The aim of the "Secure Space" project, short for "A Secure Space for Collaborative Security Services", is to develop a software platform for the secure communication and collaboration of autonomous participants across enterprise boundaries in the Internet and to prove its usability by means of applications from the security domain. The Secure Space integrates the Space Based Computing (SBC) paradigm with security. SBC is a technology that eases the dynamic communication and collaboration among participants. Today, communication is typically carried out by the sending of messages between two parties, or the calling of services at a server, mostly in a synchronous way. With SBC the participants communicate in a more natural way by using so-called shared data structures located at one or more sites in the network. Each participant autonomously interacts with that data structures, perceives their current state, and is informed in near real-time about changes. This blackboard-style based communication model leads to a decoupling of the communicating partners. It has been proven to be superior to the common client/server, message or publish/subscribe style for scenarios where many parties have to collaborate, especially in agents based scenarios , and where a high dynamics of joining and leaving partners must be dealt with.
The Secure Space extends SBC in that only participants belonging to a business process which trust each other can access the shared data structures and thus communicate and collaborate with each other in one or more "virtual rooms". Such a room is termed "Secure Room" and is realized by means of shared data structures of the space itself. A Secure Space consists of a set of Secure Rooms that are logically defined across enterprise boundaries. Participating organizations are identified by exchangeable identity providers. The Secure Space’s responsibility is to assign each identity its corresponding role and associated access rights in the space. As a starting point, the Java based open source implementation MozartSpaces developed at TU-Wien will be used to build the concepts of the Secure Space with it.
As major use case scenarios applications in the security domain shall be realized, but the Secure Space can also be exploited in other domains. The company partner underground_8 secure computing GmbH has provides firewall products with a comprehensive and competitive protection against a multitude of current security risks and threats. These products combine several important security services into one product and offer its end users secure connections in a network. For the next releases further ideas for innovative security services have been identified that require security in the space. For example, configuration information must be protected so that only administrators with specific access control rights are allowed to change certain configurations. Further ideas are to let distributed firewalls of different organizations collaborate and exchange security relevant data to achieve better decisions. Thus they need to share data across enterprise boundaries in a secure way.
The Secure Space will contribute to solve the problem that distributed software processes can communicate and collaborate with each other in a secure way, even across enterprise boundaries in the Internet and in the cloud. The establishment of a secure and trusted partnership can be done in an easy and ad-hoc way without the need of an administrator, thus fulfilling the requirements of dynamics and near real-time collaboration.
