Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Posecco cluster meeting
1. PoSecCo: modelling services
for the Future Internet
Antonio Lioy
Politecnico di Torino
<lioy@polito.it>
Amsterdam - July 4-5, 2011
2. Posecco scenario: Future Internet seen
from a Service Provider (SP)
security reqs security reqs from
from customers SP-customers laws and regulations
security reqs
Provider
Service
sec reqs Service Service Service service from suppliers
from mgmt
application application
application
application application
DB DB
Supplier
Supplier
SP-staff system system system
network
2
4. What to model?
companies run business processes/services
the interesting ones are the ones implemented using IT resources
SP main goal? reducing costs
infrastructure
re-use existing services
avoid re-implementing a service for each customer
… if the policy allows it
implementation and maintenance
integrated policy refinement using the “policy chain”
… with a higher level of security
PoSecCo aims at supporting SPs with models and tools
4
5. Main requirements …
business services (BS) can be implemented by a number of
different IT services (i.e., abstract service profiles)
several customers can buy the same BS and every customer may
use one or more instances of an IT service
IT service = components + choreography
IT services interact with other IT services or use other IT services
as sub-components
every IT service may have different instantiations
using different physical or virtual resources (running services) and sub-
services
running services can execute several components of the same IT service
running services can execute several components from different IT
services
SP can outsource (sub-)services, applications, or HW (hosting
providers)
5
6. A quick look at Posecco meta-models
Services Policies
Business policy
Business meta-model meta-model
IT policy (access control,
IT service meta-model confidentiality, filtering, …)
configurations for policy
Infrastructure meta-model enabled security elements
6
7. A quick look at Posecco meta-models
current service
meta-model
Services
Business meta-model
IT service meta-model
Infrastructure meta-model
7
9. Some more details: the concepts
business business business
institutions
service process information
service hosting
customers
providers providers
IT Resource IT service IT service
Links Data
model interface model
IT resource
IT resource IT service
interface
channel node
IT resource interface
physical virtual
node node
9
10. Business layer: business services
business services (BS) are structured in processes
terminology from TUe and not in contrast with BPMN
BS are not necessarily the ones implemented using IT technologies
implemented by a number of different IT services (i.e., abstract service
profiles)
10
business processes (BP) may be structured in hierarchies and may depend on other
BPs
11. Business layer: institutions
BP customers
several customers can buy the same BS and every customer may use one or
more instances of an IT service
service providers (SP) and their relationships: SPs buying services from other SPs
hosting providers 11
12. Business layer: business info
very abstract concepts to be further instantiated and adapted
roles
not the same as the standard “access control role”, described in the IT policy
meta-model
more abstract, associated to company-dependent functions 12
13. IT layer: the service models
IT service model: abstract definition corresponding to the interface it exposes
IT services interact with other IT services or use them as sub-components
IT service models are described by
components: IT resources (the Applications)
choreography: a link connects a resource to an interface
IT resource is an abstract definition of the component/application
web server, FTP server, Invoice application, EDI, …
every IT service may have different implementations
using different physical or virtual resources (running services) and sub-services13
14. IT layer: data
first class entities in the access control meta-model
need to be customized in the model
according to customer and SP needs
14
15. Catalog: what an SP sells
used to enumerate all the service models sold by a SP
Crossgate requirement: modern way of managing It services
instead of defining a general service model with configurable parameters
(e.g., communication protocols, web server types) good for academia
e.g., if the SP sells two versions of the “invoicing BS”, one allowing
access to the front end using SFTP and one HTTPS, the catalog will
include two instances of ITServiceProfile
15
16. Infrastructure layer: running services
every IT service model may be implemented
using different physical or virtual resources (running services) and sub-services
to re-use components and save time and money:…
running services can execute several components of the same IT service
running services can execute several components from different IT services
e.g., web servers running front ends, DBs 16
17. Infrastructure layer: the landscape
virtual and physical nodes connected through interfaces
located somewhere (for dependability and risk analysis purposes)
full topology information may be described
according to the required level of details
PoSecCo uses full topology view for the configuration generation
e.g., to configure all the firewalls and VPN terminators in the landscape 17
18. The PoSecCo ontology(ies)
business meta-model
business ontology (?)
IT layer meta-model
IT layer ontology
infrastructure meta-model
infrastructure ontology
extend concepts in meta-models with a
semantically richer tool
use the “inclusion” and “equivalence”
features to link the separated ontologies
18
19. Tools and formats
meta-models as standard UML class diagrams
from meta-models to models
constrain the model derivation process to avoid integration issues
XML representation in the PoSecCo repository
meta-models
models
instances
…ongoing effort
ontologies represented in OWL
19
20. PoSecCo and EffectPlus
PoSecCo will provide:
meta-models for services in a SP-oriented scenario
layered architecture: business, IT and infrastructure
full details in a document that will come soon
inputs:
test your service description with our model and provide us the missing
requirements
e.g., more info on service virtualization
collaboration:
a service modelling working group?
common output:
unified meta-model for Future Internet
… agreed and adopted by all the EffectPlus partners (at least)
20
22. Disclaimer
EU Disclaimer
PoSecCo project (project no. 257129) is partially supported/co-funded by the European
Community/ European Union/EU under the Information and Communication Technologies (ICT)
theme of the 7th Framework Programme for R&D (FP7).
This document does not represent the opinion of the European Community, and the European
Community is not responsible for any use that might be made of its content.
PoSecCo Disclaimer
The information in this document is provided "as is", and no guarantee or warranty is given that
the information is fit for any particular purpose. The above referenced consortium members shall
have no liability for damages of any kind including without limitation direct, special, indirect, or
consequential damages that may result from the use of these materials subject to any liability
which is mandatory due to applicable law.
22