Opinion - A matter of trust: enabling grid security through bilateral negotiation
(Our latest opinion piece comes from a team at the University of Westminster.)
One of the key challenges posed in Virtual Organizations (VO)-which are the core components of the grid-is establishing trust relationships between a grid service provider and a consumer.
A key aspect of a VO is the ability to provide access to computers, software, data and other resources. This sharing is highly controlled, with resource providers and consumers explicitly outlining what is shared, who is allowed to share, and the conditions under which sharing takes place. However, introducing intelligent access control decisions for large-scale open systems is a very complex task, due to a potentially limitless number of users and resources that exist in an environment with few guarantees regarding pre-existing trust relationships.
In current grid systems, the authorization policies for building trust have the problems of scalability and flexibility, due to interdependent institutions and their corresponding policies. In addition, VO authorizations lack the ability to securely negotiate suitable trust and privacy requirements.
Current grid security systems require information-such as previous transactions-in
In addition, in the current grid there is the risk of malicious users attempting to collect as much
Enter Web Service Trust Negotiation
Given the limitations of current VO authorization systems when faced with malicious parties, Shamima Paroubally (primary researcher), Dilah Miah and Zahid Khan at the University of Westminster, UK proposed a bilateral negotiation framework called Web Service Trust Negotiation (WSTN) to incrementally build trust between web services.
The idea is to develop both both simple and complex, dynamic, environmentally adaptive negotiation algorithms that negotiate a list of credentials to be exchanged between web services for secure and trustworthy service provision.
For example, when two participants negotiate over a grid service by examining the credentials of an X.509 certificate, negotiations can vary along a number of quantitative and qualitative credentials such as certificate issuer, serial number, role, the nature of the contract and type of reporting policy. In contrast, the WSTN uses algorithms that adapt to various negotiation time deadlines, taking into account the participants' first choices, reserved offers and counter-offers. It also takes the number of negotiation iterations into consideration, and determines how many concessions should be generated in a participant's counter-offer, depending on the time left. Thus, WSTN can better approach real-world human negotiation by utilizing initial offers, counter offers, acceptances and rejections instead of the outright accept/reject which is currently the norm within VOs.
Trust is a complex and subjective issue, that sometimes requires a more complex mechanism
Authorization indeed can be a simple yes or no decision based system. However, when
The system is not closed, as in identity-based systems, where the interacting participants need to have a prior relationship. Instead, it establishes trust in stages, through negotiation about which credentials need to be exchanged for building a mutual relationship between the parties. Thus, our negotiation mechanisms can help in the formation of VOs involving a number of cooperating organizations. In our case, we do not assume any prior trust or knowledge between participants, and the SLA for sharing resources can be achieved after agreeing on a list of credentials that would bring about sufficient trustworthiness for the participants.
Resource providers could accept this model because trust is iteratively built, and involves the exchange of certificates at the end. Agreement can be found, where before parties would not trust each other. It also brings in better security and prevents malicious behavior.
Related work and Further Reading:
-Dilal Miah, University of Westminster