Information Technology Reference
In-Depth Information
Figure 12.3 proposes a zoom on the security infrastructure being used in the proposed
architecture as illustrated in figure 12.2. This figure abstracts away the organisa-
tions which offer the services. Figure 12.3 clearly shows that the SOI-SMG is the
underlying VAS to the B2B security gateway mentioned in section 12.2.1.1. Once
correctly configured on a per-service, per-context basis, it integrates several value-
adding security services namely the identity broker (SOI-STS) and the authorization
service (SOI-AuthZ-PDP) to protect service invocations from Andago's services
to Sunny's services where the game instances are being executed. In particular the
SOI-SMG at Andago will check that the initial request comes from a valid user who
is authorized to proceed with such a request. This involves checking for the identity
of the requestor, checking whether they are a member of the current collaboration,
and checking whether there is an existing identity mapping definition for that partic-
ular identity. If so, Andago's SOI-STS delivers a virtual identity token which is
then used for authentication by Sunny where the token is validated and checked for
identity claims that describe the initial requestor and which can be used for access
control decisions at Sunny's SOI-AuthZ-PDP. Details of this interaction are further
explained in section 12.2.2 as well as in Brossard et al. (2008) and Dimitrakos et al.
(2009b). This service-oriented model brings context-aware, content-aware security
to the application layer and as such brings flexibility and enables dynamic service
composition models.
12.2.1.4 The SLA Value-Adding Services
The SLA value-adding services consider two well differentiated phases: firstly, the
advertisement and discovery of the Business Service / SLA Contract and, secondly,
the monitoring and evaluation of its fulfilment at run-time. In the experiment
the L&D subsystem extends the classical Universal Description, Discovery and
Integration (UDDI) directory functionalities in two areas:
• It allows the publication of business services against the directory through an
automatic mechanism.
• It allows the classification of business on the basis of metadata that describes
QoS information contained in the associated SLA pre-contract.
In the gaming scenario, when a Game Provider deploys a new game, he also
publishes an SLA Template (or SLA pre-contract) associated to that game with
specific QoS that should be guaranteed. These QoS parameters cover infrastruc-
ture, performance and network parameters, such as CPU use, latency or memory,
which will be called low level (LL) parameters. The game provider then defines an
XML-based mapping policy which maps the LL-QoS into high level (HL), human
understandable, QoS parameters.
At search time when the on-line game (OLG) clients (Gamers) want to look
for a service (game), the “human understandable” HL QoS parameters are speci-
fied as search criteria: e.g. Graphic Resolution or Available Resources. Using the
mapping capability provided by the VHE the L&D, the Service Directory is queried
for potential Service Providers that are able to offer the most suitable service to
