D5.4 Trust Tool Set

Trust Tool Set

December 2009 version (v1.0) of deliverable D5.4 (Trust Tool Set) is open to public comments, feedback and review !

All feedback welcome !

You could download it and publish comment from here:

http://www.tas3.eu/project/publications/download/wp5-trust-policy-management/TAS3_D5p4_Trust_Tool_Set_V1p0.pdf/view

(you need to login first to put a comment)

Executive Summary

The TAS3 Trust Policy Management architecture [D5.1] consists of a collection trust services with the Trust PDP providing the integration of and interface to these services. This first iteration of the implementation of this architecture consists of the trust PDP, two distinct trust services, a reputation based trust (RTM) service and a credential based trust (CTM) service, and supporting tools. This document focuses on the Trust PDP, CTM service and tools with [D5.2] describing the RTM service.
The Trust PDP is Java based accepts XACML [XACML] request context objects, evaluates trust policies embedded in XACML-style XML wrappers and returns standard XACML permit/deny responses. The Trust PDP enables the authentication/authorization framework to incorporate trustworthiness of requesters in their access decisions.
A web-service interface to the (Java based) Trust PDP is provided by integrating it in the Standalone Authorization Server software package provided by the University of Kent, guaranteeing an equal WSDL support/interpretation of the SOAP messages.
The Trust Information Access Service Provider is a helper component which offers e.g. the Service Discovery access to raw trust score information. It accepts the same requests as the Trust PDP but, in addition to a permit/deny response it also provides a trust ranking according to a specific trust metric. This allows service discovery to offer trusted services to the user sorted by their score on the trust metric.
The CTM service provides trust metric based on credential (chains). The POLIPO trust management system [TSZE09a, TSZE09b] forms the basis of this service. The service offers a SAML [SAML] compatible interface and uses SAML assertions to encode trust credentials. A credential cashe implemented in a fedora database is included in the Trust PDP.
Next iteration of the tool set are planned for project month 30 and 42. The iterations will integrate more services in the Trust PDP, update the existing services, use TAS3 technology to improve security and privacy protection offered by the Trust PDP and the trust architecture in general.

Document Actions

News: D2.3 TAS3 Lower Common Ontology May 24, 2010; D2.4 TAS3 Protocols, API, and Concrete Architecture May 24, 2010; D3.2 Open Source software and documentation May 24, 2010; D4.3 Implementation May 24, 2010; D5.2 Behavioural Trust Management Engine May 24, 2010; D5.4 Trust Tool Set May 24, 2010; D7.1 Design of Identity Management, Authentication and Authorization Infrastructure May 20, 2010; D7.2 Open Source Software and Documentation Implementing the Design May 20, 2010; D9.1 Pilots Specifications and Use Case May 20, 2010; D11.2 TAS3 web presence, community & communication May 20, 2010; More news…

Powered by Plone
Valid XHTML
Valid CSS
Section 508
WCAG