An overview of Web Services and Grid Security research
activities at the BT Security Research Centre
Theo Dimitrakos
BT Security Research Centre
Adastral Park, Martlesham Heath, Ipswich, Suffolk, IP5 3RE, UK
email: theo.dimitrakos@bt.com
Abstract: In this paper we provide an overview of the research activities that are being planned in
area of Web Services and Grid Security at the Security Research Centre of British Telecom. The
focus of the paper is on summarising specific research challenges whose achievement we consider
as important milestones in the evolution of web services and Grid security, and on reporting
experience from analysing and experimenting with WS-* specifications that appear to offer a
suitable base-line for addressing these challenges.
Motivation
Leveraging on the convergence of Grid and Web services technologies we anticipate the emergence
of new business and scientific computing paradigms that are based on dynamic Virtual Organisations
(VO). VOs span across the organisational boundaries and enable the enactment of collaborate processes
that integrate services, resources and knowledge in order to perform tasks that VO partners could not
undertake on their own. Such a dynamic and complex structure opens several challenging problems
related to the VO security, including the following:
- VO participants provide services that are integrated upon-demand into a custom-made solution;
using limited resources, they may offer several different services in the context of the same VO
and/or offer the same service to several VOs; the main interest of each Organisation – that persists
across its participation in VOs – is (in the longer term) to optimise its utility.
- Relationships between VO participants are bound to some form of agreement (that may include but
not be restricted to SLA) against which their performance is being assessed.
- Each Organisation defines its own (typically public) security policy dictating the way that consumers
can access the services and resources that this Organisation contributes to the VO. It also defines its
own (typically private) security policy providing the rules upon which security decisions about
controlling the use of its assets are made at run-time. Of course, these policies need to be consistent
to the agreements that constrain the relationships between VO members. However, an Organisation
may intentionally violate an agreement and suffer the penalties defined for such violation in order to
serve its business objective (e.g. to maximise profit, or to operate on limited resources without
violating agreements of greater importance.)
- Security policy roles aggregating access rights and obligations are defined not only for users but also
for service instances. These roles are distinct but explicitly associated with the business roles that a
service assumes during the enactment of a collaborative activity in the context of executing a
composite application service. Consequently, the rights and obligations of a service instance are not
fixed in its profile but specific to the context of each collaborative activity that it contributes to, and
they may change depending on the state of that activity.
General Technical Requirements
The above impose a set of technical requirements that drive the need for new integrated security
architectures:
- Distinct and possibly independent security contexts are created and managed for the various
Organisations that contribute services and/or resources to a VO.
- Each Organisation has its own (public) security policies about how the services it hosts can be
accessed and its own (private) security policies about how secure communication (i.e. transport-level
and message-level security) is enforced and how access is controlled.
- For each collaborative activity that contributes to the execution of a composite application, a distinct
security context is created to enable interactions among the participating services; message
exchanges among services are enabled only if such a security context is present. The presence of
such a security context defines a logical Group of service instances that are allowed to interact for
enacting the collaborative activity.
-
-
-
For each such Group, a dedicated administrative service is created for coordinating the distribution
of the security context that is associated with this Group. This administrative service also
coordinates the distribution of commonly recognised security attributes, which encapsulate the
role(s) that a service instance may assume within that security context. Such roles abstract the rights
and obligations that have been foreseen for securely enacting the corresponding collaborative
activity.
The membership and security attribute distribution in such a Group may change dynamically during
the enactment of a collaborative activity depending on the state of this activity.
Each Organisation makes security decision and enforces security actions based on the specific
security context within which the user access and service-to-service interactions take place, the
security attributes possessed by each interacting service and the security policies of the sites
managed by the Organisation.
In order to optimise time-to-deploy new services application specific service instances deployed in a
site should not be directly involved in actions relating to the distribution of security context, the
security policy decision making and the enforcement of security related actions. Security actions are
performed by a set of message interceptors, policy decision and policy enforcement points, which
are provided by the infrastructure and administered by the Organisation supported by a dedicated
service (provided by the infrastructure) for coordinating interactions between the administrative
services of different Organisations when needed (e.g. for validating security claims, updating Group
membership, revoking security attributes, etc.).
General Approach and Specific Activities
Research on integrated security architectures and experimentation with novel solution prototypes that
aim to enable secure integration of services and resources across Enterprise/Organisational boundaries is
essential for future growth, as BT is transforming itself from a Telco to a global IT and networking
services company and aspires to meet our vision in becoming the world leader in network-centric ICT
solutions. The research activities in the area of Web Services and Grid Security aim to facilitate such
growth by investigating technology choices, by producing interoperable security profiles, based on the
convergence of Grid computing and emerging web services security standards, and by developing system
designs and validating them through prototypes that can serve as a showcase of the following key
aspects:
1. Federating security/administrative domains. In relation to this aspect we aim to integrate and
advance implementations of “next-generation” web services protocols for enabling the “just-in-time”
federation of distinct and autonomous security / administrative domains that is limited to the
duration of a business activity. This in turn provides the foundation for establishing transactional
conversations between services (and users) distributed across different trust/administrative realms
that contribute to this business activity.
2. Autonomic security policy management and enforcement. In relation to this aspect, we aim to
investigate techniques and technology for automating security policy management for service
provision and to prototype a solution that enables, on the one hand, the automatic deployment of
policies across different security domains, and, on the other hand, the automatic adaptation of which
security policy is active and of the security enforcement configuration in response to changes in the
environment (including the state of the business activity within which services may transact).
3. Securing Service Composition. In relation to this aspect, we aim to investigate methods and
technology for integrating security management and web services business process enactment in
order to establish an environment where process-driven integration of services across
Enterprise/Organisational boundaries can be realised.
4. Securing WS-Management & Manageable Security. The focus of this aspect is to investigate
extensions of emerging WS management protocols in order to ensure, on the one hand, that the
remote management of network and enterprise resources by dedicated web services is secured, and
on the other hand, that an appropriate virtualisation of operating-platform-specific security
enforcement mechanisms is achieved, therefore, enabling services making security policy decisions
to control security enforcement mechanisms over diverse execution environments.
5. Dynamic Security Perimeters. In relation to this aspect we aim to offer a new perspective to research
towards “deperimeterization” by investigating how the configuration of content-sensitive security
firewalls and of application-level security enforcement points can be coordinated and adapted in real
time in order to create a virtualised “dynamic security perimeter” that is based on an aggregation of
perimeter manageable security enforcement points across different enterprises.
Further to the above, as a part of this activity and in conjunction with external collaborative projects we
aim to build a Virtual Organization testbed where we re-create the environment where two or more
Enterprises selectively federate their trust/administrative realms to accommodate a process-driven service
composition. The testbed will be built up using implementations of the most promising WS-* extensions
and (where appropriate) incorporate elements developed within Grid computing communities.
Related Technologies
In preparation of this research activity, and in the context of both internal and collaborative projects (e.g.
the EU integrated project TrustCoM www.eu-trustcom.com) we have been experimenting with a number
of different WS-* technologies. In this talk and associated paper we will report our experiences with such
experimentation and our view about how WS-* can be integrated and extended to meet the above
objectives. The following table summarises an analysis and comparison between a number of web
services specifications that has been conducted in the context of the EU collaborative project TrustCoM.
In this presentation we will offer a walkthrough of how some of these specifications can be used in
practice in order to help achieve the technical goals set by the abovementioned activities.
Note: read table by column !
Business processing
Policies and Security
Core WS, Messaging,
Grid, Semantic Web
BPEL4WS
BPML
WSCI
WS-BusinessActivit
WS-AtomicTransact
WS-Coordination
WS-Agreement
WSLA
ebXML CPPA
Shibboleth
Liberty
XACML
WS-Federation
WS-Trust
Business processing
WS-PolicyAssertion
WS-PolicyAttachme
WS-SecurityPolicy
WS-Policy
WS-SecureConvers
WS-Security
SAML protocols
SAML tokens
WS-Kerberos
XrML/REL tokens
Username tokens
Policies and Security
X.509 tokens
Semantic Web - OW
WSRF family
WS-MetadataExcha
WS-ReliableMessag
WS-Notification
WS-Eventing
WS-Addressing
UDDI
WSDL
SOAP
Core WS, Messaging, Grid, Semantic We
SOAP
WSDL
UDDI
WS-Addressing
WS-Eventing
WS-Notification
WS-ReliableMessaging
WS-MetadataExchange
WSRF family
Semantic Web - OWL-S
X.509 certificates
Username tokens
XrML/REL tokens
WS-Kerberos
SAML tokens
SAML protocols
WS-Security
WS-SecureConversation
WS-Policy
WS-SecurityPolicy
WS-PolicyAttachment
WS-PolicyAssertions
WS-Trust
WS-Federation
XACML
Liberty
Shibboleth
ebXML CPPA
WSLA
WS-Agreement
WS-Coordination
WS-AtomicTransaction
WS-BusinessActivity
WSCI
BPML
BPEL4WS
n/a
<column> overlaps, is incompatible with, cannot depend upon, or cannot support <row>
<column> does not conflict with, is orthogonal to, composable with, or independent of <row>
<column> supports or uses <row>, if right profile used, or are inter-dependent
<column> depends upon, or provides extensions to <row>
Figure 1: Web Services Integration Matrix produced in the context of the EU project TrustCoM
Conclusion
In this talk we will provide an overview of ongoing research and advanced
development activities at BT Security Research Centre in the area of Web Services and
Grid Security. After summarising specific research challenges whose achievement we
consider as important milestones in the evolution of web services and Grid security, we
will summarise results from analysing emerging WS-* technologies and explain which
particular combination of technologies can be used as a baseline for the experimental
research activities summarised at the overview.