A PRACTICAL EXAMPLE OF EMERGING SOLUTION GUIDELINES: THE S-MIDAS FRAMEWORK

Secure-MIDAS (S-MIDAS) is our original proposal of secure discovery and access control, which exploits semantic-based context descriptions for collaborative services in wireless enterprise networks. S-MIDAS extends the work presented in Ref. [28] with support for access control during service discovery. In particular, as shown in Figure 6.2, S-MIDAS provides mobile enterprise users with personalized views on available services according to their professional interests, device capabilities, and supported security features. Thus, it is a useful tool for enterprises to protect sensi- tive business information by limiting the visibility of resources/services to only authorized users. The S-MIDAS key feature is its context-aware approach to the modeling of both service profi les and access control policies. In particular, S-MIDAS relies on context-aware mobile proxies acting on the fi xed network on behalf of (and locally to) mobile users: proxies can follow users’ movements across different wire- less networks by dynamically migrating over the wired network. In addition, S-MIDAS adopts semantic-based context/policy descriptions to provide expressive representation and reasoning over service capabilities and access control policies. Here, we rapidly present the primary characteristics of the S-MIDAS framework as a practical exemplifi cation of the emerging trend for novel enterprise middleware based on semantic technologies, context awareness, and the design/implementation guideline of mobile proxy exploitation.

THE S-MIDAS METADATA MODEL

The S-MIDAS discovery identifi es users, devices, and services as the key entities. Services are “black boxes” encapsulating physical/logical resources and providing

the functions to operate on them. Users are the principals that can provide/request services via possibly heterogeneous devices. To support secure and context-aware discovery, S-MIDAS adopts semantic-based metadata: profi les for properties and characteristics of involved entities, and policies to specify conditions to access ser- vices not only during service delivery, but also during discovery. Profi les have a modular structure including different parts, each one grouping metadata with a com- mon logical meaning and comprising static or dynamic data. In particular, profi les include three common key parts for context-aware semantic discovery: identifi ca- tion, requirements, and capabilities (other profi le parts, such as binding metadata [28], are out of the central scope of this chapter). The identifi cation part provides information to name users/devices/services and to identify their location, together with security-related authentication credentials, such as security certifi cates. Capa- bilities defi ne S-MIDAS entity abilities: user capabilities include native languages, enterprise roles, and implemented security features, such as support for encryption mechanisms; device capabilities represent technical characteristics, supported func- tions, and resource state, such as Bluetooth connectivity, secure socket layer support, and battery level; service capabilities describe provided functions and how they are achieved, for example, supported interfaces, communication protocols, and security mechanisms. Finally, the requirements part describes entity desiderata: user require- ments express interests/preferences and user-specifi ed conditions to respect during discovery, including security mechanisms such as encryption to support confi denti- ality and integrity; device requirements specify technical conditions that must hold

Device properties

Security features

Place &

time _{User context}

Enterprise administrative domains Wireless enterprise network domains Personalized service view Enterprise services

Service access control

Business role

FIGURE 6.2 S-MIDAS personalized service view based on user context and service access control.

for the device to properly access services; service requirements describe conditions that clients should satisfy.

A particular kind of service requirement is represented by access control policies, which defi ne the conditions under which a service can be included in the service view of a user based on his/her context. Based on our previous work [43], we associate a context with each resource to be controlled, which represents all and only those conditions enabling access to that resource. Access control policies defi ne for each context how to operate on the associated resources. In particular, entities can perform only those actions that are associated with the contexts currently in effect, that is, the contexts whose defi ning conditions match the operating conditions of the requesting entity, requested resource, and current environment. Recalling the example described at the beginning of this chapter, each company manager could defi ne a policy for his/ her resources stating that access is granted to those who are currently located in the same room where the resource owner is located, if they actually participate in the activity/project relating to the meeting, as long as current time corresponds to the time scheduled for the meeting. As long as the consultants make this context active by participating to the meeting, they would automatically view the needed resources stored on the managers’ portable devices. People who do not take part in the meeting cannot even see those resources in their service view, thus preserving confi dentiality and protecting possibly sensitive business information. Let us note that the defi nition of such a context-aware policy might be fully compatible with existing corporate poli- cies, by appropriately setting priorities among policies.

We adopt a semantic-based approach to metadata specifi cation. In particular, both profi les and policies are represented as ontologies. As for profi les, we have defi ned a base capability ontology, which has been extended with different application-specifi c ontologies based on the UNSPSC (United Nations Standard Products and Services Code Standard) taxonomy, such as the Management and Business Professionals and Administrative Services (http://unspsc.org/). We have also defi ned a base context and policy ontology to express access control policies, and extended it with an ontology specifi c to the spontaneous collaboration scenario; all our ontologies* _{are modeled in} OWL-DL.

In this section, we provide a brief overview of the S-MIDAS middleware archi- tecture. A more extensive description, together with detailed implementation insights, is in Refs. [28,43]. S-MIDAS provides various middleware services organized into two different logical sets. The discovery management set provides the needed func- tionalities to support service discovery and selection based on user context informa- tion and access control requirements. In particular, it includes graphic tools for the specifi cation, modifi cation, checking for correctness, parsing, and installation of profi les and policies. In addition, S-MIDAS supports the creation of user contexts at the beginning of a discovery session, the monitoring of changes in both created user contexts, for example, in user profi les, and in relevant external environment condi- tions, for example, the addition of new services in other user contexts. Moreover, it is in charge of support management functions such as the notifi cation of changes to

* _{Our ontologies and additional implementation details are freely available at: http://www.lia.deis.unibo.}

interested entities and the associated updates of involved user contexts. Based on these functions, S-MIDAS provides mobile users with advanced discovery functions to determine personalized service views based on the semantic matching between user/device/service requirements and capabilities, and automatically updates these views when relevant changes occur in the considered user context.

The confi guration management set provides the needed facilities to allow each portable device to have S-MIDAS discovery facilities confi gured and properly exe- cuting, either on-board or on the proxy node. In particular, the main support element is the user proxy (UP), an application-independent middleware component that rep- resents a portable device on the fi xed network. S-MIDAS associates one UP with each portable device. UP covers various management roles, including retrieving the profi les of its companion user/device and coordinating with discovery management services during a discovery session. In addition, based on the device profi le, UP decides where to allocate the various discovery management services, either com- pletely/partially on board of its companion device, or executing on the fi xed network, or remotely on other trusted mobile devices. In the case of rich devices, UP runs management functions and instantiates all discovery management services on-board. Having completely on-board discovery facilities allows to better preserve user privacy since requirements/capabilities and personalized service views are locally stored. In addition, on-board reasoning may be useful in case the user’s device expe- riences frequent disconnections or poor bandwidth connectivity. On the contrary, in the case of resource-constrained devices, UP behavior is a trade-off between techni- cal device characteristics and privacy needs. In particular, UP decides whether to perform its management operations on-board or remotely, and which discovery management services to instantiate on the portable device, based on profi le data such as CPU, memory size, and battery level.

LESSONS LEARNED, EMERGING TRENDS,