A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems
|
|
- Timothy Chapman
- 8 years ago
- Views:
Transcription
1 Volume 1, Number 2, December 2014 JOURNAL OF COMPUTER SCIENCE AND SOFTWARE APPLICATION A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems Satish Kumar*, Avadhesh Kumar Gupta Institute of Management Studies, Ghaziabad, Uttar Pradesh, India. *Corresponding author: satishkumar.serg@gmail.com Abstract: Service-Oriented Architecture (SOA) is an architectural paradigm for developing distributed systems. One of the major challenge in the designing of SOA is developing its security requirements. SOA security is an overarching concern because it affects discovery and interaction of services and applications in an SOA environment. In recent years, a lot of solutions have been implemented such as Web Service Security (WS-Security), WS Trust and Web Service Security Policy (WS-Security Policy) standards. These standards are not sufficient for the promising enterprise system security. In this paper, we proposed a security model for SOA that constitute the foundation for our Security As A service (SAAS) approach. Based on the model for service interaction that describes exchange of secured messaging in distributed environment. Keywords: Service-Oriented Architecture; Security As A Service; WS-Trust; Web Services 1. INTRODUCTION Service-Oriented Architecture (SOA) has become a popular architecture pattern in enterprise application development. Due to the emergence of web services that are implemented by SOA is a solution of enterprise application development due to platform and language independent. SOA based application is a combination of services and these services could be implemented in different technologies and are deployed over heterogeneous networks [1]. In distributed environment, security is a critical issue for enterprise systems and it is necessary to ensure security in SOA based application. When the advance of Web services technologies have been used increasingly, the next issue which should be concerned is security for the information or message transferred across the network. There are several approaches for implement the security in SOA based application. In traditional security approaches make the impact of performance and high cost maintenance of application [2]. Another approach has come up with the solution of these problem is called Security As A Service (SAAS). For example: In traditional security approaches, application has built with few services and each service implemented its with own security which is invoked as a part of service consumer and provider as depicts in Figure 1. When enterprise needs to secure large number of services. The traditional security approach is not right way of security implementation due to replication of security enforcement machinery across all 1
2 Figure 1. Security implementation as part of each services service consumer. services and service consumers [2]. Worse still, if security requirements differ for each application then the security machinery of each security will check similar security leading to high maintenance cost. Security as service depicts in Figure 2 is a solution over traditional approach for building secure large number of services. This approach explores a way of shifting some of the security enforcement burden from service consumer and service to a shared security service. A shared service helps to enforce security polices consistently across all services. This approach is not completely suitable from the performance point of view. For example, suppose several service consumers want to access the service at the same time, the security credentials will be checked at the server side and take more time for validation. 2. RELATED WORK The well-known standard for security requirements of web services are integrity, confidentiality and availability. There are various techniques to tackle these three security aspects such as using XML Signature or digital signature in XML format to ensure the data integrity, using XML Encryption to provide confidentiality while a message is in transit over the network [3]. WS-Reliable Messaging Protocol to guarantee that a message transited in the network layer has been received by receiver [4]. Although, there are various standards for Web services security but perhaps the most important standard is WS-Trust, because it is used for identifying trust relationship by using concept of Security token services (STS) as well as WS-Policy. WS-Secure Conversation is designed to deal with tokens of message exchange in a short period of time whereas WS-Federation is designed for managing trust relationships in different types of system. The last one is WS-Authorization designed to support authorization mechanism for data transferred between applications. SOAP message security is one of the most vital concerns for security in Web services as a result of various types of attacks such as replay attack, man-in-the middle attack and token substitution attack which can break down message confidentiality and integrity [5]. So WS-Security is a security standard to deal with those problems by using XML Encryption and XML 2
3 A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems Figure 2. Security implementation as a separate service. Signature to protect confidentiality and integrity respectively. Furthermore, WS-Security supports security token which is commonly used to provide authentication and authorization. According to Zhang [6], there are several techniques for token-based authentication namely username, X.509 PKI certificates, Kerberos tickets, Security Assertions Markup Language (SAML) and Web Services Security Rights Expression Language (REL) or known as XML Rights Management Language (XrML) [3]. They can be categorized into three types which are unsigned security token namely username token profile, signed security token namely X.509 certificates and Kerberos tickets, XML security token namely SAML and XrM [7, 8]. The different between Kerberos tickets and X.509 certificates is encryption algorithm, the former uses symmetric encryption algorithm whereas the latter uses public key encryption [9]. According to Nordbotten [3], username token can prevent replay attacks by including nonce and timestamp in the message (this method can use in every security token mechanisms), Fournet and Gordon [10] shows that username token is not a strong authentication enough to prevent from attackers. However, they suggest solution that it may be stronger if XML digital signature is added in conjunction with username token. There are some research papers about performance comparison of Kerberos and X.509 token profile illustrated that transfer rate of Kerberos token profile is far outweigh X.509 token profile by 28% due to different type of cryptographic algorithm [9]. However, there is some threat engage to Kerberos token profile which is Kerberos is prone to key re-use. REL/XrML is different from SAML because it is based on license as a security token, used for providing key to authorization in the message. On the other hand, because of its format is in XML format so that it is similar to SAML, Nordbotten [3] suggested that using SAML rather than using REL/XrML due to the fact that SAML is more broadly accepted by many Web services applications. Potential threats of SAML and REL/XrML are same as other security token formats and can protect by using signature and encryption technique. 3
4 Figure 3. Security implementation as a separate service on ESB. 3. STANDARDS FOR IMPLEMENTING SECURITY AS A SERVICE A number of standards and technologies are available for implementing security as a service. Some of them are: WS-Trust: WS-Trust defines a standard interface for obtaining/issuing, renewing, cancelling, and validating security tokens such as SAML assertions. Specifically, a security token service (STS) is defined, providing these mechanisms as web services [11, 12]. So, after discovering what security token is required, the service consumer may use WS-Trust in order to obtain required token from an STS. Security Assertion Markup Language (SAML): SAML is used to exchange the security information among different security domain [13]. SAML provides two services such as authentication and authorization services. Based on SAML protocol, authentication service creates request and response which are used by Security Token Service (STS) for validating the user. WS-Addressing: Standardize SOAP specification explicitly supports the use of one or more intermediaries (such as secure services) in message path by laying down specific rule for preventing destination endpoint information when routing a message via the security service [7]. 4. NEW APPROACH FOR MODELLING SECURITY AS A SERVICE (SAAS) Security As A Service (SAAS) approach is a better choice to solve SOA security based on the concept of shared services. Security services are effectively and correctly implemented and also scaled locally outside the system or as a domain wide service [2, 14]. We proposed a new way of implementing the security by using SAAS approach shown in Figure 3. In this way, SAAS approach is implemented on the Enterprise Service Bus (ESB). An ESB has the ability to implement the shared security and improve the performance of application. On ESB, security credentials are validating during the transmission of data or request from the service consumer to service. The time will be reduced for processing the request due to security validation has validated on ESB and the overall performance of the system will be increased. 4
5 A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems Figure 4. Shared security service architecture in a domain. 4.1 Proposed model for SAAS implementation The proposed architecture of SAAS approach is based on concept of shared security service implemented in University System as depicts in Figure 4. The higher part of this architecture shows the University System, which contain various service endpoints. The lover part shows SAAS components and security interfaces. The global request and response handlers are integrated with service endpoints. These handlers interrupt the incoming and outgoing message to or from a service endpoint and provide primitive security. Proposed SAAS based architecture approach breaks the security tasks into SAAS Component and service endpoint security architecture. Endpoint integrated security perform security task such as encryption/decryption, validation and key exchange by using Security Proxy Handler [14, 15]. SAAS components are the core which are deployed by security domain that provides shared security to all service endpoints in this domain. Policy Repository contains policies for different security requirements such as authentication, authorization etc. Authentication Service: Authentication Service provides user authentication inside or outside the domain. Authentication Services validate the user identity and send the signed authentication decision to endpoint. At the endpoint, SPH validates the signature before forwarding the authentication decision to intended services. Authorization Service: Authorization Service is used to verify the permission assigned to user from the policy repository. Authorization Service sends the authorization assertion to endpoint. At the endpoint, SPH validates the signature and then permits to valid user. Monitoring Service: Monitoring Service is responsible to handle the events which are generated by endpoint or security service of SAAS components. Logging Service: Logging Service registers the service request and response messages for access the information or resources from the system. 5
6 5. CONCLUSION In this paper, we presented an approach for implement the security in SOA based distributed systems. Our approach is based on Security As A Service (SAAS) concept that gives an idea for implements the separate security as service which reduced the burden of consumer services and providers. This approach needs more research for increasing message reliability and privacy of information in distributed system. References [1] M. H. Valipour, B. AmirZafari, K. N. Maleki, and N. Daneshpour, A brief survey of software architecture concepts and service oriented architecture, in Computer Science and Information Technology, ICCSIT nd IEEE International Conference on, pp , IEEE, [2] R. Kanneganti and P. Chodavarapu, SOA Security [3] N. A. Nordbotten, XML and Web services security standards, Communications Surveys & Tutorials, IEEE, vol. 11, no. 3, pp. 4 21, [4] C. Geuer-Pollmann and J. Claessens, Web services and web service security standards, Information Security Technical Report, vol. 10, no. 1, pp , [5] E. Bertino, L. Martino, F. Paci, and A. Squicciarini, Security for web services and service-oriented architectures. Springer, [6] W. Zhang, Integrated security framework for secure web services, in 2010 Third International Symposium on Intelligent Information Technology and Security Informatics, pp , [7] A. Nadalin, C. Kaler, R. Monzillo, and P. Hallam-Baker, Web services security: SOAP message security 1.1 (WS-Security 2004), 1-spec-errata-os-SOAPMessageSecurity.pdf. [8] Z. Wu and A. C. Weaver, Using web services to exchange security tokens for federated trust management, in Web Services, ICWS IEEE International Conference on, pp , IEEE, [9] A. Moralis, V. Pouli, M. Grammatikou, S. Papavassiliou, and V. Maglaris, Performance comparison of Web services security: Kerberos token profile against X. 509 token profile, in Networking and Services, ICNS. Third International Conference on, pp , IEEE, [10] K. Bhargavan, C. Fournet, and A. D. Gordon, A semantics for web services authentication, Theoretical Computer Science, vol. 340, no. 1, pp , [11] OASIS:WS-SecurityPolicy,tutorial. [12] A. Nadalin, M. Goodner, M. Gudgin, A. Barbir, and H. Granqvist, Web services security policy language 1.2, Public Draft Specification, [13] OASIS security assertion markup language (SAML). [14] M. Memon, M. Hafner, and R. Breu, SECTISSIMO: Security As A Service- A Reference Architecture for SOA Security, in ICT-FET , FWF project, [15] A. Dikanski, C. Emig, and S. Abeck, Integration of a security product in service-oriented architecture, in Emerging Security Information, Systems and Technologies, SECURWARE 09. Third International Conference on, pp. 1 7, IEEE,
NIST s Guide to Secure Web Services
NIST s Guide to Secure Web Services Presented by Gaspar Modelo-Howard and Ratsameetip Wita Secure and Dependable Web Services National Institute of Standards and Technology. Special Publication 800-95:
More informationFederated Identity Architectures
Federated Identity Architectures Uciel Fragoso-Rodriguez Instituto Tecnológico Autónomo de México, México {uciel@itam.mx} Maryline Laurent-Maknavicius CNRS Samovar UMR 5157, GET Institut National des Télécommunications,
More informationThis Working Paper provides an introduction to the web services security standards.
International Civil Aviation Organization ATNICG WG/8-WP/12 AERONAUTICAL TELECOMMUNICATION NETWORK IMPLEMENTATION COORDINATION GROUP EIGHTH WORKING GROUP MEETING (ATNICG WG/8) Christchurch New Zealand
More informationFederated Identity Management Solutions
Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single
More informationWeb Services Security: What s Required To Secure A Service-Oriented Architecture. An Oracle White Paper January 2008
Web Services Security: What s Required To Secure A Service-Oriented Architecture An Oracle White Paper January 2008 Web Services Security: What s Required To Secure A Service-Oriented Architecture. INTRODUCTION
More informationPresented By: Muhammad Afzal 08May, 2009
Secure Web ServiceTransportation for HL7 V3.0 Messages Authors: Somia Razzaq, Maqbool Hussain, Muhammad Afzal, Hafiz Farooq Ahmad Presented By: Muhammad Afzal 08May, 2009 NUST School of Electrical Engineering
More informationWEB SERVICES SECURITY
WEB SERVICES SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationAn Oracle White Paper Dec 2013. Oracle Access Management Security Token Service
An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,
More informationService Virtualization: Managing Change in a Service-Oriented Architecture
Service Virtualization: Managing Change in a Service-Oriented Architecture Abstract Load balancers, name servers (for example, Domain Name System [DNS]), and stock brokerage services are examples of virtual
More informationA Service Oriented Security Reference Architecture
International Journal of Advanced Computer Science and Information Technology (IJACSIT) Vol. 1, No.1, October 2012, Page: 25-31, ISSN: 2296-1739 Helvetic Editions LTD, Switzerland www.elvedit.com A Service
More informationSoftware Requirement Specification Web Services Security
Software Requirement Specification Web Services Security Federation Manager 7.5 Version 0.3 (Draft) Please send comments to: dev@opensso.dev.java.net This document is subject to the following license:
More informationSecurely Managing and Exposing Web Services & Applications
Securely Managing and Exposing Web Services & Applications Philip M Walston VP Product Management Layer 7 Technologies Layer 7 SecureSpan Products Suite of security and networking products to address the
More informationWeb Service Security Vulnerabilities and Threats in the Context of WS-Security
Web Service Security Vulnerabilities and Threats in the Context of WS-Security Jesper Holgersson Eva Söderström University of Skoevde, Sweden SIIT 2005, ITU, Geneva, September 2005 Outline of presentation
More informationWeb Services Security with SOAP Security Proxies
Web Services Security with Security Proxies Gerald Brose, PhD Technical Product Manager Xtradyne Technologies AG OMG Web Services Workshop USA 22 April 2003, Philadelphia Web Services Security Risks! Exposure
More informationSecure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact
Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Robert C. Broeckelmann Jr., Enterprise Middleware Architect Ryan Triplett, Middleware Security Architect Requirements
More informationPrinciples and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards)
Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards) Michael P. Papazoglou (INFOLAB/CRISM, Tilburg University, The Netherlands)
More informationSecure Authentication and Session. State Management for Web Services
Lehman 0 Secure Authentication and Session State Management for Web Services Clay Lehman CSC 499: Honors Thesis Supervised by: Dr. R. Michael Young Lehman 1 1. Introduction Web services are a relatively
More informationCore Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems
Core Feature Comparison between XML / SOA Gateways and Web Application Firewalls Jason Macy jmacy@forumsys.com CTO, Forum Systems XML Gateway vs Competitive XML Gateways or Complementary? and s are Complementary
More informationFederated Identity and Trust Management
Redpaper Axel Buecker Paul Ashley Neil Readshaw Federated Identity and Trust Management Introduction The cost of managing the life cycle of user identities is very high. Most organizations have to manage
More informationXML Signatures in an Enterprise Service Bus Environment
XML Signatures in an Enterprise Bus Environment Eckehard Hermann Research & Development XML Integration Uhlandstraße 12 64297 Darmstadt, Germany Eckehard.Hermann@softwareag.com Dieter Kessler Research
More informationCICS Web Service Security. Anthony Papageorgiou IBM CICS Development March 13, 2012 Session: 10282
Web Service Security Anthony Papageorgiou IBM Development March 13, 2012 Session: 10282 Agenda Web Service Support Overview Security Basics and Terminology Pipeline Security Overview Identity Encryption
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?
More informationSecuring Web Services From Encryption to a Web Service Security Infrastructure
Securing Web Services From Encryption to a Web Service Security Infrastructure Kerberos WS-Security X.509 TLS Gateway OWSM WS-Policy Peter Lorenzen WS-Addressing Agent SAML Policy Manager Technology Manager
More informationIdentity as a Service Towards a Service-Oriented Identity Management Architecture
Identity as a Service Towards a Service-Oriented Identity Management Architecture Christian Emig, Frank Brandt, Sebastian Kreuzer, and Sebastian Abeck Cooperation & Management, Universität Karlsruhe (TH),
More informationMulti-Level Secure Architecture for Distributed Integrated Web Services
Multi-Level Secure Architecture for Distributed Integrated Web s J.G.R.Sathiaseelan Bishop Heber College (Autonomous) Tiruchirappalli 620 017, India jgrsathiaseelan@gmail.com S.Albert Rabara St Joseph
More informationUsing WS-Federation and WS-Security for Identity Management in Virtual Organisations
Using WS-Federation and WS-Security for Identity Management in Virtual Organisations Demchenko, Yu. , Universiteit van Amsterdam Abstracts The paper provides insight into one of key
More informationCloud-based Identity and Access Control for Diagnostic Imaging Systems
Cloud-based Identity and Access Control for Diagnostic Imaging Systems Weina Ma and Kamran Sartipi Department of Electrical, Computer and Software Engineering University of Ontario Institute of Technology
More informationWeb Services. Web Service Security. Copyright 2010 Davide Cerri & Srdjan Komazec
Web Services Web Service Security Copyright 2010 Davide Cerri & Srdjan Komazec 1 Where Are We? # Title 1 Distributed Information Systems 2 Middleware 3 Web Technologies 4 Web Services 5 Basic Web Service
More informationSecuring Web Services Using Microsoft Web Services Enhancements 1.0. Petr PALAS PortSight Software Architect petrp@portsight.com www.portsight.
Securing Web Services Using Microsoft Web Services Enhancements 1.0 Petr PALAS PortSight Software Architect petrp@portsight.com www.portsight.com Agenda What is WSE and Its Relationship to GXA Standards
More informationTrends in Information Management (TRIM) ISSN: 0973-4163 10 (1), pp. 40-50
Trends in Information Management (TRIM) ISSN: 0973-4163 10 (1), pp. 40-50 An Analytical Review of Quality Attributes of Service-Oriented Architecture Parminder Kaur Hardeep Sing Abstract Purpose: Service-Oriented
More informationOIO SAML Profile for Identity Tokens
> OIO SAML Profile for Identity Tokens Version 1.0 IT- & Telestyrelsen October 2009 Content > Document History 3 Introduction 4 Related profiles 4 Profile Requirements 6 Requirements 6
More informationResearch and Implementation of Single Sign-On Mechanism for ASP Pattern *
Research and Implementation of Single Sign-On Mechanism for ASP Pattern * Bo Li, Sheng Ge, Tian-yu Wo, and Dian-fu Ma Computer Institute, BeiHang University, PO Box 9-32 Beijing 100083 Abstract Software
More informationSecurity Issues In Cloud Computing and Countermeasures
Security Issues In Cloud Computing and Countermeasures Shipra Dubey 1, Suman Bhajia 2 and Deepika Trivedi 3 1 Department of Computer Science, Banasthali University, Jaipur, Rajasthan / India 2 Department
More informationIBM Tivoli Federated Identity Manager
IBM Tivoli Federated Identity Manager Employ user-centric federated access management to enable secure online business collaboration Highlights Enhance business-to-business and business-to-consumer collaborations
More informationReducing SOA Identity Fatigue through Automated Identity Testing
TM Reducing SOA Identity Fatigue through Automated Identity Testing By Crosscheck Networks I. Introduction Identity Management plays a pivotal role in securing Web Services-based
More informationAn Oracle White Paper November 2009. Oracle Primavera P6 EPPM Integrations with Web Services and Events
An Oracle White Paper November 2009 Oracle Primavera P6 EPPM Integrations with Web Services and Events 1 INTRODUCTION Primavera Web Services is an integration technology that extends P6 functionality and
More informationTable of Contents. 1 Executive Summary... 2 2. SOA Overview... 3 2.1 Technology... 4 2.2 Processes and Governance... 8
Table of Contents 1 Executive Summary... 2 2. SOA Overview... 3 2.1 Technology... 4 2.2 Processes and Governance... 8 3 SOA in Verizon The IT Workbench Platform... 10 3.1 Technology... 10 3.2 Processes
More informationT-Check in Technologies for Interoperability: Web Services and Security Single Sign-On
T-Check in Technologies for Interoperability: Web Services and Security Single Sign-On Lutz Wrage Soumya Simanta Grace A. Lewis Saul Jaspan December 2007 TECHNICAL NOTE CMU/SEI-2008-TN-026 Integration
More informationFederation Proxy for Cross Domain Identity Federation
Proxy for Cross Domain Identity Makoto Hatakeyama NEC Corporation, Common Platform Software Res. Lab. 1753, Shimonumabe, Nakahara-Ku, Kawasaki, Kanagawa 211-8666, Japan +81-44-431-7663 m-hatake@ax.jp.nec.com
More informationRedbook Overview Patterns: SOA Design with WebSphere Message Broker and WebSphere ESB
IBM Software for WebSphere Redbook Overview Patterns: SOA Design with WebSphere Message Broker and WebSphere ESB Presenter: Kim Clark Email: kim.clark@uk.ibm.com Date: 27/02/2007 SOA Design with WebSphere
More information2 Transport-level and Message-level Security
Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective The Globus Security Team 1 Version 4 updated September 12, 2005 Abstract This document provides an overview of the Grid Security
More informationAquaLogic Service Bus
AquaLogic Bus Wolfgang Weigend Principal Systems Engineer BEA Systems 1 What to consider when looking at ESB? Number of planned business access points Reuse across organization Reduced cost of ownership
More informationAuthentication and Authorization Systems in Cloud Environments
Authentication and Authorization Systems in Cloud Environments DAVIT HAKOBYAN Master of Science Thesis Stockholm, Sweden 2012 TRITA-ICT-EX-2012:203 Abstract The emergence of cloud computing paradigm offers
More informationWeb Services Security Standards Forum. Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc.
Web Services Security Standards Forum Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc. Web Services Security Standards For Um For um: Meeting to tell people that everyone agrees on an issue Walk the
More informationSzolgáltatásorientált rendszerintegráció. WS-* standards
Szolgáltatásorientált rendszerintegráció WS-* standards Outline Requirements WS-* standards XML digital signature XML encryption 2 Integration requirements 3 Integration within a company SAP.NET? JEE SQL
More informationA Security Framework for Access Control in Web Services
A Security Framework for Access Control in Web Services Abolfazl Esfandi, Mehdi Sabbari Department of Computer Engineering Islamic Azad University Borujerd Branch, Iran ABSTRACT In this article, we focus
More informationFederated Security: Design and Implementation
Submitted to NWeSP 05 (http://nwesp.org) 1 Federated Security: Lightweight Security Infrastructure for Object Repositories and Web Services Marek Hatala, Timmy Eap and Ashok Shah School of Interactive
More informationGENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET
http:// GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET Manisha Dawra 1, Ramdev Singh 2 1 Al-Falah School of Engg. & Tech., Vill-Dhauj, Ballabgarh-Sohna Road, Faridabad, Haryana (INDIA)-121004
More informationOPENIAM ACCESS MANAGER. Web Access Management made Easy
OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access
More informationThe Use of Service Oriented Architecture In Tax and Revenue
The Use of Service Oriented Architecture In Tax and Revenue Presented by: Bruce Baur & Adam Schaffer Revenue Solutions, Inc. Introduction Adam Schaffer Director, Revenue Administration Practice Line More
More informationMODELING AND ANALYSIS OF SECURITY STANDARDS FOR WEB SERVICES AND CLOUD COMPUTING. Ola Ajaj. A Dissertation Submitted to the Faculty of
MODELING AND ANALYSIS OF SECURITY STANDARDS FOR WEB SERVICES AND CLOUD COMPUTING by Ola Ajaj A Dissertation Submitted to the Faculty of the College of Engineering and Computer Science in Partial Fulfillment
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationHow To Make A Multi-Party Communication Secure On A Microsoft Cloud (Minware) System (Plm) (For Free) (Power) (Web) (Netware) (Cloud) (Monetar) (Free) (
Nicolai M. Josuttis IT-communication.com Stand: 12/09 2009 by IT-communication.com 1 Independent consultant continuously learning since 1962 Nicolai M. Josuttis Systems Architect, Technical Manager finance,
More informationModel driven Security of Service Oriented Systems based on Security as a Service
Japan-Austria Joint Workshop on ICT October 18-19 2010, Tokyo, Japan SECTET Model driven Security of Oriented Systems based on Security as a Basel Katt, Ruth Breu, Mukhtiar Memon and Michael Hafner Research
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationMeeting EHR Security Requirements: Authentication as asecurity Service
Meeting EHR Security Requirements: Authentication as asecurity Service Basel Katt 1 Thomas Trojer 1 Ruth Breu 1 Thomas Schabetsberger 2 Florian Wozak 2 1 Research Group Quality Engineering, University
More informationPROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN
PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN CONNECTING TO THE CLOUD DAVID CHAPPELL DECEMBER 2009 SPONSORED BY AMAZON AND MICROSOFT CORPORATION CONTENTS The Challenge:
More informationStandards for Identity & Authentication. Catherine J. Tilton 17 September 2014
Standards for Identity & Authentication Catherine J. Tilton 17 September 2014 Purpose of these standards Wide deployment of authentication technologies that may be used in a global context is heavily dependent
More informationEnabling SAML for Dynamic Identity Federation Management
Enabling SAML for Dynamic Identity Federation Management Patricia Arias Cabarcos 1, Florina Almenárez Mendoza 1, Andrés Marín López 1, Daniel Díaz Sanchez 1, P. Arias 1 et al. University Carlos III of
More informationGrid Security : Authentication and Authorization
Grid Security : Authentication and Authorization IFIP Workshop 2/7/05 Jong Kim Dept. of Computer Sci. and Eng. Pohang Univ. of Sci. and Tech. (POSTECH) Contents Grid Security Grid Security Challenges Grid
More informationJVA-122. Secure Java Web Development
JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard
More informationSecure Semantic Web Service Using SAML
Secure Semantic Web Service Using SAML JOO-YOUNG LEE and KI-YOUNG MOON Information Security Department Electronics and Telecommunications Research Institute 161 Gajeong-dong, Yuseong-gu, Daejeon KOREA
More informationImproving performance for security enabled web services. - Dr. Colm Ó héigeartaigh
Improving performance for security enabled web services - Dr. Colm Ó héigeartaigh Agenda Introduction to Apache CXF WS-Security in CXF 3.0.0 Securing Attachments in CXF 3.0.0 RS-Security in CXF 3.0.0 Some
More informationAn Open Policy Framework for Cross-vendor Integrated Governance
An Open Policy Framework for Cross-vendor Integrated Governance White Paper Intel SOA Expressway An Open Policy Framework for Cross-vendor Integrated Governance Intel SOA Expressway delivers a pluggable
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationHow To Manage Identity On A Cloud (Cloud) With A User Id And A Password (Saas)
Integral Federated Identity Management for Cloud Computing Maicon Stihler, Altair Olivo Santin, Arlindo L. Marcon Jr. Graduate Program in Computer Science Pontifical Catholic University of Paraná Curitiba,
More informationService Oriented Security Architecture, SOSA.1
Service Oriented Security Architecture Cristian Opincaru University of the German Armed Forces, Munich cristian.opincaru@unibw.de Gabriela Gheorghe Politehnica University of Bucharest gabrielagh@gmail.com
More informationREST and SOAP Services with Apache CXF
REST and SOAP Services with Apache CXF Andrei Shakirin, Talend ashakirin@talend.com ashakirin.blogspot.com/ Agenda Introduction in Apache CXF New CXF features Project using Apache CXF How CXF community
More informationA Privacy Preserving Enhanced Trust Building Mechanism for Web Services
A Privacy Preserving Enhanced Trust Building Mechanism for Web s Zhengping Wu, Alfred C. Weaver Department of Computer Science, University of Virginia 151 Engineer's Way, P.O. Box 400740, Charlottesville,
More informationA Unified Framework for Security Visualization and Enforcement in Business Process Driven Environments
Institut für Architektur von Anwendungssystemen Universität Stuttgart Universitätsstraße 38 70569 Stuttgart Diplomarbeit Nr. 3113 A Unified Framework for Security Visualization and Enforcement in Business
More informationChapter 12 GRID SECURITY ARCHITECTURE: Requirements,fundamentals, standards, and models
Author manuscript, published in Security in Distributed, Grid, Mobile, and Pervasive Computing, Auerbach Publications, pp. 255-288, April, 2007 https://www.nics.uma.es Security in Distributed, Grid, and
More information<Insert Picture Here> Oracle Web Services Manager (WSM)
Oracle Web Services Manager (WSM) Marc Chanliau Director, Product Management Outline Introduction Product Overview Typical Use-Case Scenarios Roadmap Q & A Introduction
More informationTrend of Federated Identity Management for Web Services
30 Trend of Federated Identity Management for Web Services Chulung Kim, Sangyong Han Abstract While Web service providers offer different approaches to implementing security, users of Web services demand
More informationA pattern for the WS-Trust standard for web services
A pattern for the WS-Trust standard for web services Ola Ajaj and Eduardo B. Fernandez Department of Computer and Electrical Engineering and Computer Science Florida Atlantic University 777 Glades Road,
More informationA Gateway to Web Services Security Securing SOAP with Proxies
A Gateway to Web Services Security Securing with Proxies Gerald Brose Xtradyne Technologies Schönhauser Allee 6-7, 10119 Berlin, Germany gerald.brose@xtradyne.com Abstract. Integrating applications and
More informationIdentity Management Challenges for Intercloud Applications
Identity Management Challenges for Intercloud Applications David Núñez 1, Isaac Agudo 1, Prokopios Drogkaris 2 and Stefanos Gritzalis 2 1 Department of Computer Science, E.T.S. de Ingeniería Informática,
More informationFederated Identity and Single Sign-On using CA API Gateway
WHITE PAPER DECEMBER 2014 Federated Identity and Single Sign-On using Federation for websites, Web services, APIs and the Cloud K. Scott Morrison VP Engineering and Chief Architect 2 WHITE PAPER: FEDERATED
More informationVirtual Hosting Environments for Online Gaming TG6 TG8 Meeting Paris 2008 David Brossard Senior Researcher BT CTO
Virtual Hosting Environments for Online Gaming TG6 TG8 Meeting Paris 2008 David Brossard Senior Researcher BT CTO Involved Partners: ANDAGO, ATOS, BT, CRMPA, URJC Table of Contents 1. BEinGRID Overview
More informationSecure Document Circulation Using Web Services Technologies
Secure Document Circulation Using Web Services Technologies Shane Bracher Bond University, Gold Coast QLD 4229, Australia Siemens AG (Corporate Technology), Otto-Hahn-Ring 6, 81739 Munich, Germany sbracher@student.bond.edu.au
More informationIdentity Security Using Authentication and Authorization in Cloud Computing
Identity Security Using Authentication and Authorization in Cloud Computing D.Ranjith #1, J.Srinivasan *2 # Department of Computer Science and Applications, Adhiparasakthi College of Arts and Science,Kalavai,Vellore-632506
More informationWeb Service Security Management Using Semantic Web Techniques
Web Service Security Management Using Semantic Web Techniques Diego Zuquim Guimarães Garcia Institute of Computing University of Campinas POB 6176 Postal Code 13.4-971 Campinas, SP, Brazil +55 19 3788
More informationSTUDY ON IMPROVING WEB SECURITY USING SAML TOKEN
STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN 1 Venkadesh.M M.tech, Dr.A.Chandra Sekar M.E., Ph.d MISTE 2 1 ResearchScholar, Bharath University, Chennai 73, India. venkadeshkumaresan@yahoo.co.in 2 Professor-CSC
More informationCryptoNET: Security Management Protocols
CryptoNET: Security Management Protocols ABDUL GHAFOOR ABBASI, SEAD MUFTIC CoS, School of Information and Communication Technology Royal Institute of Technology Borgarfjordsgatan 15, SE-164 40, Kista,
More informationA Quick Introduction to SOA
Software Engineering Competence Center TUTORIAL A Quick Introduction to SOA Mahmoud Mohamed AbdAllah Senior R&D Engineer-SECC mmabdallah@itida.gov.eg Waseim Hashem Mahjoub Senior R&D Engineer-SECC Copyright
More informationSecure Identity in Cloud Computing
Secure Identity in Cloud Computing Michelle Carter The Aerospace Corporation March 20, 2013 The Aerospace Corporation 2013 All trademarks, service marks, and trade names are the property of their respective
More informationComputer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt
Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................
More informationContents at a Glance. 1 Introduction 17. 2 Basic Principles of IT Security 23. 3 Authentication and Authorization in
at a Glance 1 Introduction 17 2 Basic Principles of IT Security 23 3 Authentication and Authorization in SAP NetWeaver Application Server Java 53 4 Single Sign-On 151 5 Identity Provisioning 289 6 Secure
More information000-609. IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP. Version: Demo. Page <<1/10>>
000-609 IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP Version: Demo Page 1. Which of the following is an advantage of using WS-Security instead of SSL? A. Provides assured message
More informationAccelerate your SOA Projects through Service Simulation
Accelerate your SOA Projects through Service Simulation Overview Modern web services-based Service Oriented Architecture (SOA) enables service consumers and producers to exchange messages over ubiquitous
More informationDigital Rights Management & XML Security Protocols
Digital Rights Management & ML Security Protocols Head-to-Head or Hand-in-Hand? Holly Lynne McKinley, SSCP Booz Allen Hamilton McLean, VA Introduction Digital Rights Management brings to mind controversial
More informationISSN: 2321-7782 (Online) Volume 3, Issue 6, June 2015 International Journal of Advance Research in Computer Science and Management Studies
ISSN: 2321-7782 (Online) Volume 3, Issue 6, June 2015 International Journal of Advance Research in Computer Science and Management Studies Research Article / Survey Paper / Case Study Available online
More informationManaging SOA Security and Operations with SecureSpan
Managing SOA Security and Operations with SecureSpan Francois Lascelles Technical Director, Layer 7 Technologies 1 Customers Revenue About Layer 7 Layer 7 is the leading vendor of security and governance
More informationFederated Identity in the Enterprise
www.css-security.com 425.216.0720 WHITE PAPER The proliferation of user accounts can lead to a lowering of the enterprise security posture as users record their account information in order to remember
More informationSecure and Privacy-Preserving DRM for Mobile Devices with Web Service Security An Experience Report
Secure and Privacy-Preserving DRM for Mobile Devices with Web Service Security An Experience Report Carsten Kleiner and Lukas Grittner and Daniel Kadenbach Abstract Preserving the customer s privacy has
More informationTitle: A Client Middleware for Token-Based Unified Single Sign On to edugain
Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Sascha Neinert Computing Centre University of Stuttgart, Allmandring 30a, 70550 Stuttgart, Germany e-mail: sascha.neinert@rus.uni-stuttgart.de
More informationAmeritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines
Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...
More informationIDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation
IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Author: Creation Date: Last Updated: Version: I. Bailey May 28, 2008 March 23, 2009 0.7 Reviewed By Name Organization
More informationCHAPTER - 3 WEB APPLICATION AND SECURITY
CHAPTER - 3 WEB APPLICATION AND SECURITY 3.1 Introduction Web application or Wepapp is the general term that is normally used to refer to all distributed web-based applications. According to the more technical
More informationWeb Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.
Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On
More information