Disclaimer: This document contains Intellectual Property
developed by Sampo Kellomäki, who at the time of development does
not have any affiliation with the TAS3 Consortium. Such Intellectual
Property is not covered by the TAS3 Consortium agreement. The
Consortium and Sampo Kellomäki are negotiating an arrangement
for Sampo Kellomäki to be affiliated with some member of the
Consortium to clarify the status of the IPR.
Disclaimer: This document has not been reviewed or approved by
European Commission.
This document contains version 1 of the TAS3 system architecture (by system architecture we mean the conceptual design that defines the structure and behaviour of a TAS3 trust network). As the Description of Work states, the TAS3 project's main objective is to provide a next generation trust & security architecture that is ready to (1) meet the requirements of complex and highly versatile business processes, (2) enable the dynamic user-centric management of policies and (3) ensure end-to-end secure transmission of personal information and user- controlled attributes between heterogeneous, context dependent and continuously changing systems. This architecture has been designed to fulfill the above objectives through a combination of:
providing users with the ability to meaningfully give their consent to the use of their personal information
ensuring a complete set of audit information is recorded by a TAS3 trust network and that users have the ability to directly or indirectly see the audit information that pertains to their personal information. Note that there will not be a single central audit log. If a person needs to drill down into the distributed audit trail, he will need to be authorised and obtain sufficient permissions to access the various local audit logs in order to correlate the events and see the "big picture".
a legal framework and set of model contracts that will contractually bind all service providers into operating in a trustworthy manner e.g. so as to honour the choices of users concerning the handling of their personal information
a set of trusted third parties that facilitate the sharing of trust related information such as public keys, authorization attributes, and reputation information
strong cryptographic algorithms and privacy preserving protocols
end to end security through application layer encryption and digital signing
sticky policies that cryptographically bind data and policies together, along with a policy enforcement infrastructure that controls access to all resources
quality assurance and testing technology and actors to test if on-line services actually behave in compliance with their specifications.
This architecture document describes the conceptual entities that are needed and the services they should provide in order to operate a TAS3 trust network. These trust and privacy enhancing services include: authorization services, secure business process management services, delegation services, privacy preserving discovery services, identity management services, secure repository services and trust and reputation services. All of these services are usually needed regardless of the applications that might run in a TAS3 trust network. However, small centralized trust networks may be able to dispense with one or more of these trust and privacy enhancing services, e.g. discovery or delegation services, depending upon their requirements.
This architecture contains many novel features such as: a trust infrastructure based on novel metrics, actor behaviour and structural components which can be correlated together, an authorisation infrastructure which supports multiple policy languages and conflict resolution, an obligation infrastructure which enforces privacy throughout the trust network, and a distributed audit system which can be cross correlated with the necessary permissions. These are described in more detail in the specific work package deliverables.
The TAS3 architecture is designed to be standards, protocol, data and application agnostic so that any protocol capable of implementing the flows and satisfying the service requirements can potentially be used by any application. Annex A maps these services onto the latest state of the art application independent protocols as far as is currently possible. This is to ensure interworking between the prototypes that will be developed in this project. Further standardization effort will be needed in order to fully complete this mapping and this will be documented in a future version of this architecture (or in other TAS3 deliverables).
Annex B shows an example deployment architecture that maximizes a service's availability and is resilient to both system and network failures including denial of service attacks.
Annex C states the compliance requirements for participants in a TAS3 trust network. Legal, policy and technical compliance requirements are covered.
Annex D provides a set of use cases which allows the reader to see how an end user might use the services of a TAS3 trust network.
Annex E contains the first version of a business model that could be used to successfully operate a TAS3 trust network
Annex F summarizes the threats that the TAS3 architecture is designed to protect against
Annex G lists the events that should be captured in the secure audit trails of a TAS3 trust network
Annex H gives some example protocol messages based on the mapping provided in Annex A
Annex I provides a glossary of terms
Scope. The TAS3 project has a narrower scope than the architecture that is documented here. This is natural as the novel research contributions of TAS3 are being made only in some areas of the architecture. However the full architecture needs to be documented as this will be needed both to successfully test the research results and to provide a production service. We present a comprehensive architecture that addresses actual use cases end-to-end, rather than simply an architecture of the services that are within the scope of our research.