We use proprietary and third party's cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
FIWARE.OpenSpecification.Security.Optional Security Enablers.SecureStorageService - FIWARE Forge Wiki

FIWARE.OpenSpecification.Security.Optional Security Enablers.SecureStorageService

From FIWARE Forge Wiki

Jump to: navigation, search
Name FIWARE.OpenSpecification.Security.SecureStorageService
Chapter Security,
Catalogue-Link to Implementation [N/A ]
Owner Thales, Lucie Gaspard

Contents

Preface

Within this document you find a self-contained open specification of a FIWARE generic enabler, please consult as well the FIWARE Product Vision, the website on http://www.fiware.org and similar pages in order to understand the complete context of the FIWARE platform.

Copyright

Copyright © 2012-2013 by Thales

Legal Notice

Please check the following Legal Notice to understand the rights to use these specifications.




Overview

The Secure Storage Service provides a storage for labelled (i.e. XML DSIG protected) data. It comes with an application-level filter which authorizes read access in function of the identity of the authenticated requester (for example, a service provider) and in function of the sensitivity of the data.

File:block_diagram_sss.jpg


Glossary

SSS Secure Storage Service

SP Service Provider

Basic Concepts

The data is labelled before being stored, i.e. it is previously protected by its owner. Once the data are stored by SSS, it can be accessed only by trusted service providers (SP) selected and authorized by the User owning the data. A trusted service is a service which is authenticated by a certificate which has been delivered by a dedicated Certification Authority.

Main Interactions

The interactions between the SSS and a user or a SP are made through Web Services developed with the RESTful technology. The user needs to connect through a web page which downloads an signed applet on the secured Web Desk. This applet labellizes the data and sends it to the SSS via the WS available. The SP, authenticated and authorized, accesses the data in the SSS via the WS available.


Sequence diagram : Saving data

File:sequence_diagram_sss_subscription.jpg


Sequence diagram : Retreiving data

File:sequence_diagram_sss_access.jpg

Basic Design Principles

The functions (WS) available for the data owners are:

  • Registration to the service
  • Data injection
  • Data update
  • Data access
  • Data deactivation
  • Access to the list of authorized SPs


The functions (WS) available for the service providers:

  • Data request


NB :

  • These functions are defined according to European rules : 95/46/CE, 2002/58/CE, COM(2010) 609

Re-utilised Technologies/Specifications

The Repository GE is based on SOAP/WSDL Design Principles. The technologies and specifications used in this GE are:

  • RESTful web services
  • HTTP/1.1
  • XML and XML DSig data serialization formats


Terms and definitions

This section comprises a summary of terms and definitions introduced during the previous sections. It intends to establish a vocabulary that will be help to carry out discussions internally and with third parties (e.g., Use Case projects in the EU FP7 Future Internet PPP). For a summary of terms and definitions managed at overall FI-WARE level, please refer to FIWARE Global Terms and Definitions


  • SSS: Secure Storage Service, the service provided to store securely data.
  • Credentials: A credential is an attestation of qualification, competence, or authority issued to an individual by a third party with a relevant de jure or de facto authority or assumed competence to do so. In this document, we define digital credentials to be lists of attribute-value statements certified by an Issuer. Here we abstract from the concrete mechanism (cryptographic or other) by which the authenticity of the attribute values can be verified. We do not impose any restrictions on which attributes can be contained in a credential, but typically these either describe the identity of the credential's owner or the authority assigned to her.
  • Data: Data means any information stored by a user.
  • SP: Service Provider, any authorized ans authentified service needing some of the data stored.
  • WSDL: Web Services Description Language, an XML-based language that is used for describing the functionality offered by a Web service. A WSDL description of a web service (also referred to as a WSDL file) provides a machine-readable description of how the service can be called, what parameters it expects, and what data structures it returns..
  • Applet: any small application that performs one specific task that runs within the scope of a larger program, often as a plug-in. An applet typically also refers to Java applets, i.e., programs written in the Java programming language that are included in a web page.
Personal tools
Create a book