190 likes | 486 Vues
Dynamic Virtual Organizations: Still a Chimera?. Pablo Giambiagi Security, Policies and Trust Lab (SPOT) SICS. Agenda. What is a Virtual Organization? Why VOs? The challenges of dynamic VOs Risk Management TrustCoM Framework and Architecture Discussion. Virtual Organizations.
E N D
Dynamic Virtual Organizations: Still a Chimera? Pablo GiambiagiSecurity, Policies and Trust Lab (SPOT) SICS
Agenda • What is a Virtual Organization? • Why VOs? • The challenges of dynamic VOs • Risk Management • TrustCoM Framework and Architecture • Discussion
Virtual Organizations A temporary or permanent coalition of autonomous organizations that pool resources, capabilities and information to achieve common business objectives. • Characteristics • ad-hoc partnerships • (ideally) highly dynamic • based on process integration • use IT as a means for coordination
What a VO is good for • optimize use of opportunities which derive from market and/or resources • reduce transaction costs • collectively offer services to customers that could not be provided by the individual enterprises.
How Dynamic can a VO be? • Current VOs are rather static • Dynamic VOs are hard to manage and have high risk profiles • IT, by itself, is no silver bullet • It is not enough to synchronize business processes • Keys: • self-management, to cope with complexity • risk management, so that the benefits can overcome the risks
Risk Management • Risk attenuators • Trust • Trust substitutes • SLA contracts and monitoring • Authorization policies • Accountability • Reputation Goal: strike a balance between trust and its substitutes
TrustCoM 6 industrialpartners • 6th Framework EU project • Networked Business and Government • Feb 2004 – May 2007 10 research and academic partners www.eu-trustcom.com
TrustCoM Framework • A framework for trust within a service oriented architecture • Encapsulates trust, security and contract components • Separates self-management from the application-level • Permits independent risk analysis
internet secure channel temporary secure connection Virtualized Web services
The VO Lifecycle Enterprise Network (EN) EN Creation
The VO Lifecycle A A medium low QoSA? SLAA A Yes. Cost = $ QoSA? Reputation? high Yes. Cost = $$$ Business Process BP Roles: A,B Requires: QoSA, QoSB, SecA, SecB Role A? VO Initiator EN Creation Identification Formation
The VO Lifecycle A SLAA VO SLAB Business Process BP Roles: A,B Requires: QoSA, QoSB, SecA, SecB Role B? VO Initiator EN Creation Identification Formation Operation
The VO Lifecycle A SLA Violation SLAA VO SLAB Role A? VO Initiator EN Creation Identification Formation Operation Evolution
The VO Lifecycle A VO SLA’A SLAB VO Initiator EN Creation Identification Formation Operation Evolution
The VO Lifecycle A VO SLA’A SLAB VO Initiator EN Creation Identification Formation Operation Evolution Dissolution
Application Domain Specific Services Location, Publication, Discovery Federation Business Processing VO Management Processes / Services Trust & Security services SLA services Federation Deployment Policy Common Policy Format Policy Enforcement Manageability (Monitoring, Notification, etc.) WS Foundation The TrustCoM Architecture
Status • First implementation of main services in each subsystem (Infrastructure, Policy, SLA, Trust, VO and Business Process Management) • WS-* interop profiles for the TrustCoM Framework (XACML, SAML, WSLA, WS-CDL) • Test-bed scenarios (Collaborative Engineering)
Conclusions • Risk and self-management are the key enabling factors for Dynamic VOs • Self-management is achieved using automatic monitoring and reconfiguration policies. • Riskis reduced using trust and trust substitutes (e.g. contracts, security policies and reputation measures). • TrustCoM is putting these ideas into practice.
Thank you! For more information, check poster 31 Pablo GiambiagiSecurity, Policies and Trust Lab (SPOT) SICS