Abstract | ||
---|---|---|
Service-oriented architecture (SOA) and Software as a Service (SaaS) are the latest hot topics to software manufacturing and
delivering, and attempt to provide a dynamic cross-organisational business integration solution. In a dynamic cross-organisational
collaboration environment, services involved in a business process are generally provided by different organisations, and
lack supports of common security mechanisms and centralized management middleware. On such occasions, services may have to
achieve middleware functionalities and achieve business objectives in a pure peer-to-peer fashion. As the participating services
involved in a business process may be selected and combined at run time, a participating service may have to collaborate with
multiple participating services which it has no pre-existing knowledge in prior. This introduces some new challenges to traditional
trust management mechanisms. Automated Trust Negotiation (ATN) is a practical approach which helps to generate mutual trust
relationship for collaborating principals which may have no pre-existing knowledge about each other without in a peer-to-peer
way. Because credentials often contain sensitive attributes, ATN defines an iterative and bilateral negotiation process for
credentials exchange and specifies security policies that regulate the disclosure of sensitive credentials. Credentials disclosure
in the iterative process may follow different orders and combinations, each of which forms a credential chain. It is practically
desirable to identify the optimal credential chain that satisfies certain objectives such as minimum release of sensitive
information and minimum performance penalty. In this paper we present a heuristic and context-aware algorithm for identifying
the optimal chain that uses context-related knowledge to minimize 1) the release of sensitive information including both credentials
and policies and 2) the cost of credentials retrieving. Moreover, our solution offers a hierarchical method for protecting
sensitive policies and provides a risk-based strategy for handling credential circular dependency. We have implemented the
ATN mechanisms based on our algorithm and incorporated them into the CROWN Grid middleware. Experimental results demonstrate
their performance-related advantages over other existing solutions. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1007/s12083-009-0029-7 | Peer-to-Peer Networking and Applications |
Keywords | DocType | Volume |
Peer-to-peer access control,Credential,Privacy preservation,Security policy,Trust establishment | Journal | 2 |
Issue | ISSN | Citations |
2 | 19366450 | 5 |
PageRank | References | Authors |
0.48 | 14 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Jianxin Li | 1 | 725 | 92.14 |
Dacheng Zhang | 2 | 32 | 12.02 |
Jinpeng Huai | 3 | 1187 | 130.18 |
Jie Xu | 4 | 355 | 31.55 |