D2.1 TAS3 Architecture v1.97 open for public review

June 2009 version (v1.97) of deliverable D2.1 (TAS3 Architecture) is open to public comments, feedback and review !

All feedback welcome ! 

You could download it and publish comment from here:

http://www.tas3.eu/project/publications/download

Architecture Executive Summary

This document contains version 1 of the TAS3 system architecture (by system architecture we mean the conceptual design that defines the structure and behaviour of a TAS3 trust network). As the Description of Work states, the TAS3 project’s main objective is to provide a next generation trust & security architecture that is ready to (1) meet the requirements of complex and highly versatile business processes, (2) enable the dynamic user-centric management of policies and (3) ensure end-to-end secure transmission of personal information and user- controlled attributes between heterogeneous, context dependent and continuously changing systems. This architecture has been designed to fulfill the above objectives through a combination of:

• providing users with the ability to meaningfully give their consent to the use of their personal information
• ensuring a complete set of audit information is recorded by a TAS3 trust network and that users have the ability to directly or indirectly see the audit information that pertains to their personal information. Note that there will not be a single central audit log. If a person needs to drill down into the distributed audit trail, he will need to be authorised and obtain sufficient permissions to access the various local audit logs in order to correlate the events and see the "big picture".
• a legal framework and set of model contracts that will contractually bind all service providers into operating in a trustworthy manner e.g. so as to honour the choices of users concerning the handling of their personal information
• a set of trusted third parties that facilitate the sharing of trust related information such as public keys, authorization attributes, and reputation information
• strong cryptographic algorithms and privacy preserving protocols
• end to end security through application layer encryption and digital signing
• sticky policies that cryptographically bind data and policies together, along with a policy enforcement infrastructure that controls access to all resources
• quality assurance and testing technology and actors to test if on-line services actually behave in compliance with their specifications.

This architecture document describes the conceptual entities that are needed and the services they should provide in order to operate a TAS3 trust network. These trust and privacy enhancing services include: authorization services, secure business process management services, delegation services, privacy preserving discovery services, identity management services, secure repository services and trust and reputation services. All of these services are usually needed regardless of the applications that might run in a TAS3 trust network. However, small centralized trust networks may be able to dispense with one or more of these trust and privacy enhancing services, e.g. discovery or delegation services, depending upon their requirements.

This architecture contains many novel features such as: a trust infrastructure based on novel metrics, actor behaviour and structural components which can be correlated together, an authorisation infrastructure which supports multiple policy languages and conflict resolution, an obligation infrastructure which enforces privacy throughout the trust network, and a distributed audit system which can be cross correlated with the necessary permissions. These are described in more detail in the specific work package deliverables.

The TAS3 architecture is designed to be standards, protocol, data and application agnostic so that any protocol capable of implementing the flows and satisfying the service requirements can potentially be used by any application. Annex A maps these services onto the latest state of the art application independent protocols as far as is currently possible. This is to ensure interworking between the prototypes that will be developed in this project. Further standardization effort will be needed in order to fully complete this mapping and this will be documented in a future version of this architecture (or in other TAS3 deliverables).

Annex B shows an example deployment architecture that maximizes a service’s availability and is resilient to both system and network failures including denial of service attacks.

Annex C states the compliance requirements for participants in a TAS3 trust network. Legal, policy and technical compliance requirements are covered.

Annex D provides a set of use cases which allows the reader to see how an end user might use the services of a TAS3 trust network.

Annex E contains the first version of a business model that could be used to successfully operate a TAS3 trust network

Annex F summarizes the threats that the TAS3 architecture is designed to protect against

Annex G lists the events that should be captured in the secure audit trails of a TAS3 trust network

Annex H gives some example protocol messages based on the mapping provided in Annex A

Annex I provides a glossary of terms

Scope.

The TAS3 project has a narrower scope than the architecture that is documented here. This is natural as the novel research contributions of TAS3 are being made only in some areas of the architecture. However the full architecture needs to be documented as this will be needed both to successfully test the research results and to provide a production service. We present a comprehensive architecture that addresses actual use cases end-to-end, rather than simply an architecture of the services that are within the scope of our research.