The availability and adoption of open protocols allow applications to integrate Web services offered by different providers. Moreover, simple services can be dynamically composed to accomplish more complex tasks. This implies the delegation of both tasks and permissions. In fact, delegation is intertwined with some notion of risk, on the one hand, and trust, on the other hand. Well founded socio-cognitive models of trust may orient managers and system administrators to delegate tasks and goals to the most trusted entities, after conscious evaluation of risks and gains associated with the decision. This chapter presents different mechanisms and models that have been proposed for establishing secure delegations in open environments. They include Role-Based Access Control, Trust Management, and Federated Identity. Complex frameworks and live systems have been realized according to these models. However, their administration remain a challenging task. Ongoing research works in various fields, such as Automated Trust Negotiation, promise to simplify the practical realization and configuration of delegation-based systems.
Top1. Introduction
The adoption of a Service-Oriented Architecture based on Web services has definitely many benefits, above all from the point of view of interoperability among diverse systems. Web services offer a paradigm based on self-contained components, with a public description of their interface. Thus, modular applications can be developed on the basis of services hosted on the Internet and invoked though open standard protocols. This way, it is possible to select and compose services at runtime, crossing boundaries among underlying technologies and among organizations. Consequently, the number of platforms hosting and providing open services is growing, together with the number of systems developed through the composition of simpler services. Through service composition, applications can combine simpler services together in order to provide a certain useful functionality, even if no single Web service can satisfy the functionality by itself.
This trend has triggered several initiatives, platforms and languages to simplify the integration of existing heterogeneous systems. Despite all the efforts, however, the realization of service composition through manual configuration is still a challenging task, for both systems developers and system administrators.
The service composition problem becomes more complex when the use of workflows involves many layers of services. In this scenario, at each level an agent is responsible for managing its workflow. It can possibly subdivide its complex task into sub-tasks and set up a negotiation process with some agents responsible for the execution of simpler Web services. From the perspective of this example, two main abstract roles can be distinguished: the Service Manager and the Workflow Manager. In a typical peer-to-peer architecture, each agent can play different roles at different times. Each Service Manager is associated to one or more Web services and is responsible for the interaction with them. The Workflow Manager has the goal of supporting its user in the process of building a workflow, composing external Web services and monitoring their execution. The Workflow Manager assumes the role of the delegate agent in a delegation protocol.
However, the dynamic composition of services provided by many different sources can be a cumbersome task. Therefore, the aid of software tools is critical for building composite Web services. Efforts for realizing automated or semi-automated workflow composition have been conducted in different branches of artificial intelligence, including planning and theorem proving. Those efforts generally assume that the description of each Web service includes its preconditions and postconditions. Thus, it is theoretically possible to compose a number of services, in such a way to satisfy the final user's own constraints and goals. Being the service descriptions public, this process of dynamic composition of services can also be automated, even without a precise preconfigured workflow. Preconditions play the role of local constraints for the planning process.
It's easy to see that the problem of service composition in dynamic and open environments is quite complex. However, matching explicit preconditions and effects may represent only a part of the problem. Particular attention has also to be devolved to the management of delegation chains and underlying trust relations, which often remain implicit. In fact, apart from the formal correspondence of preconditions and effects with final requirements, it is important to acknowledge the aspects of security and trust. In the end, the delegation of tasks and goals cannot come into effect unless it is associated with a corresponding delegation of privileges, for accessing needed resources and completing assigned tasks.
This chapter describes the advantages and issues related to the use of delegation in the composition of Web services. The “Background” section starts with a brief description of protocols for REST-style and SOAP-style Web services. Though they provide mechanisms for service composition, some analysis is always required for determining trust relations, which need to be at the basis of delegation decisions. For managers and system administrators, it is important to delegate tasks and goals to trusted partners, evaluating risks and gains of each decision. Socio-cognitive models of trust can be used to better evaluate and construct such relations.
The following section deals with “Delegation Models and Systems”. It describes the main models of integration of security policies and mechanisms defined in different domains, including Role Based Access Control, Trust Management and Federated Identity. Then some major systems based on delegation of access rights are discussed. A case study is presented in greater detail, regarding the development of a delegation library for Web services.