Supporting Organizationally Accepted Practice (SOAP)

University of Southern California
Information Sciences Institute

Project Staff

Objective

The SOAP project is developing extensions to existing network infrastructure to enable application client and server software to follow accepted practices regarding information flow, server selection, and acceptable use of network services. The software being developed allows applications and users to specify access control policies on information objects, enforce accreditation requirements for network services, and specify confidentiality, integrity, and privacy policies for disseminated data.

Technical Approach

Client and server software for the Prospero Directory Service (PDS) has been extended by including user attributes in requests for data that are interpreted by the server. Additionally, dissemination constraints stored with data are returned to the application client where they may be interpreted and used to prevent unintentional content release through inclusion in other documents or forwarding.

Applications use the attributes regarding information flow to provide appropriate protection, collect payment for access to intellectual property, and to prevent unintentional dissemination of sensitive, but unclassified, information.

Constraints on server selection allow applications running in organizations like the federal government, or more specifically the military, to reduce or eliminate dependence on commercial network services that do not meet established criteria for reliability, security, or authority to do business with them.

Confidentiality and integrity protection of data are provided through extensions to the Asynchronous Reliable Delivery Protocol (ARDP) using security services from the DARPA funded SILDS effort. ARDP is a request-response transport protocol that has been developed as part of the SOAP and GOST efforts, and is used as a transport protocol by the Prospero Directory Service.

Using ARDP's security context, clients and servers can perform integrity and privacy protection on data and transmit authentication, authorization, and payment information to application servers. The integration of security with ARDP provides for service accreditation, access control, and intellectual property rights recognition and enforcement.

Accomplishments GFY 1998

Technical Plan for GFY 1999

Technology Transition

The protocols described in this summary are being discussed at IETF meetings to get necessary input from users of these technologies and to facilitate tproject.

Technology will be transferred through channels that have already been established as part of previous work on the Prospero Directory Service, and the Prospero Resource Manager. Prior releases of PDS have been distributed widely, and it has been used as an embedded service by applications running from more than 100,000 systems on the Internet. Stand-alone modules for incorporation with application are available, allowing the resulting extensions to be used by others.

ISI is working with the Maya Design Group of Pittsburgh, PA, who are utilizing Prospero for data storage and access in a distributed implementation of VISAGE.

ISI worked with the venture capital firm, Media Technology Ventures, to transfer the caching technology to a startup firm, Brevity Technology, which intends to make a meta-directory product.

Former Students

  • Konstadinos Kutsikos, Graduate Research Assistant
    last modified 07/17/98 sg