The mission of Trust, Security and Dependability Working Group (TSD WG) is report on the state of the art of web services trust, security and dependability, as well as to give recommendations for future priorities, to produce guidelines and identify best practises.

The mission is complementary to NESSI objectives and responds to NESSI global challenges such as to make ICT service eco-system sufficiently trusted by European citizens and businesses.

Service centric view of NESSI (i.e. the notion that more ICT will be delivered through the service lifecycle) constitutes also the main focus for end-to-end security considerations in TSD NESSI Working Group.

Software applications will likely be broken into separately managed component services and will form so called service eco-systems. This has many security consequences: first, applications will need to utilise components out of different domains of control that require to obey separate security policies and ask for diverse security and dependability qualities; second, components may be owned and operated by different organisations so that informal company arrangements will have to be replaced by formal agreements resulting from partially mechanised negotiations; and third, the services will be shared between many consumers which implies advanced confidentiality and isolation requirements.

In order to address these issues, TSD WG foresee to involve a much wider community than those traditionally involved in ICT security: besides software and service engineers this WG also targets ICT lawyers, social scientists, auditors and economists.

Scope

The TSD WG´s Scope of work includes:

• Recommendations for the achievement of a holistic security model in service eco-system, based on selected business scenarios
• Recommendations for trust and security of core services, the fundament of NESSI framework.
• Recommendations for reducing complexity in the service eco-system design and difficulty to adapt it to security policy changes.
• Recommendations related to the confluence between classical dependability and security

• Linking trust (dependence or belief on some system's properties) and trustworthiness (the merit of that system to be trusted, the degree to which it meets those properties or its dependability).

• Recommendations for mechanisms to establish and maintain trust, both technical and non-technical (e.g. trust in process and service ownership, guidance and authorization of dynamic reconfiguration of processes and services etc)

• Recommendations for mechanisms to establish and maintain trustworthiness, including, but not limited to, a discipline of secure services engineering; the provision of assurance of security and dependability properties for services and applications composed of them; the ability to validate these properties at design time and, in evolving architectures and applications, at run-time; and the ability to monitor, measure, test and predict the security status of a system.

• Recommendations for Secure coding practises, design and development patterns and models

• Recommendations for Service dependability on infrastructures

• Recommendations for TSD assurance, management, audit and governance

• Recommendations for further treatment of legal and other issues

The NESSI Working Group on Trust, Security and Dependability will seek to collaborate with other NESSI working groups that cover or could contribute to TSD considerations in software and services.