Jula er en tid da man kan sette seg i godstolen foran peisen, spise peppernøtter og kose seg med en god bok. Tips til sistnevnte er vår nylig utgitte bok om sikkerhet og tillit for tjenestekomposisjon – anbefalt julegave til både liten og stor!
Boka gir en innføring i resultatene fra EU-prosjektet Aniketos, og jeg gjengir her forordene fra min kollega og prosjektleder Richard Sanders:
The Future Internet envisions a move toward widespread use of services as a way of networked interaction. However, while the technologies for developing and deploying services are well established, methods for ensuring trust and security are fewer and less mature. In particular, current service security standards and technologies tend to be focussed on specific areas, such as security at the communication level.
Lack of trust and confidence in composed services and in their constituent parts is reckoned to be one of the significant factors limiting widespread uptake of service-oriented computing. Citizens and businesses alike need to have greater confidence in online services for the digital economy to flourish.
For example, the security claims of a service should be known in advance, and a user should be able to make judgments about the trustworthiness of a service and its likelihood of fulfilling these claims. This should apply to services running in isolation, as well as those comprised of other services from different providers.
In order for users to be confident that their legitimate security requirements are being satisfied, advances in tools and methods are required. This was the common understanding that brought 17 European partners from 10 countries to join forces in the Aniketos project. The motivation was to overcome some of these obstacles.
The results of the project are now available, and this book presents them in condensed form. In addition to the written word, the project has produced software tools wrapped in four packages, each serving a group of typical security needs, ranging from the specification of security and trustworthiness requirements, through improved tools for designing secure composite software systems services, and to support for runtime monitoring and dynamic recomposition of secure behavior.