Abstract
Digital economy is moving towards offering advanced business services, integrated into different applications and consumed from heterogeneous devices. Considering the success of actual software marketplaces, it is possible to foresee that Service Marketplaces (SM) will play a key role for the future Internet of Services. At present, on all offered software, marketplace operators define requirements that are common, and are validated before admitting them. However, the requirements, the validation process, and its results are not completely evident to the service consumers, resulting in a significant shortcoming especially with respect to security characteristics. In addition, having common security requirements for all services and applications makes the validation possibly inadequate to address the specific requirements that consumers may have.
In order to address these points, we propose the concept of a trustworthy service marketplace for the upcoming Internet of Services, where the security characteristics of services are certified and treated as first-class entities, represented in a machine-processable format. This allows service consumers – either human end-users or computer agents – to reason about these security features and to match them with their specific security requirements.
Chapter PDF
Similar content being viewed by others
References
Amazon. Kindle, http://www.amazon.com/kindle-store-ebooks-newspapers-blogs
Anisetti, M., Ardagna, C.A., Guida, F., Gürgens, S., Lotz, V., Maña, A., Pandolfo, C., Pazzaglia, J.-C.R., Pujol, G., Spanoudakis, G.: ASSERT4SOA: Toward Security Certification of Service-Oriented Applications. In: Meersman, R., Dillon, T., Herrero, P. (eds.) OTM 2010. LNCS, vol. 6428, pp. 38–40. Springer, Heidelberg (2010)
Apple inc. FCCs answers, http://www.apple.com/hotnews/apple-answers-fcc-questions/
Apple inc. Official apple online store, http://store.apple.com/us
Barrera, D., van Oorschot, P.: Secure software installation on smartphones. IEEE Security & Privacy 99, 1 (2010)
Bezzi, M., Sabetta, A., Spanoudakis, G.: An architecture for certification-aware service discovery. In: Proc. of IWSSC (co-located with NSS 2011) (2011)
Cantor, S., Kemp, I., Philpott, N., Maler, E.: Assertions and protocols for the oasis security assertion markup language. OASIS Standard (March 2005)
O. W. S. S. Committee. OASIS web services security (WSS) TC OASIS, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss
Doraswamy, N., Harkins, D.: IPSec: the new security standard for the Internet, intranets, and virtual private networks. Prentice Hall (2003)
Gilbert, P., Chun, B., Cox, L., Jung, J.: Vision: automated security validation of mobile apps at app markets. In: Proceedings of the Second International Workshop on Mobile Cloud Computing and Services, pp. 21–26 (2011)
Google inc. Evaluate a marketplace app’s security, https://support.google.com
Herzog, A., Shahmehri, N., Duma, C.: An ontology of information security. International Journal of Information Security 1(4), 1–23 (2007)
Martin, D., Burstein, M., Hobbs, J., Lassila, O., McDermott, D., McIlraith, S., Narayanan, S., Paolucci, M., Parsia, B., Payne, T., et al.: OWL-S: semantic markup for web services. W3C Member Submission 22, 200704 (2004)
McDaniel, P., Enck, W.: Not so great expectations: Why application markets haven’t failed security. IEEE Security & Privacy 8(5), 76–78 (2010)
Microsoft inc. Market, http://msdn.microsoft.com/en-us/library/gg490776.aspx
Microsoft inc. Windows azure: Terms of use, https://datamarket.azure.com/terms
Microsoft inc. Windows marketplace, http://www.windowsphone.com/marketplace
Nasuni. Security and control are greatest concerns preventing enterprises from adopting cloud storage, http://www.nasuni.com/news/press_releases/
Nokia. Nokia ovi store content guidelines, http://support.publish.nokia.com
Nokia. Packaging and signing, http://www.developer.nokia.com/
Pedrinaci, C., Leidig, T.: Linked-USDL, http://linked-usdl.org/ns/usdl-core
RIM inc. BlackBerry app world, http://us.blackberry.com/developers/appworld/
Salesforce. Security review, http://wiki.developerforce.com/page/Security_Review
Szyperski, C., Gruntz, D., Murer, S.: Component software: beyond object-oriented programming. Addison-Wesley Professional (2002)
Zhou, C., Ramacciotti, S.: Common criteria: Its limitations and advice on improvement. Information Systems Security Association ISSA Journal, 24–28 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
This chapter is published under an open access license. Please check the 'Copyright Information' section either on this page or in the PDF for details of this license and what re-use is permitted. If your intended use exceeds what is permitted by the license or if you are unable to locate the licence and re-use information, please contact the Rights and Permissions team.
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Di Cerbo, F., Bezzi, M., Kaluvuri, S.P., Sabetta, A., Trabelsi, S., Lotz, V. (2012). Towards a Trustworthy Service Marketplace for the Future Internet. In: Álvarez, F., et al. The Future Internet. FIA 2012. Lecture Notes in Computer Science, vol 7281. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30241-1_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-30241-1_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30240-4
Online ISBN: 978-3-642-30241-1
eBook Packages: Computer ScienceComputer Science (R0)