An architecture for certification-aware service discovery

Abstract

Service-orientation is an emerging paradigm for building complex systems based on loosely coupled components, deployed and consumed over the network. Despite the original intent of the paradigm, its current instantiations are limited to a single trust domain (e.g., a single organization) One of the main reasons for this is the trust gap that normally arises when software services, offered by previously unknown providers, are to be selected at run-time, without any human intervention. The idea of machine-readable security certificates (called asserts) paves the way to automated reasoning about security properties of services. Similarly to current security certification schemes, the assessment of the security properties of a service is delegated to an independent third party (certification authority), who issues a corresponding assert, bound to the service. Building on the assert concept, this paper describes our proposal for a modular architecture to realise a certification-aware service discovery framework. The architecture supports the discovery of single services based on certified security properties, as well as the dynamic synthesis of service compositions that satisfy the required security properties.