L3S Overview Visit in Sweden

1
Towards the Trust Negotiation Vision the Protune
Policy Language Juri L. De Coi Alma Mater
Studiorum Università di Bologna and L3S
Leibniz Universität Hannover Bologna, Italy,
08-11-2007
2
Outline

• Historical background 1
• from uid/pwd authentication to Trust Negotiation
• Conceptual space 3
• Trust Negotiation in a nutshell
• The Protune policy language 6
• how it works and how it runs
• Conclusions and further work 2, 4, 5

3
Policy languages

• represent a user-level approach to security

4
In more secure environments credentials may be
used instead of uid/pwd pairs
5
Identity-based authentication

• each user has a set of rights
• a table maps users to rights
• Drawbacks
• users have to be known in advance Þ
• not suitable for an open environment

Table
User1
Right1
...
...
Userm
Rightn
6
Role-based authentication

• each role has a set of rights
• some mechanism is used to map
• users to roles
• roles to rights
• Drawback
• do we really need two steps?

Cassandra RT TPL
User1
Right1
Role1
...
...
...
Userm
Righto
Rolen
Ponder
7
Last-generation policy languages
EPAL KAoS Rei WSPL XACML

• Mapping user/right is based on
• users properties
• rights properties
• properties of the resources the right acts upon
• environmental properties (e.g., time)
• Drawback
• only one actor can state conditions

User1
Right1
...
...
Userm
Rightn
8
Trust Negotiation

• Both actors want to successfully terminate the
  negotiation
• Since they do not trust each other, this is not
  always the case

PeerTrust Protune PSPL
9
Conceptual space (I)

• Actors (only two per negotiation)
• concurrent negotiations possible
• nested negotiations possible
• Actions
• not only credential delivery
• Policy
• a number of policy languages have been proposed
  to date

10
Conceptual space (II)

• How to tell the other peer
• the actions it has to perform?
• Filtered policy
• state-of-the-art solution
• support to privacy issues
• the actions it requested for have been performed?
• Notification
• not needed for credential delivery

11
Conceptual space (III)

• Action Selection Function
• allows automatic selection of alternatives
• support to user preferences
• Termination Algorithm
• ensures that the negotiation does not get looped
• must recognize when further negotiation steps do
  not carry further information

12
Protune Introduction

• Logic Programming-based language

A holds if (B11 Ù ... Ù B1n) Ú ... Ú (Bm1 Ù ... Ù
Bmn) hold
A B11, ..., B1n. ... A Bm1, ..., Bmn.
13
Protune How it deals with actions

• Actions are represented as predicates
• Metaattribute type

Action1 Action2.
can be executed
has been executed
if
A B1, B2. Atypestate. B1typeprovisional. B2
type state.
14
Protune How it deals with filtering

• Metaattribute sensitivity

A B1, B2. B1. B2. B1typestate. B1sensitivity
public. B2typestate. B2 sensitivityprivate.
15
Negotiation algorithm (I)

• add(rfp, s)
• add(rn, s)
• Action la extractLocalActions(g, lp, s)
• while(la.length ! 0)
• Notification ln perform(la)
• add(ln, s)
• la extractLocalActions(g, lp, s)
• if(isUnlocked(g, lp, s))
• send(SUCCESS, oa)
• return
• if(terminate(s, ta))
• send(FAILURE, oa)
• return
• ...

Add received message
Handle local actions
Check negotiation goal
Check termination algorithm
16
Negotiation algorithm (II)

• ...
• Action ea extractExternalActions(g, lp, s)
• Action ua
• for each action in ea
• if(isUnlocked(action, lp, s)) add(action, ua)
• Action aa selectActions(asf, ua, s)
• Notification sn perform(aa)
• FilteredPolicy sfp filter(g, lp, s)
• add(sfp, s)
• add(sn, s)
• send(sfp, oa)
• send(sn, oa)

Handle (external) actions
Filtering
Add sent message
17
Conclusions and further work

• Protune is coming soon
• A first release will be available at the end of
  November 2007
• Applications have already been developed
• To eLearning scenarios
• To access control in RDF and Metadata stores
• Further applications will follow
• To ubiquitous computing scenarios
• Support to (controlled) natural language policies

18
References

• J. L. De Coi and D. Olmedilla. A Review of the
  State-of-the-art in Policy Languages. Submitted
  to ASIACCS08.
• J. L. De Coi, P. Kärger, A. W. Koesling and D.
  Olmedilla. Exploiting Policies in an Open
  Infrastructure for Lifelong Learning. EC-TEL07.
• J. L. De Coi and D. Olmedilla. A Flexible
  Policy-Driven Trust Negotiation Model. IAT07.
• J. L. De Coi, E. Ioannou, A. Koesling, W. Nejdl,
  and D. Olmedilla. Access Control System for
  Resource Sharing between Semantic Desktops.
  PEAS07.
• F. Abel, J. L. De Coi, N. Henze, A. W. Koesling,
  D. Krause, D. Olmedilla. Applying Policies to RDF
  Queries. SWC07.
• P. A. Bonatti and D. Olmedilla. Driving and
  Monitoring Provisional Trust Negotiation with
  Metapolicies. POLICY05.

19
Thanks!

• Questions?
• decoi_at_L3S.de