expert
Systems
Workflow
Patterns
Rules
Objects
KDSWS Specification
Import
Agent
Mapped KDL
Objects
Aggregated
KDL Objects
Mapping
Agent
KDL
KDSPL
Export
Agent
Atomic KDL
Objects
Knowledge
Objects
Mapped KDSPL
Objects
Atomic
KDSPL Objects
Master
Request
Agent
Profiles
Policies
KDSWS Functional Architecture
Publish
Agent
UDDI+
OWL-S+
Aggregated
KDSPL Objects
WSDL+
Request
Handling
Agent
Workflow
Agent
Ontologies
September 25, 2004
Broker
Agent
Knowledge
Sifter
Master
Services
Configuration
Package
SKM 2004
Delivery
Agent
Fulfillment
Package
15
Conclusions


Web Services and Semantic Web Services are
still in their infancy so new tools and techniques
are needed for Secure Knowledge Management
within the Virtual Organization.
The KDSWS Framework is one approach to
meeting the above goal.




Meta-models capture the data organization,
Methodology helps to integrate the plethora of
standards
Languages embody the meta-model & methodology
to allow for “security semantics” specification
Integrated specification, design and implementation
environment.
September 25, 2004
SKM 2004
16
Questions and Answers
September 25, 2004
SKM 2004
17
Download