Current Projects

Seamlessly Integrating PERMIS and Shibboleth (SIPS)

Multilayer Privilege Management for Dynamic Collaborative Scientific Communities over Environmental eScience Data Grids (DyCom)

Dynamic Virtual Organisations in e-Science Education (DyVOSE)

Flexible Access Middleware Extensions to PERMIS (FAME-PERMIS)

Distributed Programmable Authorisation

Trust and Contract Mangement (TrustCoM)

Secure Role Based Messaging

Previous Projects

An Authorisation API for the GRID

Privilege and Role Management Infrastructure Standards Validation (PERMIS)

A Policy Management Tool for PERMIS

Certificate Retrieval from OpenLDAP

Electronic Prescription Processing (EPP)

A Comparison of the AKENTI and PERMIS Authorisation Infrastructures

PKI Challenge

Interworking public key Certification infrastructurE for Commerce, Administration and Research (ICE-CAR)

Intelligent Computation of Trust (ICT)

Multilingual Application Interface for Telematic Services (MAITS)

Interworking public key Certification infrastructure for Europe (ICE-TEL)

Distributed Diabetic Dietician (3D)

TrustHealth 2

Secure Direct Access to Diabetic Database by Opticians (extension of 3D project)

Guidelines for Establishing a Public Key Certification Authority (GUIDES)

Secure Electronic Discharge Notes

Current Funded Projects
Distributed Programmable Authorisation. EPSRC funded, Professor Chadwick (principal), Dr Basden (co-investigator). April 2004 for 27 months, £191K

The objectives of the project are:
i) To define an ontology, based on DAML+OIL, for a high level authorisation policy that controls access to multiple resources in different domains. The ontology will contain the language for specifying rules for decomposing the high level policy into a set of lower level resource based authorisation policies conformant to the high level one.
ii) To provide a user friendly interface to allow administrators to create high level authorisation policies using the ontology defined in i).
iii) To build a reasoning compiler that can interpret the rules of a high level authorisation policy and infer the set of low level resource based authorisation policies that need to be created. The latter can be in any existing low level authorisation language (the exemplar developed will be in XACML, the policy language defined by the OASIS consortium).
iv) To determine and build the best way to propagate the low level policies in a trusted way to the resources that they will control access to.
v) To develop Java objects, callable by distributed applications, that can dynamically activate the reasoning compiler and low level policy distribution, to cater for new or retiring application level objects and spawning of subtasks.
vi) To determine and build the best way to implement low level dependent decision making, i.e. when access to one resource is dependent upon previous decisions made by other resources.  vii) demonstrate its applicability by collaborating with another programmable network or EPSRC funded project
viii) integrate all of the above into the existing PERMIS authorisation infrastructure and publicly release via the US NMI software release

TrustCoM. EC VI FW funded Integrated Project, Professor Chadwick (principal). Dr Basden (co-investigator). February 2004 for 36 months, €275k

TrustCoM will develop a framework for trust, security and contract management in dynamically-evolving virtual organisations. The framework will enable secure collaborative business processing within on-demand created and self-managed, dynamic collaborative networks of businesses and governments built on top of the emerging convergence of Web Services, agent and Grid technologies. The TrustCoM consortium is formed of end-users, technology and service providers, and experts in computing, economics and law, from industry, government and academia, who are actively involved in the development of technology and frameworks related to Virtual Organisations. Partners include: BAE SYSTEMS, BT, CCLRC, HLRS, IBM, Microsoft (EMIC), SAP, SchlumbergerSema and SICS.

Secure Role Based Messaging. Nexor funded, Professor Chadwick (supervisor). October 2003 for 36 months, £45K

This PhD studentship, funded by Nexor, is being carried out by Peter Langley. Its aim is to determine how to design and build a secure role based messaging infrastructure that will allow users acting in specific roles, to send digitally signed and encrypted emails to users acting in other roles, regardless of who the role occupants are at the time of receipt. Each message will have a policy associated with it, that will control what the recipient role(s) are allowed to do with the message. The PERMIS RBAC infrastructure will be modified appropriately to support this infrastructure.

Seamlessly Integrating PERMIS and Shibboleth (SIPS). Prof Chadwick (principal). 1 June 2004 for 24 months. £61K. JISC funded

This project will seamlessly integrate PERMIS and Shibboleth using 4 different methods. Each method has advantages and disadvantages from security, performance, management and privacy perspectives. This project will test 3 of the integration methods in an application at Salford, and will support all other JISC Core Middleware funded projects that also wish to pilot integrated PERMIS/Shibboleth (4 such projects have been identified, and between them all 4 methods will be evaluated). Support for the other JISC Core Middleware projects has been built into this proposal. An Evaluative Questionnaire will be produced near the end of this project and circulated to the pilot sites, and an Evaluation Report produced. The enhanced Shibboleth supporting PERMIS infrastructure will be distributed as part of the US NMI release.

Multilayer Privilege Management for Dynamic Collaborative Scientific Communities over Environmental eScience Data Grids (DyCom). Prof Chadwick (principal). 1 Sept 2004 for 24 months. £77K.  JISC funded. (Joint bid with CLRCC, £185K total.)

Rapid advancements in enabling technologies, such Grid Computing, and the convergence of Grid and Web Services, and the development of infrastructures such as the NERC DataGrid, bring about protocols and machine-processable message/document formats that will soon enable seamless and open application-application communication and bring about ad hoc integration of systems across institutional boundaries to support the on-demand creation of dynamically-evolving, scalable Virtual Organisations (VO) spanning national and institutional borders, where the participating entities pool resources, capabilities and information to achieve common goals. The main objective of this project is to contribute to enabling such collaborations within dynamic Virtual Organisations serving different project teams, by building on top of leading-edge infrastructures and tools, namely: - the data grid technologies for data discovery and integration, - the GRASP Security Infrastructure, for distributed security enforcement, and - the PERMIS privilege management infrastructure for authorisation policy definition and enforcement. However, the added value of this project goes beyond and above the integration of these middleware layers. Firstly, each solution provides core functionality that is complementary to the others and its integration compensates for capabilities that are either absent or only partially addressed in the others. Secondly, addressing challenging scenarios (such as the one presented in the introduction of the proposal) necessitates joint extensions on top of their integration to address issues such as: separation of duties, distributed role assignment policy management and conditional authorisation based on project membership.

Dynamic Virtual Organisations in e-Science Education (DyVOSE). Prof Chadwick (principal). 1 May 2004 for 24 months. £107.5K. JISC funded. (£283K total. Joint bid with National e-Science Centre Edinburgh, University of Glasgow, and EDINA)

Current experiences with public key certificates and PKIs for user authentication have not been too successful. Consequently the UK academic community now wants to experiment with using local (existing) methods of authentication for remote login, using the Shibboleth protocol as the transport mechanism.   It is too early to say if large scale use of attribute certificates (ACs) for user authorisation, based on infrastructures such as PERMIS, will be successful or not. However, few other alternatives currently exist, so practical experience is required. In order for large scale use to be facilitated, dynamic (rather than static) delegation of authority is required. In the current PERMIS infrastructure, static delegation of authority means that a central authority has to be contacted, and register local managers in its policy, before managers are entitled to assign privileges to subordinates. With dynamic delegation of authority, local managers do not need to be registered, but are given the privilege to delegate when they are first given privileges to use the system. Managers can then allocate privileges to staff and students as required, without having to contact the central authority first to get permission. Through this, a federated and scalable model of security authorisation can be realised. In developing this federated PMI model, key challenges have to be overcome which are common to most, if not all, uses of Grid technology the dynamic establishment of Virtual Organisations (VO). VOs allow shared use of computational and data resources by collaborating institutions. Establishing a VO will require that efficient access control mechanisms to the shared resources by known individuals are in place. However, currently in the Grid community access control is usually done by comparing the authenticated name of an entity to a name in an Access Control List. This approach lacks scalability and manageability. Dynamic delegation of privileges offers a more realistic approach that could shape future Grid security, especially when it is rolled-out to the masses, e.g. Grid students, industry. To demonstrate the viability of this approach, a case study based upon the issuance of local attribute certificates at the University of Glasgow and e-Science Institute (e-SI) in Edinburgh will be made . These ACs will be issued to graduate students at Glasgow by members of staff, as part of the advanced MSc programme currently under development specifically for usage in the Grid Computing modules to be taught therein, and to e-Science investigators by the e-Science training team at e-SI. These ACs will be used to grant the users access and use of computational and data resources across the UK e-Science Grid as well as local e-Science infrastructures such as ScotGrid. The e-Science training team to be located at e-SI is currently being put together. This team (to be established in April) will provide training on a range of Grid technologies as part of the Enabling Grids for E-Science in Europe (EGEE) project. The expected starting date of the advanced MSc at Glasgow is September 2004 hence this proposal is timely and will serve as a valuable barometer in assessing delegation based AC infrastructures and their roll-out to the wider UK e-Science community.  Project results will be widely disseminated throughout the JISC Information Environment by the direct involvement of EDINA towards the end of the work.

Flexible Access Middleware Extensions to PERMIS (FAME-PERMIS). Prof Chadwick (principal). 1 August 2004 for 24 months. £26K. JISC funded. (£160K total. Joint bid with University of Manchester)

Robust authentication and authorisation services are key to the development of a secure environment for the UK academic community, especially when students, researchers, staff with different roles and responsibilities from different institutions need to access data or computational resources distributed in the Internet environment with components administered locally and independently. This virtual organisation (VO) collaborative environment requires the tools that can support different authentication and authorisation mechanisms and policies adopted by resource providers administrated by different institutions. The current access management system available to the UK academic community is Athens that is a single-username/password solution. The existing middleware developed by the Grid community only supports the use of digital certificates in the form of software tokens. The approach used in these solutions is homogeneous in that more advanced authentication methods such as smart card or Java card based authentication methods are not supported and authorisation decisions are not linked to the authentication strengths exhibited by different authentication methods. This FAME-PERMIS project will design and develop middleware extensions to facilitate authentication strength linked to flexible, intelligent and fine-grained access control. It will support the use of a wide range of authentication methods including IP addresses, passwords, certificate-based soft tokens, Java cards and biometrics in a single-factor or multi-factor fashion to achieve specific authentication strength, or Level of Assurance (LoA). This LoA is then fed into the authorisation decision engine, such as PERMIS, to decide the users' privilege rights. The extensions will allow the integration of well-known authentication protocols such as Kerberos V, extend Shibboleth's Handle Service, and use SAML or XML as message formats and SOAP as the underlying messaging protocol enabling secure but flexible web based VO resource sharing.

Previous Projects

An Authorisation API for the GRID. JISC funded, Professor Chadwick (principal). March 2003 for 18 months, £42k.

Working with the Globus Team, this project defined an authorisation API for the GRID, based on SAMLv1.1. The specification has been published by the GGF  OGSA Authorization Working Group and is due to become a Grid standard.  The SAML interface was then implemented in Globus Toolkit Release 3.3 and later versions, and in the PERMIS authorisation infrastructure, allowing the two to plug and play together seamlessly. Finally, the integrated infrastructure was piloted in the UK e-Science BRIDGES Grid application at the University of Glasgow.

The final project report can be downloaded here (55KB).

A Policy Management Tool for PERMIS. JISC funded, Professor Chadwick (principal). February 2004 for 6 months, £26K

Working in collaboration with Professor Angela Sasse from UCL, we built an accessible and appealing graphical user interface for managing PERMIS RBAC policies. This GUI enables managers to create and modify PERMIS policies using a minimum of physical and mental effort. The GUI has been internationalised, and distributed as open source Java code as part of the US NMI release. It can be downloaded from here.

Certificate Retrieval from OpenLDAP. TERENA funded project. Professor Chadwick (principal). September 2001-April 2004. €76.3K

This project added certificate and CRL searching capabilities to the OpenLDAP server. Certificate and CRL matching rules were defined by the IETF PKIX working group and these have been added to OpenLDAP. This allows users to search for certificates containing specific fields, such as key usage, or Subject Alt Names containing an email address. Furthermore, the ability to retrieve only selected attribute values has been added, according to the LDAPEXT Matched Values Internet Draft. The Detailed Design is now available and the software is available either as a whole OpenLDAP server with XPS functionality, or as a patch that you need to apply to your OpenLDAP source code to add XPS functionality to it (the last tested version that the patch works on - OpenLDAP 2.2.8). The PKIX IDs that define the schema for this code are:

The final report to Terena, the sponsors of the project, is available here.

Privilege and Role Management Infrastructure Standards Validation (PERMIS), EC ISIS programme. Dr Chadwick (principal). December 2000 to September 2002. €94K  EC PERMIS Project

PERMIS is validating the use of Privilege Management Infrastructures (PMI) based on the X.509(2000) standard. Three very different applications are being built in the cities of Salford, Bologna and Barcelona, and all will use the same PMI infrastructure to validate its general applicability and usability. The project will attempt to standardise the privileges needed for Internet E-commerce applications and publish an Internet RFC describing these and the PERMIS API.

Papers have already been published which describe the PERMIS PMI architecture and the PERMIS RBAC policy. There is also an Internet Draft.

To access the project page please click the link below
PERMIS Project Page

A Comparison of the AKENTI and PERMIS Authorisation Infrastructures. JISC funded project. Oct 2002-March 2003. £14k

This project will evaluate and compare and contrast the AKENTI and PERMIS authorisation infrastructures. This will be done at a number of levels.
- Firstly by analysing the documentation of both projects and producing a detailed document describing the differences in the functionality and features of the two infrastructures.
- Secondly by building a test application that will integrate both the AKENTI and PERMIS authorisation infrastructures. From this we will be able to describe the usability aspects of each infrastructure e.g. ease of integration, ease of management (policy creation, allocation of authorisation certificates to end users etc.).
- Finally by running performance measurements on both infrastructures and measuring their throughput, speed of access control decision making, number of simultaneous decisions etc. so as to be able see how well each perform under different workloads.

The final report is now available for you to read as a Zipped Word document.

Electronic Prescription Processing (EPP), EPSRC (CDS), Dr Chadwick (principal) with Dr Hopkins (Haldon House Surgery) and Mr Freeborn (Hope Hospital). September 2000 for 3 years. £261K.

Dr Chadwick is the Principal Investigator on this Project. This project aims to study the conversion of one paper based process (that of prescribing and dispensing prescription medicines) into a secure electronic one, and from this draw valuable lessons that can be applied to other similar conversions. A secure electronic prescribing application needs to address many and varied issues, including scalability, user friendliness, security, and ease of administration. These multi-faceted problems often have mutually exclusive solutions, for example, high security usually means inconvenience to the user, which is in direct contradiction to ease of use. Therefore the final application is often a compromise of several competing factors, and it is this interplay of issues which, when better understood, can subsequently be applied to the building of secure electronic applications on other problems domains.

To access the project page please click the link below.
EPP Project Page

PKI Challenge, EC funded project, Jan 2001 -Dec 2002. Dr Chadwick (principal). €9K

This project will attempt to build a large scale public key infrastructure interworking testing environment for use throughout Europe. Dr Chadwick's role is to act a technical expert and quality assurance adviser to the project, by advising on the technical infrastructure to be set up, and QA'ing the final deliverable project report. EEMA Home Page

Intelligent Computation of Trust (ICT). EPSRC (CDS) November 1997 - November 2000, Dr Chadwick (principal) with Dr Basden (co-researcher), £144K.

Dr Chadwick was the Principal Investigator on this project. The research semi-automated the building of trust relationships between remote users who use public key crytography for authentication. The question answered was "Given this user's public key certificate signed by some remote Certification Authority, how much can I trust it". The project investigated the semantics of trust relationships and how these are built up for PKIs. This lead to the definition of a Trust Quotient (cf. Intelligence Quotient), which is a measure of the trust that one can have in a remote CA, and hence in the users that it has certified. An expert system was built that allows Trust Quotients to be calculated based on the Certificate Practice Statement (CPS) and Certificate Policy of the CA in question and from the personal input of the user. A working system is available on the web at the ISTAR Knowledge Server. During the research we defined a structured format for CPSs using XML, so that these can be transferred across a network to be automatically analysed by ISTAR.  Finally we designed a Trust Check Server that can retrieve corroborative information, such as Audit Certificates and CRLs, from the Internet as a means of dynamically checking that the CA is operating according to its CP and CPS.

Interworking public key Certification infrastructurE for Commerce, Administration and Research (ICE-CAR). EC IV FW, DGXIII Telematics for Research Sector, January 1999-December 2000. Dr Chadwick (principal). 55K €. European Commission Framework IV

This project was a continuation of the previously successful ICE-TEL project. Dr Chadwick was responsible for two separate work packages: extensions to and piloting of the Guardian DSA and pilot trials of a PKI with SMEs in the Greater Manchester Area. He also participated in interworking trials between PKIs from different suppliers, namely Entrust, Baltimore and Secude. Under ICE-CAR the Guardian DSA has been extended to add a replication filtering capability, and to support LDAP chaining. The user experiences of using a PKI were provided by GPs and Opticians in Greater Manchester. Both sets of users were given tailored Web interfaces that allow them to access different aspects of the diabetic register held at Hope Hospital. All users can access the register using strongly encrypted and digitally signed links over the Internet, from their surgeries and high street shops. The user experiences have provided valuable information about the implementation and usability of public key infrastructures.

Multilingual Application Interface for Telematic Services (MAITS), EU IV FW, DG XIII/Language Engineering Sector, September 1995-April 1997, Dr Chadwick (principal) with Drs Cooper and Larmouth (co-researchers). 240kecu (180kecu actually spent)

The aim of the MAITS project was to allow users to access telematic services in their local language (or locale), and to be able to interact with remote users, via international telematic services, as effectively, as efficiently and as easily as they can with local users. The purpose of MAITS was to define a framework for transparent langauge support (TLP); to define and create a generic and portable set of APIs to enable TLP - the MAITS API; then to integrate the MAITS API into a reasonable cross-section of widely used telematic services. The MAITS TLP framework and 4 level API was successfully defined and published, and levels 0,1 and 2 were successfully built and tested. They were also successfully incorporated into a commercial product that is now marketed by Translation Experts Ltd. Implementation of Level 3 into machine translation products was beyond the scope of the project.

Interworking public key Certification infrastructure for Europe (ICE-TEL), EU IV FW DGXIII Telematics for Research Sector, November 1995 - November 1997. Dr Chadwick (principal). 120kecu.

ICE-TEL successfully established a pilot certification authority infrastructure throughout Europe, using a root CA based in Denmark. Salford's role was to provide a secure directory firewall (the Guardian DSA) that would allow legitimate users of the infrastructure access certificates and CRLs whilst keeping out illegitimate users. The Guardian DSA was built and successfully piloted with the UK Ministry of Defence and the National Health Service.

Distributed Diabetic Dietician (3D). EPSRC (CDS) February 1998 - February 2000, Dr. Fletcher (principal) with Drs Chadwick, Ashworth, and Dornan (Hope Hospital) £238k.

The aim of 3D was to design a methodology for the conversion of standalone centralised medical applications into secure distributed applications, accessible to a wide range of health care professionals over wide area networks such as the Internet. The diabetic register at Hope Hospital was used as the exemplar for the methodology, and GPs in Salford were given access to the register over the Internet. The project also looked at ways of presenting medical information to patients in a way that would increase their understanding and improve the patient-doctor dialogue, thereby leading to improved patient care. A clinical decision support system (CDSS) was built and piloted with diabetic patients at Hope Hospital. The CDSS was then linked into the diabetic register using the secure methodology devoloped in the project, so that the patients, via the CDSS, could be given patient specific information about their condition, and what risks such as smoking or diet could mean to their health. An article about the project was published in the November 2000 edition of the EPSRC Impact Newsletter.

TrustHealth 2 EC IV FW, DGXIII Telematics for Health. June 1998 - June 2000. Dr Chadwick (principal). 49keuro. European Commission Framework IV - TrustHealth 2

The aim of this project was to demonstrate how trustworthy telematic systems can be established with the use of modern security techniques while maintaining the possibility for open systems connectivity and trans-European interoperability. TrustHealth 2 built on the successful first phase of TrustHealth 1 (closedJuly 97) that focussed on defining a set of specifications for security services at the work stations, using healthcare professional cards and establishing a necessary infrastructure of Trusted Third Party Services (TTPs). The TrustHealth1 specifications for building security tool-kits for easy integration with applications attracted wide interest and got a very positive annual evaluation as a project of highest technical quality and strategic importance. The second phase of TrustHealth (TrustHealth 2) successfully integrated, verified and demonstrated the TrustHealth1 solution in a number of healthcare applications in Belgium, France, Germany, Norway, Sweden and the United Kingdom. Cryptographic digital signature techniques were applied to allow the telematics systems to comply with the legal requirements and to maintain public confidence in the way that sensitive personal information is managed. The results of TrustHealth2 have been widely published in journals and at conferences.

Secure Direct Access to Diabetic Database by Opticians (extension of 3D project). Dr Chadwick (principal). Partially funded by Viacode, July - Dec 2000, £4k

This project is linked to the ICE-CAR project, and Viacode are sponsoring Dr Chadwick's group to build a revised user interface for the opticians. Viacode are interested in the results of this project, as they have set up the first operational public key infrastructure for the National Health Service.

Guidelines for Establishing a Public Key Certification Authority (GUIDES), an EC SPRITE-S2 project. Jan 1999 - April 2000, 15K €

This project used the collective knowledge of several groups of researchers throughout Europe who had successfully built and piloted public key infrastructure, in order to provide a set of guidelines that can be used by organisation who might wish to do the same thing. The Guidelines are now freely available from the web. They can be downloaded from this link:

Secure Electronic Discharge Notes, funded by Salford Royal Hospitals NHS Trust (Hope Hospital). Dr Chadwick (principal). £9k, August 2000 - December 2001 Salford Royal Hospitals NHS Trust - Secure Electronic Discharge Notes

This project will provide Hope Hospital with a secure mechanism for sending electronic discharge notes to GPs, using the Internet and the S/MIME standard. Experiences will be gained of using this new technology, and the lessons learnt will be published.

Page last updated by David Chadwick 28 September 2004