Managing trust in Active XML

Active XML combines XML data and service calls to allow a simple and powerful Web services implementation. Security in Active XML is currently handled by matching the structure of the received data with an XML schema representing the allowed data (including service calls). This solution is not fully satisfactory in case of an open environment where the services do not often know or trust each other. Moreover, the strength of Active XML lies in its simple and dynamic structure, and the modified XML schemas used for security matching can quickly limit the allowed services, or give too much freedom to services that should not be trusted. Given that the result of an Active XML service call is some Active XML data (that may include more service calls), Active XML data is recursive, thus involving more security concerns. We propose a new framework based on the notion of Trust (Trusted Active XML) for handling security in Active XML. In this framework, "trusted" services' answers are not restricted to a specific data schema, while "untrusted" ones are prevented from performing some unwanted operations.

[1]  Daniela Florescu,et al.  XL: a platform for web services , 2002, SIGMOD '02.

[2]  Michael Clifford,et al.  Networking in the Solar Trust Model: determining optimal trust paths in a decentralized trust network , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[3]  Martin Naedele Standards for XML and Web Services Security , 2003, Computer.

[4]  Giuseppe Castagna,et al.  CDuce: an XML-centric general-purpose language , 2003, ACM SIGPLAN Notices.

[5]  Matt Bishop,et al.  The Solar Trust Model: authentication without limitation , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[6]  Rino Falcone,et al.  Trust, Reputation, and Security: Theories and Practice , 2003, Lecture Notes in Computer Science.

[7]  Giuseppe Castagna,et al.  CDuce: an XML-centric general-purpose language , 2003, ICFP '03.

[8]  Jerry R. Hobbs,et al.  DAML-S: Web Service Description for the Semantic Web , 2002, SEMWEB.

[9]  Hilarie K. Orman,et al.  Hidden Credentials , 2003, WPES '03.

[10]  Rudolf Schmid,et al.  Organization for the advancement of structured information standards , 2002 .

[11]  Anneli Folkesson,et al.  World Wide Web Consortium (W3C) , 2005 .

[12]  Serge Abiteboul,et al.  Active XML and Active Query Answers , 2004, FQAS.

[13]  Catholijn M. Jonker,et al.  Formal Analysis of Models for the Dynamics of Trust Based on Experiences , 1999, MAAMAW.

[14]  Serge Abiteboul,et al.  Exchanging intensional XML data , 2003, TODS.

[15]  Steffen Staab,et al.  Web Services: Been There, Done That? , 2003, IEEE Intell. Syst..

[16]  Rino Falcone,et al.  A Fuzzy Approach to a Belief-Based Trust Computation , 2002, Trust, Reputation, and Security.

[17]  Marianne Winslett,et al.  Negotiating Trust on the Web , 2002, IEEE Internet Comput..

[18]  Ioana Manolescu,et al.  Lazy query evaluation for Active XML , 2004, SIGMOD '04.

[19]  Kent E. Seamons,et al.  Trust Negotiation in Electronic Markets , 2001 .

[20]  Shige Peng UDDI Technical White Paper , 2000 .