WS-Trustworthy: A Framework for Web Services Centered Trustworthy Computing Jia Zhang Liang-Jie Zhang Jen-Yao Chung Department of Computer Science IBM T.J. Watson Research IBM T.J. Watson Research Northern Illinois University Chicago, IL 60115 Yorktown Heights, NY 10598 Yorktown Heights, NY 10598 jiazhang@cs.niu.edu zhanglj@us.ibm.com jychung@us.ibm.com Abstract The emerging paradigm of Web services has been gaining significant momentum in the recent years since it offers a promising way to facilitate Business-to-Business (B2B) collaboration. However, it is not clear that this new model of Web services provides any measurable increase in computing trustworthiness. In this paper we propose a generic framework to control the trustworthiness of computing in the domain of Web services. A layered model is established to highlight four key elements: resources, policies, validation processes, and management. The robustness of this model exhibits its flexibility and extensibility. Examples utilizing our framework are reported. 1. Introduction On January 15, 2002, Bill Gates delivered a company wide email that coined a concept known as “Trustworthy Computing” [5]: “…Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services and telephony….” As Bill Gates billing it as the highest priority to the entire Microsoft workforce [5], this concept of trustworthy computing has been significantly changing the way that Microsoft designs and builds software [12]. Moreover, this concept has been leading the whole IT industry to a complete new level of trustworthiness in computing. As Microsoft’s follow-up white paper indicates, the concept of trustworthy computing has been bringing a “sea change” not only in the way how software is developed and delivered, but also in the way how the whole society views computing in general [7]. Since we are still at the infant stage of this new revolution, enormous amount of research issues, either immediate or fundamental, are open for resolutions. Our research is initiated and excited by this challenge. This research focuses upon trustworthy computing in the domain of Web services. The emerging paradigm of Web services has been obtaining significant momentum in both academia and industry in recent years. Simply put, a Web service is a programmable Web application that is universally accessible through standard Internet protocols [4], such as Simple Object Access Protocol (SOAP) [10]. By means of each organization exposing its software services on the Internet and making them accessible via standard programmatic interfaces, this model of Web services offers a promising way to facilitate Business-to- Business (B2B) collaboration. In addition, Web services technology largely increases cross-language and cross- platform interoperability of distributed computing [4]. Furthermore, this paradigm of Web services opens a new cost-effective way of engineering software to quickly develop and deploy Web applications by dynamically integrating other independently published Web services components to conduct new business transactions. However, it is not clear that this new model of Web services provides any measurable increase in computing trustworthiness. Among other aspects, the essential feature of “dynamic discovery and integration” of Web services model raises new challenges to software trustworthiness. In a traditional software system, all of its components and their relationships are pre-decided before the software runs. Therefore, each component can be thoroughly tested, and the interactions among components can be fully tested, before the system starts to run. Web services extend this paradigm by providing a more flexible approach to dynamically locate and assemble distributed Web services in an Internet-scale setting. In detail, when a system requires a service component, the system will search a public registry [11] where Web services providers publish their services, choose the optimal Web service that fulfils its requirements, bind to the service’s Web site, and invocate the service. In other words, in this dynamic invocation model, it is likely that users may not even know which Web services they will use [6], much less those Web services’ trustworthiness. Even worse, since a Web service is potentially a dynamic entity controlled and hosted by its provider, there are no guarantees that the code underlying the Web service is not being updated; therefore, the inherent trustworthiness of the Web service may be varied with time. In summary, the flexibility of Web services-centered Proceedings of the 2004 IEEE International Conference on Services Computing (SCC’04) 0-7695-2225-4/04 $ 20.00 IEEE