News Feed
Forgot your password?
New user?
WP5 Trust Policy Management
TAS3_D5p1 Trust Management Architecture.pdf
Trust Management Architecture Design Accepted by European Commission in June 2009. Executive Summary This document describes the Trust Policy Management architecture; its basic design, main components and the trust policy language. The Trust Policy Management architecture interfaces with the remaining TAS3 architecture by means of a Trust Policy Decision Point (Trust PDP) which adheres to a standard PDP interface. The Trust PDP makes its decision with the aid of a number of different trust services. Two trust services provide flexible trust metrics from the two existing classes of trust management systems; behavioural trust management and structural trust management. A third trust service provides a novel trust metric based on Key Performance Indicators. Main innovations are the support for different sources of trust in a single framework, improving the use of existing sources of trust and the use of novel sources of trust. The trust framework is flexible and extendable allowing trust service based on new sources of trust to be added easily. As policy language for the integrated trust framework we support four options with increasing expressiveness and corresponding complexity. In this way we allow a trade-off to be made between expressiveness and complexity which is suitable for the chosen application area. Finally we review our design based on the TAS3 requirements.
TAS3_D05p2 BTM_Engine V1p0.pdf
TAS3 D5.2 Accepted by European Commission in March 2010. Executive Summary: One approach to build user trust in service providers is behavioural trust management (BTM). Here, users give feedback on the services they have consumed. Based on this feedback, the BTM engine dynamically computes and updates the reputation of service providers. Users can define behaviour-based trust policies which refer to these reputation values in order to identify trustworthy service providers. Besides feedback provided by end-users, the trust feedback service also gathers feedback based on auditing results. In this deliverable, we define a trust policy language for behavioural trust management and describe the implementation of the BTM engine. Since trust is a very subjective issue, each user has individual policies on how to derive trust from feedback. Our trust policy language is flexible enough to support such subjective trust policies. Rather than using a fixed calculation schema, the BTM engine offers customizable calculation rules to combine feedback into reputation values. The reputation values in turn are used to identify trustworthy service providers. This approach enables users to define trust policies that meet their individual notion of trust.
TAS3_D5p4 Trust_Tool_Set V1p0.pdf
TAS3 D5.4 Accepted by European Commission in March 2010. Executive Summary: The TAS3 Trust Policy Management architecture [D5.1] consists of a collection trust services with the Trust PDP providing the integration of and interface to these services. This first iteration of the implementation of this architecture consists of the trust PDP, two distinct trust services, a reputation based trust (RTM) service and a credential based trust (CTM) service, and supporting tools. This document focuses on the Trust PDP, CTM service and tools with [D5.2] describing the RTM service. The Trust PDP is Java based accepts XACML [XACML] request context objects, evaluates trust policies embedded in XACML-style XML wrappers and returns standard XACML permit/deny responses. The Trust PDP enables the authentication/authorization framework to incorporate trustworthiness of requesters in their access decisions. A web-service interface to the (Java based) Trust PDP is provided by integrating it in the Standalone Authorization Server software package provided by the University of Kent, guaranteeing an equal WSDL support/interpretation of the SOAP messages. The Trust Information Access Service Provider is a helper component which offers e.g. the Service Discovery access to raw trust score information. It accepts the same requests as the Trust PDP but, in addition to a permit/deny response it also provides a trust ranking according to a specific trust metric. This allows service discovery to offer trusted services to the user sorted by their score on the trust metric. The CTM service provides trust metric based on credential (chains). The POLIPO trust management system [TSZE09a, TSZE09b] forms the basis of this service. The service offers a SAML [SAML] compatible interface and uses SAML assertions to encode trust credentials. A credential cashe implemented in a fedora database is included in the Trust PDP. Next iteration of the tool set are planned for project month 30 and 42. The iterations will integrate more services in the Trust PDP, update the existing services, use TAS3 technology to improve security and privacy protection offered by the Trust PDP and the trust architecture in general.
