Operating Systems (CSC301) Santosh Shrivastava

advertisement
1
Trusted Coordination in Dynamic Virtual
Organisations
Santosh Shrivastava
School of Computing Science
Newcastle University, UK
santosh.shrivastava@ncl.ac.uk
e-Science Meeting March 2004
2
Virtual Organisations
• Organisations want to create composite services using
services of other organisations
– This leads to resource sharing across organisational boundaries
– Such sharing needs to be encoded as business relationships (“virtual
organisations (VOs)” )
– You need to be able to set up, manage and terminate VOs
– A VO however, blurs the distinction between 'outsiders' and 'insiders'
– A central problem in VO management is therefore how organisations
can regulate access to their resources by other organisations
– So you need Middleware for regulated interactions
» this is a core requirement
e-Science Meeting March 2004
3
Regulated interactions
• Approach:
– Follow the practices of the paper based world where contracts are
used
– relationships between organisations for information access and
sharing will need to be regulated by electronic contracts
– Interactions need to be traceable (auditable), monitored, and only
those that are OK wrt the contract are permitted
• So, Middleware for regulated interactions requires:
– Non-repudiable service invocation and data sharing mechanisms
» We call these “trusted coordination” mechanisms
» Trust is achieved through regulation
– Contract management services
» Ways of representing contracts as executable objects, trusted
(possibly third party) services for monitoring contract
compliance,…
e-Science Meeting March 2004
4
Regulated interactions
Non-repudiable interactions require creation of a trust domain through
intermediaries
e-Science Meeting March 2004
5
Regulated interactions
Many ways of creating a trust domain:
TTP: Trusted Third Party
e-Science Meeting March 2004
6
Regulated interactions
Let us consider 2-party, client-server interaction
• Server needs evidence that:
– The request originated at the client:
non-repudiation of origin (NRO) of the request
– The response was received by the client:
non-repudiation of receipt (NRR) of the response
• Client needs evidence that:
– The request was received by the server (NRR req.)
– The response originated at the server (NRO resp.)
e-Science Meeting March 2004
7
Regulated interactions
EXAMPLE: service invocation
client interceptor -> server interceptor : req, NROreq
server interceptor -> client interceptor : resp, NRRreq, NROresp
client interceptor -> server interceptor : NRRresp
e-Science Meeting March 2004
8
Regulated interactions
• Information Sharing
B
•
•
update
A
update
i
Multi-party, peer-peer interaction
For an update proposed by A:
–
–
–
update
C
e-Science Meeting March 2004
B and C need evidence that update originated at
A (NRO update)
A needs evidence that B and C received the
update (NRR update)
A, B and C need evidence that, after update, the
information will be in a consistent, agreed state
(NRO agreement, NRR agreement)
9
• Use of Interceptors..
B
Evidence required:
•
•
•
A
upd (1)
i
upd (5)
C
e-Science Meeting March 2004
State transition proposed by A
(propose: step 2)
Decisions on validity of
transition from B and C
(respond: step 3)
Collective decision (resolve:
step 4)
Shared information is only
updated if the collective
decision is that A’s proposal
is valid
Incentives to good behaviour
stronger than for one-off
service invocation
10
Regulated interactions
• Infrastructure Requirements:
• Cryptographic primitives
– Digital signatures, secure message digest (hash), secure random number
generation
• Credential (certificate) management
• Access control services
– Intra-organisation: map user to role
– Inter-organisation: map credential to role
• Non-repudiation log
– protocol-specific
– include signed hash of state in evidence
• State store
– map hash of state to persistent representation of state
e-Science Meeting March 2004
11
Regulated interactions
• Infrastructure Requirements (contd.):
• Coordination service to execute NR protocols
(configurable to specific protocol)
• Membership service (for information sharing only)
– Maintain group membership information (mapping members to
credentials)
– Membership is coordinated using NR protocols executed by
coordination service
• Communication subsystem
• Trusted time-stamping service
– To verify a signing key was not compromised at time of use (evidence
generation)
e-Science Meeting March 2004
12
Virtual Organisations
• Contract Management
– Contracts as executable objects (“active contracts”)
» Declarative ways of specifying rights and obligations
» Converting declarative specifications into imperative programs
(cross-organisation ‘business processes’) that control and
coordinate multiparty interactions using trusted coordination
mechanisms
– Workflow enactment facilities for business process execution
– Contract monitoring and violation detection services
• See the poster for additional details
– Parts of workflow, contract representation, non-repudiation
subsystems have been designed and implemented (with the help of
other EPSRC, EU projects)
• Technologies will be demonstrated through the GOLD
project
– See the poster on GOLD project
e-Science Meeting March 2004
Recent Papers
•
•
•
•
•
•
C. Molina-Jimenez, S.K. Shrivastava, E. Solaiman and J. Warne, “Contract
Representation for Run-time Monitoring and Enforcement”, IEEE Conference on
Electronic Commerce (CEC’03), Newport Beach, CA, June 2003, pp. 103-110.
Paul D Ezhilchelvan and Santosh K Shrivastava, “Systematic Development of a
Family of Fair Exchange Protocols”, Seventeenth Annual IFIP WG 11.3 Working
Conference on Data and Applications Security, Estes Park, Colorado, August 2003.
Ellis Solaiman, Carlos Molina-Jimenez, and Santosh Shrivastava, “Model Checking
Correctness Properties of Electronic Contracts”, International Conference on
Service Oriented Computing 2003, LNCS 2910, pp. 303-318, 2003.
Nick Cook, Paul Robinson and Santosh Shrivastava, “Component Middleware to
Support Non-repudiable Service Interactions”, IEEE/IFIP International Conference
on Dependable Systems and Networks, DSN 04, Florence, June 2004.
Carlos Molina-Jimenez, Santosh Shrivastava, Jon Crowcroft and Panos Gevros, “On
the Monitoring of Contractual Service Level Agreements”, IEEE International
Workshop on Electronic Contracting (WEC), July 2004, San Diego.
S.J.Woodman, D.J.Palmer, S.K.Shrivastava, S.M.Wheater, “A System for Distributed
Enactment of Composite Web Services”, Forum Session at International
Conference on Service Oriented Computing 2003, Tech Report DIT 03 056,
University of Trento, Department of Information and Communication Technology
e-Science Meeting March 2004
13
Download