Open Collaboration

Open Collaboration (OC)

OC Abstract

An "open environment" is an electronic domain in which multiple entities need to interact but do not necessarily have complete knowledge of each other. In this setting, OC (Open Collaboration), a tool being developed to support a variety of electronic collaboration needs, may be useful. OC is built on the open-source JXTA toolkits. Group and role information is propagated in a peer-to-peer fashion, and peers can share files to any peer who is a member of an appropriate group or role.

Introduction and Motivation

An Open Environment (OE) implies that a stranger may need to join a group collaboration where the entities are diverse and autonomous. It is important that OE provides secure data haring, access to data (or other resources), storage of data and transmission of data. Thus, an effective OE will enable secure collaboration mechanisms that permit (a) on demand formation of collaboration groups, (b) the ability for qualified strangers to join a collaboration group, (c) the ability to operate in a totally distributed setting without a central administration, and (d) guarantees of privacy and security control by the users of the collaboration system. Our system named OC, or Open Collaboration, is an open source resource sharing and collaboration system. Our approach is based on existing Automated Trust Negotiation (ATN) methods using peer-to-peer (P2P) solutions and uses configurable profiles for groups and individuals to enable privacy and security control. ATN provides the tools need to help a stranger join existing collaborations without human intervention. The fact that OC runs on P2P protocols means this system removes the need for a centralized server, and that any node can be both a resource consumer and a resource provider. OC also applies Role-Based Access Control (RBAC) on shared files, which allows for a more flexible and scalable access authorization solution than traditional Access Control List (ACL) mechanisms.

Related Work

Collaboration Systems. The work most related to OC is by Ellison and Dohrmann (Dohrmann & Ellison, 2002; Ellison & Dohrmann, 2003) and Nita-Rotaru and Li (2004). Ellison and Dohrmann presented a security architecture called NGC (Next Generation Collaboration). They gave a process requiring human and machine interaction for binding a name to a public key and used SDSI names for both groups and individuals. However, NGC's flexibility was limited by the fact that new members could only be added by invitation, and that this could only be done by a subset of the current members pre-authorized to issue invitations. This means that in general only parties known to the core users could participate. Most recently, Nita-Rotaru and Li (2004) presented a framework for role-based access control in group communication systems. They identified the set of all possible group operations that can be controlled and defined the group policy as a mapping between roles and operations using context as constraints. However, theirs is a centralized system, and it does not provide any mechanisms for allowing a stranger to join a collaboration. There are several complete systems that provide functionality similar to that of OC. Recently the commercial product Groove (www.groove.net) has provided a collaborative community for users. Users can create "workspaces" and invite people to join, after which members of the workspace can share files and manage projects together. Groove supports only three fixed roles - Manager, Participant, and Guest - and new members can join only by being invited. Groove is not a pure peer-to-peer system: it needs the help of a reply server. Open-Xchange (OX) and eGroupWare are open source collaboration packages. Both are web-based applications, and a centralized server is thus required. They do not support roles, and users can be added only by a system administrator. Role-based Trust Management. Li and Mitchell (2003) presented a role-based trust-management framework called RT. RT provides policy language, semantics, a deduction engine, and pragmatic features to address large-scale and decentralized access control and authorization problems. Automated Trust Negotiation. Winsborough et al. first introduced the notion of ATN and an architecture for managing the exchange of credentials between two strangers for the purpose of determining bilateral trustworthiness (2000). Researchers have designed ATN systems (Yu et al., 2001; Seamons et al., 2002a; Yu & Winslett, 2003; Yu et al., 2003; Bertino et al., 2004b) and addressed related privacy and security issues (Seamons et al., 2002b; Winsborough & Li, 2002a, 2002b; Yu & Winslett, 2003b; Bertino et al., 2004a). In addition, Li et al. (2003) proposed an RSA-based protocol and an ID-cryptography-based protocol to address the cyclic interdependency problem in automated trust negotiation.

Group Collaboration Mechanisms

In an open environment, any interested user may ask to join a collaboration. The traditional approach to joining a collaboration is to let a system administrator review a registration form and all qualification credentials of that user and then make an account for that user (or reject their application). This human-interactive one-way authentication is not suitable for dynamic and large-scale applications. If the applicants have questions about a group, more human intervention and delay will be introduced. OC uses the concept of automated trust negotiation to avoid this administrative overhead. ATN works as follows: an applicant sends a request to join a group to a group recruiter (which may actually be an agent, i.e. an a computer program running autonomously and without human input), and the group recruiter sends join requirements back to an applicant. The join requirements may include some attribute-based credentials (e.g. Age>18) and possibly other credentials, such as the electronic equivalent of identity or membership cards. After the applicant receives the requirements, they check their local policy pool to see where any required credentials are considered sensitive. If sensitive, they will have a release policy that protects this credential. In this case, the applicant sends back a counter-request indicating the requirements for releasing this credential. If the recruiter can satisfy the counter-request, the applicant will send the requested credentials. Once the recruiter receives and verifies those credentials, the applicant is issued a credential indicating that they are a member of the group. The entire procedure can be executed by the system automatically. In a specific OE application, a collaborative group may require that some services, e.g. public file sharing, should be open to everybody while other services, e.g. sensitive file sharing, should be open only to a qualified subset of users. In our approaches, we use role based trust management to control data access. When a user joins a group, they are automatically assigned a role, typically as a guest or junior member. If they want to obtain additional roles, they must repeat the application procedure again specifically for a desired role to get a role certificate. Different services may be protected by different policies, some of which ask the requester to present specific role certificates. When required, a user uses their role certificate to request these services, e.g. the downloading of certain files. Using a peer-to-peer approach removes the need for a centralized server. A "pure" P2P network does not have the notion of clients or servers, but only equal peer nodes that simultaneously function as both "clients" and "servers" with respect to the other nodes on the network. This model of network arrangement differs from the client-server model, where client communication is usually to and from a central server. Since in many situations in this domain each participant could be both a data provider and a data consumer (i.e., be both a server and a client), P2P meets the need of open health environment groups very well. P2P networks are also more efficient for data sharing and avoid the single point of failure problem since data are distributed among the peer nodes (if desired, with some level of redundancy).

Figure 1: OC interface.

Healthcare Applications

We define an Open Healthcare Environment as one in which multiple healthcare-related entities (such as patients, doctors, hospitals, and insurers) need to interact but do not necessarily have prior experience with each other. An open environment is "open" in the sense that there are no absolute barriers to entry: no central authority governs who can interact with whom, and environment participants are free to create, modify, and disband interactions and groups as the need arises. In this situation, entities must still typically make use of some official registrations and endorsements - as represented, for example, by government-issued credentials establishing identity or employer-created credentials attesting to a particular status at their organization - but the exact policies regarding what credentials to require for what purpose are left to the participants themselves. Consider this scenario: a group of AIDS patients intends to share information and resources within their community, so that each member can search and obtain useful content maintained by other members. Due to the sensitivity of the shared content, patients wish to authenticate each other to ensure that only designated community members will have access to this information. Moreover, AIDS patients are concerned about their privacy; they want their personal information and credentials to be revealed as minimally as possible during the authentication process. In order to achieve these objectives, OC uses automated trust negotiation to build a secure P2P content search framework for such a situation. Similar sharing-based needs might involve exchanges of data between healthcare institutions and government agencies, or between clinicians, pharmacies, and pharmaceutical manufacturers.

References

Zhengyi Le, Yi Ouyang, Yurong Xu, James Ford, and Fillia Makedon, "Preventing Unofficial Information Propagation". Proceedings of the Ninth International Conference on Information and Communication Security (ICICS 2007), LNCS, Springer, pp. 113-125, Henan, China, Dec 12-15, 2007.
Zhengyi Le, James Ford, Vangelis Karkaletsis, Vassilios Spiliopoulos Sokratis Katsikas, and Fillia Makedon, "Secure Group Collaboration in an Open Healthcare Environment". Proceedings of the Fourth Annual International Conference on Information Communication Technologies in Health (ICICTH 2006), Samos, Greece, July 13-15, 2006.
Zhengyi Le, Yi Ouyang, James Ford, and Filllia Makedon, " OC: A System for Open Collaborations". Proceedings of the First International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU 2005), in conjunction with IEEE International Conference on Pervasive Services 2005 (ICPS 2005), pp. 93-99, Santorini, Greece, July 14, 2005.
Zhengyi Le, James Ford, and Fillia Makedon, "A Platform for Data Sharing in an Open Health Environment". Proceedings of the European Federation of Medical Informatics Special Topic Conference on "Health and Medical Informatics Applications - Educational Aspects" (EFMI-STC 2005), pp. 139-142, Athens, Greece, March 19-20, 2005.
Aumuller, D., Do, H.H., Massmann, S., & Rahm, E. (2005). Schema and Ontology Matching with COMA++. In Proceedings of the International Conference on Management of Data.
Baousis, V., Zavitsanos, E., Spiliopoulos, V., Hadjiefthymiades, S., & Merakos, L. (2006). Wireless Web Services Using Agents and Ontologies. In Proceedings of ICPS'06: The IEEE International Conference on Pervasive Services. To appear.
Bertino, E., Ferrari, E., & Squicciarini, A.C. (2004a). Privacy-Preserving Trust Negotiation. In Proceedings of the 4th Workshop on Privacy Enhancing Technologies.
Bertino, E., Ferrari, E., & Squicciarini, A.C. (2004b). Trust-X: A Peer-to-Peer Framework for Trust Establishment. IEEE Trans. Knowl. Data Eng., 16, 827-842. Do, H.H. & Rahm, E. (2001). COMA - A System for Flexible Combination of Schema Matching Approaches. In Proceedings of the Very Large Data Bases Conference (pp. 610-621).
Do, H.H., Melnik, S., & Rahm, E. (2002). Comparison of Schema Matching Evaluations. In Proceedings of the Workshop on Web and Databases. Dohrmann, S. & Ellison, C. (2002). Public-key Support for Collaborative Groups. In Proceedings of the 1st Annual PKI Research Workshop (pp. 139-148).
Ellison, C. & Dohrmann, S. (2003). Public-key Support for Group Collaboration. ACM Trans. Inf. Syst. Secur., 6, 547-565.
Kalfoglou, Y. & Schorlemmer, M. (2002). Information-flow Based Ontology Mapping (Informatics report no.135). University of Edinburgh Division of Informatics.
Kalfoglou, Y., Hu, B., & Reynolds, D. (2005a). On interoperability of Ontologies for Web-based Educational Systems. In Proceedings of the Workshop on Interoperability of Web-based Educational Systems at the 14th International World Wide Web Conference.
Kalfoglou, Y., Hu, B., Reynolds, D., & Shadbolt, N. (2005b). Capturing Representing and Operationalising Semantic Integration (ECS ePrints report #10842). University of Southampton and HP Labs.
Kotis, K., Vouros, G.A., & Stergiou, K. (2006). Towards Automatic Merging of Domain Ontologies: The HCONE-merge Approach. Journal of Web Semantics.
Le, Z., Ouyang, Y., Ford, J., & Makedon, F. (2005). OC: A system for Open Collaborations. In Proceedings of the First International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (pp. 93-100). IEEE Press.
Li, N., Du, W., & Boneh, D. (2003). Oblivious Signature-based Envelope. In Proceedings of PODC '03: The 22nd Annual Symposium on Principles of Distributed Computing (pp. 182-189). ACM Press.
Li, N. & Mitchell, J.C. (2003). RT: A Role-based Trust-management Framework. In Proceedings of the Third DARPA Information Survivability Conference and Exposition (pp. 201-212). IEEE Computer Society Press.
Nita-Rotaru, C., & Li, N. (2004). A Framework for Role-Based Access Control in Group Communication Systems. In Proceedings of 2004 International Workshop on Security in Parallel and Distributed Systems.
Seamons, K.E., Winslett, M., Yu, T., Smith, B., Child, E., Jacobson, J., Mills, H., & Yu, L. (2002a). Requirements for Policy Languages for Trust Negotiation. In Proc. of the Third International Workshop on Policies for Distributed Systems and Networks (pp. 68-79).
Seamons, K.E., Winslett, M., Yu, T., Yu, L., & Jarvis, R. (2002b). Protecting Privacy during On-Line Trust Negotiation. In Proceedings of the 2nd Workshop on Privacy Enhancing Technologies (pp. 129-143).
Shvaiko, P. (2004). A Classification of Schema-based Matching Approaches. In Proceedings of the Meaning Coordination and Negotiation Workshop at the 3rd International Semantic Web Conference.
Shvaiko, P. & Euzenat, J. (2005). A Survey of Schema-based Matching Approaches. Journal on Data Semantics, IV, 146-171.
Winsborough, W.H., Seamons, K., & Jones, V. (2000). Automated Trust Negotiation. In Proceedings of the DARPA Information Survivability Conference and Exposition (pp. 88-102). IEEE Press.
Winsborough, W.H. & Li, N. (2002a). Protecting Sensitive Attributes in Automated Trust Negotiation. In Proceedings of the 2002 ACM Workshop on Privacy in the Electronic Society (pp. 41-51).
Winsborough, W.H. & Li, N. (2002b). Towards Practical Automated Trust Negotiation. In Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks (pp. 92-103).
Yu, T., Winslett, M., & Seamons, K.E. (2001). Interoperable Strategies in Automated Trust Negotiation. In Proceedings of CCS '01: The 8th ACM Conference on Computer and Communications Security (pp. 146-155). ACM Press.
Yu, T. & Winslett, M. (2003a). A Unified Scheme for Resource Protection in Automated Trust Negotiation. In Proceedings of the IEEE Symposium on Security and Privacy (pp. 110-122).
Yu, T. & Winslett, M. (2003b). Policy Migration for Sensitive Credentials in Trust Negotiation. In Proceedings of WPES '03: The 2003 ACM Workshop on Privacy in the Electronic Society (pp. 9-20). ACM Press.
Yu, T., Winslett, M., Seamons, K.E. (2003). Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies for Automated Trust Negotiation. ACM Trans. Inf. Syst. Secur., 6, 1-42.