- Email: [email protected]
Web Services Specific Security Standards
Available online at www.sciencedirect.com
ScienceDirect Procedia Economics and Finance 16 (2014) 597 – 602
21st International Economic Conference 2014, IECS 2014, 16-17 May 2014, Sibiu, Romania
Web Services Specific Security Standards Marian Pompiliu Cristescu a,*, Eduard Alexandru Stoica a, Laurenìiu Vasile Ciovicăb a
Lucian Blaga University of Sibiu, Faculty of Economic Sciences, 17 Dumbrăvii Avenue, Sibiu 550324, Romania b Academia de Studii Economice din Bucureè ti, Piaì a Romană 6, Bucureè ti 010374, Romania
Abstract In this paper are described the aspects regarding the security within OGSA framework, introducing WS-Security standard – OASIS standard for Web Services security. There are approached the security aspects of the OGSA environment for the delivered architectures P2P – ‘Peer-to-Peer’ and there are presented the recent initiatives for creating a specific and adapted environment OGSA for the applications P2P and the specific security demands of these transactions. Furthermore, there are exposed aspects regarding the mobility of services and resources in the P2P context, with the conditions of applying WSRF framework, derived from OGSA to the P2P environments, SOA processes in P2P environments and the specific relations created, OGSA-P2P and WSRFP2P. © 2014 2014 The The Authors. Authors.Published Publishedby byElsevier ElsevierB.V. B.V.This is an open access article under the CC BY-NC-ND license © (http://creativecommons.org/licenses/by-nc-nd/3.0/). Selection and/or peer-review under responsibility of Scientific Committee of IECS 2014. Selection and/or peer-review under responsibility of Scientific Committe of IECS 2014 Keywords: Grid architectures; Web services; mobile environments; security software; mobile agents.
1. Introduction The platform of Grid open architecture oriented services– OGSA was created from the common vision of Globus and IBM to converge Web Services technologies with Grid computational technologies. OGSA adopts the services oriented architecture (SOA) to expose the Grid functionalities as collections of software elements oriented for services. OGSA provides a set of extensible services which virtual organizations can aggregate in various ways, offering a holistic vision on Grid technologies and incorporating the open standards benefits (including W3C). The authors of OGSA architecture mention the fact that the vision was that of transforming the Grid in a “extensible set
* Corresponding author. E-mail address: [email protected] (M.P. Cristescu), [email protected] (E.A. Stoica), [email protected] (L.Ciovică)
2212-5671 © 2014 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/3.0/). Selection and/or peer-review under responsibility of Scientific Committe of IECS 2014 doi:10.1016/S2212-5671(14)00846-6
598
Marian Pompiliu Cristescu et al. / Procedia Economics and Finance 16 (2014) 597 – 602
of Grid services that can be aggregated in various ways for responding the necessities of every VO, which in turn can be partially defined through the services that they operate and share” [RHTK06]. OGSA abstracts all resources as Grid Services, that can be computers, software, data, etc., so that OGSA services are adopted to represent the computational and storage resources, networks, programs, data bases, etc. . Grid Services are expanding the Web Services through adding some elements that are frequently demanded by the distributed applications. Grid Services are characterized by the “status”, more precisely they are services with status, unlike Web Services that are not characterized by the “status”, and more precisely they are services without status. OGSA added the concept of “status” for Web Services to allow control of the service from the distance during its lifetime. A Grid Service therefore represents a Web Service that offers a set of well-defined interfaces projected for a series of basic functions (discovering services, dynamic creation of services, lifespan administration, notification and administration capacity) and it follows a series of specific conventions that are addressing to naming the services and their upgrade. 2. Passing from OGSI specification to WSRF From the platform of architecture OGSA resulted, so far, two sets of specifications: OGSI and WSRF. In the first two years from the conceiving the OGSA platform, the first set of specifications defined the open infrastructure for Web Services through OGSI standard (Open Grid Services Infrastructure), which extended the Web Services to create Grid Services and it defined the necessary extensions for WSDL in order to represent and make possible Web Services characterized through status. OGSI specification has modeled the resources that are characterized through status as Web Services which supports ‘GridService portType’ as an extension of ‘WSDL portType’. OGSI defines a component-model using WSDL in the extended form and definitions of XML schemes. OGSI was, first of all, addressed for creating, addressing, investigating and administrating the lifetime of Grid Services characterized through status, additionally defining mechanisms for the asynchronous notifications of status change.
Specific domain services
Program execution
Data Services
Basic services OGSI – migreted at WSRF Web Services Figure 1. OGSA architecture: the OGSI level assures the infrastructure for OGSA services exposure
OGSI approach was disapproved by the Web Services community for several reasons, but, firstly, because the new Grid Services were not in conformity with the Web Services standards. OGSI used techniques that were outside the purpose of the current Web Services standards and tools, and, furthermore, it duplicates parallel developments within the Web Services community. Therefore OGSI was afterwards replaced by a new specification named WSFR (Web Services Resource Framework) integrated in Globus Toolkit that is addressing to those aspects that initially conducted to criticism from the Web Services community. WSFR platform solved identity problems by subdividing the OGSI specification in six distinct domains and by conforming to current standards. The initial specifications were named “the instable specifications of Grid Computing technology known by the name of OGSI, which were afterwards redesigned as WSRRF” [RIPA05b].
Marian Pompiliu Cristescu et al. / Procedia Economics and Finance 16 (2014) 597 – 602
2.1 OGSA architecture OGSA uses WSDL for describing Grid Services. OGSI specification provided standard interference that allows services to function based on OGSA, while OGSA created the foundation for these specifications. On the first level, Web Service frame allows that XML messages to be sent between the distributed processes. At the next level, OGSA infrastructure is built on top of Web services in order to make possible the behavior characterized through status, necessary for a Grid service that, initially was introduced by OGSI, but, afterwards was specified by WSFR. The three middle levels of architecture are passing through a process of standardization. Globus services do not significantly modify if they are built on OGSI or WSFR base, but, their external representation is modified. The most advanced services are built on the basis of these basic services for exposing increased functionalities. At the top level of architecture lies the service of specific domain: these specific services can be dedicated to solving one particular problem, or they can represent some common functionality for a subset of the application domains [RIPA05a]. OGSA proposes several new portTypes WSDL that can be used for accessing additional functionalities that were implemented by the OGSI specification through a number of WSDL extensions wearing a series of functionalities (Grid Service Description & Interfaces, Service Data, Naming & Name Resolution, Service Life Cycle, Fault Type, Service Groups). 2.2 WSRF vs. OGSI On January 20, 2004 Working Group consists of Akamai, Globus Alliance, HP, IBM and Sonic Software announced new specifications for Web service that integrates Grid and Web services standards [RITL06] OGSI architecture redesigning and reorganizing the infrastructure is proposed: (i) Web Services Resource Framework (WSRF) and (ii) Web Services Notification (WS-Notification). The four main issues raised by the old OGSI specification [RIPA05b] subsequently resolved WSRF specifications are as follows: x "too much in one specification": OGSI specification has defined a number of areas of functionality in a single specification. Subsequently, the WSRF specifications have been divided into a set of five specifications which, together with the specification WSNotification formed a set of specifications which covers six different areas; x "Incompatibility with Web Services and XML Tooling"; x "too much object-oriented": In OGSI, a Grid service is a Web service that encapsulates the state of resources states are coupled services and resources - while WSRF resource availability status and state are separate, decoupled; x "based on WSDL 2.0": OGSI specification was based promised WSDL 2.0 specification, which caused compatibility problems with existing Web services tools. New WSRF specifications are fully compliant with WSDL 1.0. 3. OGSA security. WS Security as OASIS Standard OASIS specification for Web Services security has been approved as OASIS Standard [TSWH05]. The road to building security standard for Web Services was initiated by IBM and Microsoft in 2002, and the specification was submitted to OASIS for further developments in June 2002. Other security-related specifications published by the Consortium WWW (World Wide Web) and the Liberty Alliance to ensure interoperability. Efforts were headed in the same direction and organization for standards WS-I (Web Services Interoperability) for publishing a guide for implementing security standards to ensure interoperability and to incorporate the WS-Security standard "profile" Security WS-I [RTOR07]. Once the WS-Security specifications have been ratified as an industry standard and published, it became possible to incorporate support for these specifications in commercial products and security software. This paved the way for widespread use of Web Services protocols in commercial applications. WS-Security was designed to be used in a wide range of security products like XML firewall's products based on Web Services management and network security products. When WS-Security standard is implemented for commercial Web applications, these applications must be able to share information on network access, for example, authentication data of a person's identity when connecting to
599
600
Marian Pompiliu Cristescu et al. / Procedia Economics and Finance 16 (2014) 597 – 602
multiple networks simultaneously or send data between two applications in a secure way, or to share information and access privileges between applications. This factor stimulated the adoption of Web services transactions between partners using the Internet to share corporate data. Commercial companies are generally reluctant to a complete migration of applications to new Web Services standards without implementation of sustainable and interoperable security systems; based on accepted industry standards WS-Security and SAML (Security Assertion Markup Language), companies are able to securely implement WS technologies and expose Web services. 3.1 Web Services security Web services security specifications (WS-Security) addresses the following issues: • web services security policies; • standard formats for the exchange of security tokens; • standard methods of Authentication and establishing security contexts and relationships of trust; • mechanisms and procedures for translation / correlation / mapping the information and confidence of users in different domains, which are provided Authentication and Authorization information provided by the suppliers of resources or services in other domains; • standard mechanisms for specifying and managing access policies (Access Policies). All these specifications can be exploited to implement standard methods, interoperable, in the Grid Security infrastructures. Delegation mechanisms are defined to support interactions between users and resources at the Virtual Organization level (VO) using the SAML standard and possible extensions of this standard created to delegation [WANG05]. In any case, to be applied in a real scenario, the specifications usually require some extensions to address and meet the requirements of each project and each individual security implementations in hand. 4. Environmental security issues OGSA for P2P architectures Recent initiatives to create an environment OGSA for P2P applications consider the particular requirements posed by the specific properties of P2P networks, as compared to traditional server-based Grid, and the differences between Grid computing systems and P2P systems. There were identified a series of issues that demonstrate significant and therefore the new set of requirements for environmental integration OGSA addresses each of these areas, including security aspects. The new recommendations for OGSA architecture according to P2P application requirements have been published by research group GGF OGSAP2P [TSWH05], in order to support P2P community in an effort to determine how Grid computing protocols focused on Web services and OGSA architecture platform can be used to create P2P applications, and how P2P applications can be integrated in a more traditional environment such as computational Grid HPC. This research initiative came as a result of the growing interest of increased P2P technologies and Grid community understanding of the need to approach the OGSA standard and in relation to P2P paradigm. The arguments which sustain the idea of creating a synergy between P2P systems and Grind Computing refer to both implied aspects – the one of applications and the one of technologies. • the P2P applications access “Peer” resources which are considered important resources for Grid Computing infrastructures; • the P2P technologies can sustain the creation of certain complex Grid systems, of great length and high performance. On the other hand, there are some areas that show significant differences between the two system types, because of the fact that P2P systems presents very different proprieties compared to the traditional Grid systems which are based on servers. In consequence it is necessary that the P2P applications to have different capabilities in this infrastructure. The new set of OGSA requirements take in account the following general domains in which Grid and P2P technologies differ significantly, which leads to certain particularities for the P2P systems. • scalability; • connectivity; • dynamical discovery and distribution; • security; • resources availability and errors/fails management;
Marian Pompiliu Cristescu et al. / Procedia Economics and Finance 16 (2014) 597 – 602
• location identification; • group support. P2P systems present a set of unique security criteria because the P2P systems, traditionally, respond easier to some trust issues than Grid ones based on servers. The trust aspects which must, consequently, be taken in consideration are: • Trust in identity • Trust in resources • Trust in data In a server based environment, there is the presumption of trust in the administrator’s actions and the presumption of trust between administrative domains, and also in some powerful trust identities of username/host – the host machine certificate is valid and certain, the users that have been validated before the emission of user certificates, and the functions of the software system is publicized. Conclusions The specific challenge of implementing a P2P system consists of the fact that none of these presumptions will stay valid in P2P environments. In the environments, alternative mechanisms are implemented and developed for security assurance, including systems based on “community trust” as an example the marking system with scores or notes of the user, replication systems and verification systems. The major differences in security level come from the different functions of the two system types and different purposes for which there are built (which in a certain way are opposite) and in consequence it becomes very difficult the reconciliation of the two environments: Grid systems based on servers are focalized, especially, on functions of the type of accounting and auditing system usage, while some P2P systems are focalized on anonymity assurance and user secrecy. Acknowledgment This work was supported by the strategic grant POSDRU/159/1.5/S/133255, Project ID 133255 (2014), cofinanced by the European Social Fund within the Sectorial Operational Program Human Resources Development 2007-2013. References [BGKS02] - Brookshier D, Govoni D., Krishnan N., Soto J. C., „JXTA: Java P2P Programming”, Sams Publishing, March, 2002; [DGST08] - Deelman E., Gannon D., Shields M., Taylor I. J., „Workflows for e-Science: An overview of workflow system features and capabilities”, in Journal of Future Generation Computer System, July 2008; [FKNT02] - Foster I., Kesselman C., Nick J., Tuecke S., „The physiology of the grid: An open grid services architecture for distributed systems integration”, Open Grid Service Infrastructure WG, Global Grid Forum, June, 2002; [RHTK06] – Riposan A., Harrison A., Taylor I., Kelley I., Mieilica E., „Mobile peer-to-grid architecture for paramedical emergency operations”, in Challenges and Opportunities of HealthGrids, Proceedings of HealthGrid 2006, IOS Press, Valencia, Spain, June, 6-9, 2006; [RIPA05a] – Riposan A., Patriciu V., „Mobile grid infrastructure, a proposal for a MTA integrated project”, in Modern Technologies in the XXI Century, Bucharest, Romania, November 2005; [RIPA05b] – Riposan A., Patriciu V., „Grimi, grid-enabled research infrastructure for medical imaging”, in Modern Technologies in the XXI Century, Bucharest, Romania, November 2005; [RITL06] – Riposan A, Taylor I., Legre Y., “Identifying mobile grid scenarios for medical imaging applications”, in MIE 2006, Poster Session Decision Support, Knowledge Representation and Management, Maastricht, The Hague, August 28-30, 2006; [RTOC07] - Riposan A., Taylor I., Owens D. R., Conley E. C., “A new paradigm in biomedical data discovery and multimodal workflows”, in IJCCC journal, Proceedings of EMMIT 2007 (Euro-Mediterranean Medical Informatics and Telemedicine), Mangalia, Romania, May 3-5, 2007. www.emmit2007.net; [RTOR07] – Riposan A., Taylor I., Owens D. R., Rana O., Conley E. C., „Alchemist multimodal workflows for diabetic retinopathy research, disease prevention and investigational drug discovery”, in Stud Health Technol Inform. 2007, Proceedings of HealthGrid 2007, IOS Press, Geneva, Switzerland, April 24-27, 2007, http://geneva2007.healthgrid.org; [TDGS07] – Taylor J., Deelman E., Gannon D., Shields M., „Workflows for e-Science. Scientific Workflows for Grids”, Springer, 2007; [TSWH05] – Taylor I. J., Shields M., Wang I., Harrison A., „Visual Grid Workflow in Triana”, Journal of Grid Computing, (3(3-4)):153–169, September 2005; [WANG05] - Wang I. – „P2PS (Peer-to-Peer Simplified)”, in Proceedings of 13th Annual Mardi Gras Conference - Frontiers of Grid Applications and Technologies, pag. 54–59, Louisiana State University, February 2005; [WILS02] - Wilson B. J., „JXTA”, New Riders Publishing, June, 2002;
601
602
Marian Pompiliu Cristescu et al. / Procedia Economics and Finance 16 (2014) 597 – 602
[WWWW**] - The AKOGRIMO Integrated Project, See http://www.akogrimo.org;
ScienceDirect Procedia Economics and Finance 16 (2014) 597 – 602
21st International Economic Conference 2014, IECS 2014, 16-17 May 2014, Sibiu, Romania
Web Services Specific Security Standards Marian Pompiliu Cristescu a,*, Eduard Alexandru Stoica a, Laurenìiu Vasile Ciovicăb a
Lucian Blaga University of Sibiu, Faculty of Economic Sciences, 17 Dumbrăvii Avenue, Sibiu 550324, Romania b Academia de Studii Economice din Bucureè ti, Piaì a Romană 6, Bucureè ti 010374, Romania
Abstract In this paper are described the aspects regarding the security within OGSA framework, introducing WS-Security standard – OASIS standard for Web Services security. There are approached the security aspects of the OGSA environment for the delivered architectures P2P – ‘Peer-to-Peer’ and there are presented the recent initiatives for creating a specific and adapted environment OGSA for the applications P2P and the specific security demands of these transactions. Furthermore, there are exposed aspects regarding the mobility of services and resources in the P2P context, with the conditions of applying WSRF framework, derived from OGSA to the P2P environments, SOA processes in P2P environments and the specific relations created, OGSA-P2P and WSRFP2P. © 2014 2014 The The Authors. Authors.Published Publishedby byElsevier ElsevierB.V. B.V.This is an open access article under the CC BY-NC-ND license © (http://creativecommons.org/licenses/by-nc-nd/3.0/). Selection and/or peer-review under responsibility of Scientific Committee of IECS 2014. Selection and/or peer-review under responsibility of Scientific Committe of IECS 2014 Keywords: Grid architectures; Web services; mobile environments; security software; mobile agents.
1. Introduction The platform of Grid open architecture oriented services– OGSA was created from the common vision of Globus and IBM to converge Web Services technologies with Grid computational technologies. OGSA adopts the services oriented architecture (SOA) to expose the Grid functionalities as collections of software elements oriented for services. OGSA provides a set of extensible services which virtual organizations can aggregate in various ways, offering a holistic vision on Grid technologies and incorporating the open standards benefits (including W3C). The authors of OGSA architecture mention the fact that the vision was that of transforming the Grid in a “extensible set
* Corresponding author. E-mail address: [email protected] (M.P. Cristescu), [email protected] (E.A. Stoica), [email protected] (L.Ciovică)
2212-5671 © 2014 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/3.0/). Selection and/or peer-review under responsibility of Scientific Committe of IECS 2014 doi:10.1016/S2212-5671(14)00846-6
598
Marian Pompiliu Cristescu et al. / Procedia Economics and Finance 16 (2014) 597 – 602
of Grid services that can be aggregated in various ways for responding the necessities of every VO, which in turn can be partially defined through the services that they operate and share” [RHTK06]. OGSA abstracts all resources as Grid Services, that can be computers, software, data, etc., so that OGSA services are adopted to represent the computational and storage resources, networks, programs, data bases, etc. . Grid Services are expanding the Web Services through adding some elements that are frequently demanded by the distributed applications. Grid Services are characterized by the “status”, more precisely they are services with status, unlike Web Services that are not characterized by the “status”, and more precisely they are services without status. OGSA added the concept of “status” for Web Services to allow control of the service from the distance during its lifetime. A Grid Service therefore represents a Web Service that offers a set of well-defined interfaces projected for a series of basic functions (discovering services, dynamic creation of services, lifespan administration, notification and administration capacity) and it follows a series of specific conventions that are addressing to naming the services and their upgrade. 2. Passing from OGSI specification to WSRF From the platform of architecture OGSA resulted, so far, two sets of specifications: OGSI and WSRF. In the first two years from the conceiving the OGSA platform, the first set of specifications defined the open infrastructure for Web Services through OGSI standard (Open Grid Services Infrastructure), which extended the Web Services to create Grid Services and it defined the necessary extensions for WSDL in order to represent and make possible Web Services characterized through status. OGSI specification has modeled the resources that are characterized through status as Web Services which supports ‘GridService portType’ as an extension of ‘WSDL portType’. OGSI defines a component-model using WSDL in the extended form and definitions of XML schemes. OGSI was, first of all, addressed for creating, addressing, investigating and administrating the lifetime of Grid Services characterized through status, additionally defining mechanisms for the asynchronous notifications of status change.
Specific domain services
Program execution
Data Services
Basic services OGSI – migreted at WSRF Web Services Figure 1. OGSA architecture: the OGSI level assures the infrastructure for OGSA services exposure
OGSI approach was disapproved by the Web Services community for several reasons, but, firstly, because the new Grid Services were not in conformity with the Web Services standards. OGSI used techniques that were outside the purpose of the current Web Services standards and tools, and, furthermore, it duplicates parallel developments within the Web Services community. Therefore OGSI was afterwards replaced by a new specification named WSFR (Web Services Resource Framework) integrated in Globus Toolkit that is addressing to those aspects that initially conducted to criticism from the Web Services community. WSFR platform solved identity problems by subdividing the OGSI specification in six distinct domains and by conforming to current standards. The initial specifications were named “the instable specifications of Grid Computing technology known by the name of OGSI, which were afterwards redesigned as WSRRF” [RIPA05b].
Marian Pompiliu Cristescu et al. / Procedia Economics and Finance 16 (2014) 597 – 602
2.1 OGSA architecture OGSA uses WSDL for describing Grid Services. OGSI specification provided standard interference that allows services to function based on OGSA, while OGSA created the foundation for these specifications. On the first level, Web Service frame allows that XML messages to be sent between the distributed processes. At the next level, OGSA infrastructure is built on top of Web services in order to make possible the behavior characterized through status, necessary for a Grid service that, initially was introduced by OGSI, but, afterwards was specified by WSFR. The three middle levels of architecture are passing through a process of standardization. Globus services do not significantly modify if they are built on OGSI or WSFR base, but, their external representation is modified. The most advanced services are built on the basis of these basic services for exposing increased functionalities. At the top level of architecture lies the service of specific domain: these specific services can be dedicated to solving one particular problem, or they can represent some common functionality for a subset of the application domains [RIPA05a]. OGSA proposes several new portTypes WSDL that can be used for accessing additional functionalities that were implemented by the OGSI specification through a number of WSDL extensions wearing a series of functionalities (Grid Service Description & Interfaces, Service Data, Naming & Name Resolution, Service Life Cycle, Fault Type, Service Groups). 2.2 WSRF vs. OGSI On January 20, 2004 Working Group consists of Akamai, Globus Alliance, HP, IBM and Sonic Software announced new specifications for Web service that integrates Grid and Web services standards [RITL06] OGSI architecture redesigning and reorganizing the infrastructure is proposed: (i) Web Services Resource Framework (WSRF) and (ii) Web Services Notification (WS-Notification). The four main issues raised by the old OGSI specification [RIPA05b] subsequently resolved WSRF specifications are as follows: x "too much in one specification": OGSI specification has defined a number of areas of functionality in a single specification. Subsequently, the WSRF specifications have been divided into a set of five specifications which, together with the specification WSNotification formed a set of specifications which covers six different areas; x "Incompatibility with Web Services and XML Tooling"; x "too much object-oriented": In OGSI, a Grid service is a Web service that encapsulates the state of resources states are coupled services and resources - while WSRF resource availability status and state are separate, decoupled; x "based on WSDL 2.0": OGSI specification was based promised WSDL 2.0 specification, which caused compatibility problems with existing Web services tools. New WSRF specifications are fully compliant with WSDL 1.0. 3. OGSA security. WS Security as OASIS Standard OASIS specification for Web Services security has been approved as OASIS Standard [TSWH05]. The road to building security standard for Web Services was initiated by IBM and Microsoft in 2002, and the specification was submitted to OASIS for further developments in June 2002. Other security-related specifications published by the Consortium WWW (World Wide Web) and the Liberty Alliance to ensure interoperability. Efforts were headed in the same direction and organization for standards WS-I (Web Services Interoperability) for publishing a guide for implementing security standards to ensure interoperability and to incorporate the WS-Security standard "profile" Security WS-I [RTOR07]. Once the WS-Security specifications have been ratified as an industry standard and published, it became possible to incorporate support for these specifications in commercial products and security software. This paved the way for widespread use of Web Services protocols in commercial applications. WS-Security was designed to be used in a wide range of security products like XML firewall's products based on Web Services management and network security products. When WS-Security standard is implemented for commercial Web applications, these applications must be able to share information on network access, for example, authentication data of a person's identity when connecting to
599
600
Marian Pompiliu Cristescu et al. / Procedia Economics and Finance 16 (2014) 597 – 602
multiple networks simultaneously or send data between two applications in a secure way, or to share information and access privileges between applications. This factor stimulated the adoption of Web services transactions between partners using the Internet to share corporate data. Commercial companies are generally reluctant to a complete migration of applications to new Web Services standards without implementation of sustainable and interoperable security systems; based on accepted industry standards WS-Security and SAML (Security Assertion Markup Language), companies are able to securely implement WS technologies and expose Web services. 3.1 Web Services security Web services security specifications (WS-Security) addresses the following issues: • web services security policies; • standard formats for the exchange of security tokens; • standard methods of Authentication and establishing security contexts and relationships of trust; • mechanisms and procedures for translation / correlation / mapping the information and confidence of users in different domains, which are provided Authentication and Authorization information provided by the suppliers of resources or services in other domains; • standard mechanisms for specifying and managing access policies (Access Policies). All these specifications can be exploited to implement standard methods, interoperable, in the Grid Security infrastructures. Delegation mechanisms are defined to support interactions between users and resources at the Virtual Organization level (VO) using the SAML standard and possible extensions of this standard created to delegation [WANG05]. In any case, to be applied in a real scenario, the specifications usually require some extensions to address and meet the requirements of each project and each individual security implementations in hand. 4. Environmental security issues OGSA for P2P architectures Recent initiatives to create an environment OGSA for P2P applications consider the particular requirements posed by the specific properties of P2P networks, as compared to traditional server-based Grid, and the differences between Grid computing systems and P2P systems. There were identified a series of issues that demonstrate significant and therefore the new set of requirements for environmental integration OGSA addresses each of these areas, including security aspects. The new recommendations for OGSA architecture according to P2P application requirements have been published by research group GGF OGSAP2P [TSWH05], in order to support P2P community in an effort to determine how Grid computing protocols focused on Web services and OGSA architecture platform can be used to create P2P applications, and how P2P applications can be integrated in a more traditional environment such as computational Grid HPC. This research initiative came as a result of the growing interest of increased P2P technologies and Grid community understanding of the need to approach the OGSA standard and in relation to P2P paradigm. The arguments which sustain the idea of creating a synergy between P2P systems and Grind Computing refer to both implied aspects – the one of applications and the one of technologies. • the P2P applications access “Peer” resources which are considered important resources for Grid Computing infrastructures; • the P2P technologies can sustain the creation of certain complex Grid systems, of great length and high performance. On the other hand, there are some areas that show significant differences between the two system types, because of the fact that P2P systems presents very different proprieties compared to the traditional Grid systems which are based on servers. In consequence it is necessary that the P2P applications to have different capabilities in this infrastructure. The new set of OGSA requirements take in account the following general domains in which Grid and P2P technologies differ significantly, which leads to certain particularities for the P2P systems. • scalability; • connectivity; • dynamical discovery and distribution; • security; • resources availability and errors/fails management;
Marian Pompiliu Cristescu et al. / Procedia Economics and Finance 16 (2014) 597 – 602
• location identification; • group support. P2P systems present a set of unique security criteria because the P2P systems, traditionally, respond easier to some trust issues than Grid ones based on servers. The trust aspects which must, consequently, be taken in consideration are: • Trust in identity • Trust in resources • Trust in data In a server based environment, there is the presumption of trust in the administrator’s actions and the presumption of trust between administrative domains, and also in some powerful trust identities of username/host – the host machine certificate is valid and certain, the users that have been validated before the emission of user certificates, and the functions of the software system is publicized. Conclusions The specific challenge of implementing a P2P system consists of the fact that none of these presumptions will stay valid in P2P environments. In the environments, alternative mechanisms are implemented and developed for security assurance, including systems based on “community trust” as an example the marking system with scores or notes of the user, replication systems and verification systems. The major differences in security level come from the different functions of the two system types and different purposes for which there are built (which in a certain way are opposite) and in consequence it becomes very difficult the reconciliation of the two environments: Grid systems based on servers are focalized, especially, on functions of the type of accounting and auditing system usage, while some P2P systems are focalized on anonymity assurance and user secrecy. Acknowledgment This work was supported by the strategic grant POSDRU/159/1.5/S/133255, Project ID 133255 (2014), cofinanced by the European Social Fund within the Sectorial Operational Program Human Resources Development 2007-2013. References [BGKS02] - Brookshier D, Govoni D., Krishnan N., Soto J. C., „JXTA: Java P2P Programming”, Sams Publishing, March, 2002; [DGST08] - Deelman E., Gannon D., Shields M., Taylor I. J., „Workflows for e-Science: An overview of workflow system features and capabilities”, in Journal of Future Generation Computer System, July 2008; [FKNT02] - Foster I., Kesselman C., Nick J., Tuecke S., „The physiology of the grid: An open grid services architecture for distributed systems integration”, Open Grid Service Infrastructure WG, Global Grid Forum, June, 2002; [RHTK06] – Riposan A., Harrison A., Taylor I., Kelley I., Mieilica E., „Mobile peer-to-grid architecture for paramedical emergency operations”, in Challenges and Opportunities of HealthGrids, Proceedings of HealthGrid 2006, IOS Press, Valencia, Spain, June, 6-9, 2006; [RIPA05a] – Riposan A., Patriciu V., „Mobile grid infrastructure, a proposal for a MTA integrated project”, in Modern Technologies in the XXI Century, Bucharest, Romania, November 2005; [RIPA05b] – Riposan A., Patriciu V., „Grimi, grid-enabled research infrastructure for medical imaging”, in Modern Technologies in the XXI Century, Bucharest, Romania, November 2005; [RITL06] – Riposan A, Taylor I., Legre Y., “Identifying mobile grid scenarios for medical imaging applications”, in MIE 2006, Poster Session Decision Support, Knowledge Representation and Management, Maastricht, The Hague, August 28-30, 2006; [RTOC07] - Riposan A., Taylor I., Owens D. R., Conley E. C., “A new paradigm in biomedical data discovery and multimodal workflows”, in IJCCC journal, Proceedings of EMMIT 2007 (Euro-Mediterranean Medical Informatics and Telemedicine), Mangalia, Romania, May 3-5, 2007. www.emmit2007.net; [RTOR07] – Riposan A., Taylor I., Owens D. R., Rana O., Conley E. C., „Alchemist multimodal workflows for diabetic retinopathy research, disease prevention and investigational drug discovery”, in Stud Health Technol Inform. 2007, Proceedings of HealthGrid 2007, IOS Press, Geneva, Switzerland, April 24-27, 2007, http://geneva2007.healthgrid.org; [TDGS07] – Taylor J., Deelman E., Gannon D., Shields M., „Workflows for e-Science. Scientific Workflows for Grids”, Springer, 2007; [TSWH05] – Taylor I. J., Shields M., Wang I., Harrison A., „Visual Grid Workflow in Triana”, Journal of Grid Computing, (3(3-4)):153–169, September 2005; [WANG05] - Wang I. – „P2PS (Peer-to-Peer Simplified)”, in Proceedings of 13th Annual Mardi Gras Conference - Frontiers of Grid Applications and Technologies, pag. 54–59, Louisiana State University, February 2005; [WILS02] - Wilson B. J., „JXTA”, New Riders Publishing, June, 2002;
601
602
Marian Pompiliu Cristescu et al. / Procedia Economics and Finance 16 (2014) 597 – 602
[WWWW**] - The AKOGRIMO Integrated Project, See http://www.akogrimo.org;