A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems"

Transcription

1 Volume 1, Number 2, December 2014 JOURNAL OF COMPUTER SCIENCE AND SOFTWARE APPLICATION A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems Satish Kumar*, Avadhesh Kumar Gupta Institute of Management Studies, Ghaziabad, Uttar Pradesh, India. *Corresponding author: Abstract: Service-Oriented Architecture (SOA) is an architectural paradigm for developing distributed systems. One of the major challenge in the designing of SOA is developing its security requirements. SOA security is an overarching concern because it affects discovery and interaction of services and applications in an SOA environment. In recent years, a lot of solutions have been implemented such as Web Service Security (WS-Security), WS Trust and Web Service Security Policy (WS-Security Policy) standards. These standards are not sufficient for the promising enterprise system security. In this paper, we proposed a security model for SOA that constitute the foundation for our Security As A service (SAAS) approach. Based on the model for service interaction that describes exchange of secured messaging in distributed environment. Keywords: Service-Oriented Architecture; Security As A Service; WS-Trust; Web Services 1. INTRODUCTION Service-Oriented Architecture (SOA) has become a popular architecture pattern in enterprise application development. Due to the emergence of web services that are implemented by SOA is a solution of enterprise application development due to platform and language independent. SOA based application is a combination of services and these services could be implemented in different technologies and are deployed over heterogeneous networks [1]. In distributed environment, security is a critical issue for enterprise systems and it is necessary to ensure security in SOA based application. When the advance of Web services technologies have been used increasingly, the next issue which should be concerned is security for the information or message transferred across the network. There are several approaches for implement the security in SOA based application. In traditional security approaches make the impact of performance and high cost maintenance of application [2]. Another approach has come up with the solution of these problem is called Security As A Service (SAAS). For example: In traditional security approaches, application has built with few services and each service implemented its with own security which is invoked as a part of service consumer and provider as depicts in Figure 1. When enterprise needs to secure large number of services. The traditional security approach is not right way of security implementation due to replication of security enforcement machinery across all 1

2 Figure 1. Security implementation as part of each services service consumer. services and service consumers [2]. Worse still, if security requirements differ for each application then the security machinery of each security will check similar security leading to high maintenance cost. Security as service depicts in Figure 2 is a solution over traditional approach for building secure large number of services. This approach explores a way of shifting some of the security enforcement burden from service consumer and service to a shared security service. A shared service helps to enforce security polices consistently across all services. This approach is not completely suitable from the performance point of view. For example, suppose several service consumers want to access the service at the same time, the security credentials will be checked at the server side and take more time for validation. 2. RELATED WORK The well-known standard for security requirements of web services are integrity, confidentiality and availability. There are various techniques to tackle these three security aspects such as using XML Signature or digital signature in XML format to ensure the data integrity, using XML Encryption to provide confidentiality while a message is in transit over the network [3]. WS-Reliable Messaging Protocol to guarantee that a message transited in the network layer has been received by receiver [4]. Although, there are various standards for Web services security but perhaps the most important standard is WS-Trust, because it is used for identifying trust relationship by using concept of Security token services (STS) as well as WS-Policy. WS-Secure Conversation is designed to deal with tokens of message exchange in a short period of time whereas WS-Federation is designed for managing trust relationships in different types of system. The last one is WS-Authorization designed to support authorization mechanism for data transferred between applications. SOAP message security is one of the most vital concerns for security in Web services as a result of various types of attacks such as replay attack, man-in-the middle attack and token substitution attack which can break down message confidentiality and integrity [5]. So WS-Security is a security standard to deal with those problems by using XML Encryption and XML 2

3 A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems Figure 2. Security implementation as a separate service. Signature to protect confidentiality and integrity respectively. Furthermore, WS-Security supports security token which is commonly used to provide authentication and authorization. According to Zhang [6], there are several techniques for token-based authentication namely username, X.509 PKI certificates, Kerberos tickets, Security Assertions Markup Language (SAML) and Web Services Security Rights Expression Language (REL) or known as XML Rights Management Language (XrML) [3]. They can be categorized into three types which are unsigned security token namely username token profile, signed security token namely X.509 certificates and Kerberos tickets, XML security token namely SAML and XrM [7, 8]. The different between Kerberos tickets and X.509 certificates is encryption algorithm, the former uses symmetric encryption algorithm whereas the latter uses public key encryption [9]. According to Nordbotten [3], username token can prevent replay attacks by including nonce and timestamp in the message (this method can use in every security token mechanisms), Fournet and Gordon [10] shows that username token is not a strong authentication enough to prevent from attackers. However, they suggest solution that it may be stronger if XML digital signature is added in conjunction with username token. There are some research papers about performance comparison of Kerberos and X.509 token profile illustrated that transfer rate of Kerberos token profile is far outweigh X.509 token profile by 28% due to different type of cryptographic algorithm [9]. However, there is some threat engage to Kerberos token profile which is Kerberos is prone to key re-use. REL/XrML is different from SAML because it is based on license as a security token, used for providing key to authorization in the message. On the other hand, because of its format is in XML format so that it is similar to SAML, Nordbotten [3] suggested that using SAML rather than using REL/XrML due to the fact that SAML is more broadly accepted by many Web services applications. Potential threats of SAML and REL/XrML are same as other security token formats and can protect by using signature and encryption technique. 3

4 Figure 3. Security implementation as a separate service on ESB. 3. STANDARDS FOR IMPLEMENTING SECURITY AS A SERVICE A number of standards and technologies are available for implementing security as a service. Some of them are: WS-Trust: WS-Trust defines a standard interface for obtaining/issuing, renewing, cancelling, and validating security tokens such as SAML assertions. Specifically, a security token service (STS) is defined, providing these mechanisms as web services [11, 12]. So, after discovering what security token is required, the service consumer may use WS-Trust in order to obtain required token from an STS. Security Assertion Markup Language (SAML): SAML is used to exchange the security information among different security domain [13]. SAML provides two services such as authentication and authorization services. Based on SAML protocol, authentication service creates request and response which are used by Security Token Service (STS) for validating the user. WS-Addressing: Standardize SOAP specification explicitly supports the use of one or more intermediaries (such as secure services) in message path by laying down specific rule for preventing destination endpoint information when routing a message via the security service [7]. 4. NEW APPROACH FOR MODELLING SECURITY AS A SERVICE (SAAS) Security As A Service (SAAS) approach is a better choice to solve SOA security based on the concept of shared services. Security services are effectively and correctly implemented and also scaled locally outside the system or as a domain wide service [2, 14]. We proposed a new way of implementing the security by using SAAS approach shown in Figure 3. In this way, SAAS approach is implemented on the Enterprise Service Bus (ESB). An ESB has the ability to implement the shared security and improve the performance of application. On ESB, security credentials are validating during the transmission of data or request from the service consumer to service. The time will be reduced for processing the request due to security validation has validated on ESB and the overall performance of the system will be increased. 4

5 A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems Figure 4. Shared security service architecture in a domain. 4.1 Proposed model for SAAS implementation The proposed architecture of SAAS approach is based on concept of shared security service implemented in University System as depicts in Figure 4. The higher part of this architecture shows the University System, which contain various service endpoints. The lover part shows SAAS components and security interfaces. The global request and response handlers are integrated with service endpoints. These handlers interrupt the incoming and outgoing message to or from a service endpoint and provide primitive security. Proposed SAAS based architecture approach breaks the security tasks into SAAS Component and service endpoint security architecture. Endpoint integrated security perform security task such as encryption/decryption, validation and key exchange by using Security Proxy Handler [14, 15]. SAAS components are the core which are deployed by security domain that provides shared security to all service endpoints in this domain. Policy Repository contains policies for different security requirements such as authentication, authorization etc. Authentication Service: Authentication Service provides user authentication inside or outside the domain. Authentication Services validate the user identity and send the signed authentication decision to endpoint. At the endpoint, SPH validates the signature before forwarding the authentication decision to intended services. Authorization Service: Authorization Service is used to verify the permission assigned to user from the policy repository. Authorization Service sends the authorization assertion to endpoint. At the endpoint, SPH validates the signature and then permits to valid user. Monitoring Service: Monitoring Service is responsible to handle the events which are generated by endpoint or security service of SAAS components. Logging Service: Logging Service registers the service request and response messages for access the information or resources from the system. 5

6 5. CONCLUSION In this paper, we presented an approach for implement the security in SOA based distributed systems. Our approach is based on Security As A Service (SAAS) concept that gives an idea for implements the separate security as service which reduced the burden of consumer services and providers. This approach needs more research for increasing message reliability and privacy of information in distributed system. References [1] M. H. Valipour, B. AmirZafari, K. N. Maleki, and N. Daneshpour, A brief survey of software architecture concepts and service oriented architecture, in Computer Science and Information Technology, ICCSIT nd IEEE International Conference on, pp , IEEE, [2] R. Kanneganti and P. Chodavarapu, SOA Security [3] N. A. Nordbotten, XML and Web services security standards, Communications Surveys & Tutorials, IEEE, vol. 11, no. 3, pp. 4 21, [4] C. Geuer-Pollmann and J. Claessens, Web services and web service security standards, Information Security Technical Report, vol. 10, no. 1, pp , [5] E. Bertino, L. Martino, F. Paci, and A. Squicciarini, Security for web services and service-oriented architectures. Springer, [6] W. Zhang, Integrated security framework for secure web services, in 2010 Third International Symposium on Intelligent Information Technology and Security Informatics, pp , [7] A. Nadalin, C. Kaler, R. Monzillo, and P. Hallam-Baker, Web services security: SOAP message security 1.1 (WS-Security 2004), 1-spec-errata-os-SOAPMessageSecurity.pdf. [8] Z. Wu and A. C. Weaver, Using web services to exchange security tokens for federated trust management, in Web Services, ICWS IEEE International Conference on, pp , IEEE, [9] A. Moralis, V. Pouli, M. Grammatikou, S. Papavassiliou, and V. Maglaris, Performance comparison of Web services security: Kerberos token profile against X. 509 token profile, in Networking and Services, ICNS. Third International Conference on, pp , IEEE, [10] K. Bhargavan, C. Fournet, and A. D. Gordon, A semantics for web services authentication, Theoretical Computer Science, vol. 340, no. 1, pp , [11] OASIS:WS-SecurityPolicy,tutorial. [12] A. Nadalin, M. Goodner, M. Gudgin, A. Barbir, and H. Granqvist, Web services security policy language 1.2, Public Draft Specification, [13] OASIS security assertion markup language (SAML). [14] M. Memon, M. Hafner, and R. Breu, SECTISSIMO: Security As A Service- A Reference Architecture for SOA Security, in ICT-FET , FWF project, [15] A. Dikanski, C. Emig, and S. Abeck, Integration of a security product in service-oriented architecture, in Emerging Security Information, Systems and Technologies, SECURWARE 09. Third International Conference on, pp. 1 7, IEEE,

NIST s Guide to Secure Web Services

NIST s Guide to Secure Web Services NIST s Guide to Secure Web Services Presented by Gaspar Modelo-Howard and Ratsameetip Wita Secure and Dependable Web Services National Institute of Standards and Technology. Special Publication 800-95:

More information

Federated Identity Architectures

Federated Identity Architectures Federated Identity Architectures Uciel Fragoso-Rodriguez Instituto Tecnológico Autónomo de México, México {uciel@itam.mx} Maryline Laurent-Maknavicius CNRS Samovar UMR 5157, GET Institut National des Télécommunications,

More information

This Working Paper provides an introduction to the web services security standards.

This Working Paper provides an introduction to the web services security standards. International Civil Aviation Organization ATNICG WG/8-WP/12 AERONAUTICAL TELECOMMUNICATION NETWORK IMPLEMENTATION COORDINATION GROUP EIGHTH WORKING GROUP MEETING (ATNICG WG/8) Christchurch New Zealand

More information

Federated Identity Management Solutions

Federated Identity Management Solutions Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single

More information

WEB SERVICES SECURITY

WEB SERVICES SECURITY WEB SERVICES SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Web Services Security: What s Required To Secure A Service-Oriented Architecture. An Oracle White Paper January 2008

Web Services Security: What s Required To Secure A Service-Oriented Architecture. An Oracle White Paper January 2008 Web Services Security: What s Required To Secure A Service-Oriented Architecture An Oracle White Paper January 2008 Web Services Security: What s Required To Secure A Service-Oriented Architecture. INTRODUCTION

More information

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,

More information

Presented By: Muhammad Afzal 08May, 2009

Presented By: Muhammad Afzal 08May, 2009 Secure Web ServiceTransportation for HL7 V3.0 Messages Authors: Somia Razzaq, Maqbool Hussain, Muhammad Afzal, Hafiz Farooq Ahmad Presented By: Muhammad Afzal 08May, 2009 NUST School of Electrical Engineering

More information

Service Virtualization: Managing Change in a Service-Oriented Architecture

Service Virtualization: Managing Change in a Service-Oriented Architecture Service Virtualization: Managing Change in a Service-Oriented Architecture Abstract Load balancers, name servers (for example, Domain Name System [DNS]), and stock brokerage services are examples of virtual

More information

A Service Oriented Security Reference Architecture

A Service Oriented Security Reference Architecture International Journal of Advanced Computer Science and Information Technology (IJACSIT) Vol. 1, No.1, October 2012, Page: 25-31, ISSN: 2296-1739 Helvetic Editions LTD, Switzerland www.elvedit.com A Service

More information

Software Requirement Specification Web Services Security

Software Requirement Specification Web Services Security Software Requirement Specification Web Services Security Federation Manager 7.5 Version 0.3 (Draft) Please send comments to: dev@opensso.dev.java.net This document is subject to the following license:

More information

Securely Managing and Exposing Web Services & Applications

Securely Managing and Exposing Web Services & Applications Securely Managing and Exposing Web Services & Applications Philip M Walston VP Product Management Layer 7 Technologies Layer 7 SecureSpan Products Suite of security and networking products to address the

More information

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Robert C. Broeckelmann Jr., Enterprise Middleware Architect Ryan Triplett, Middleware Security Architect Requirements

More information

Web Service Security Vulnerabilities and Threats in the Context of WS-Security

Web Service Security Vulnerabilities and Threats in the Context of WS-Security Web Service Security Vulnerabilities and Threats in the Context of WS-Security Jesper Holgersson Eva Söderström University of Skoevde, Sweden SIIT 2005, ITU, Geneva, September 2005 Outline of presentation

More information

CICS Web Service Security. Anthony Papageorgiou IBM CICS Development March 13, 2012 Session: 10282

CICS Web Service Security. Anthony Papageorgiou IBM CICS Development March 13, 2012 Session: 10282 Web Service Security Anthony Papageorgiou IBM Development March 13, 2012 Session: 10282 Agenda Web Service Support Overview Security Basics and Terminology Pipeline Security Overview Identity Encryption

More information

Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards)

Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards) Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards) Michael P. Papazoglou (INFOLAB/CRISM, Tilburg University, The Netherlands)

More information

Web Services Security with SOAP Security Proxies

Web Services Security with SOAP Security Proxies Web Services Security with Security Proxies Gerald Brose, PhD Technical Product Manager Xtradyne Technologies AG OMG Web Services Workshop USA 22 April 2003, Philadelphia Web Services Security Risks! Exposure

More information

Secure Authentication and Session. State Management for Web Services

Secure Authentication and Session. State Management for Web Services Lehman 0 Secure Authentication and Session State Management for Web Services Clay Lehman CSC 499: Honors Thesis Supervised by: Dr. R. Michael Young Lehman 1 1. Introduction Web services are a relatively

More information

Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems

Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems Core Feature Comparison between XML / SOA Gateways and Web Application Firewalls Jason Macy jmacy@forumsys.com CTO, Forum Systems XML Gateway vs Competitive XML Gateways or Complementary? and s are Complementary

More information

Securing Web Services From Encryption to a Web Service Security Infrastructure

Securing Web Services From Encryption to a Web Service Security Infrastructure Securing Web Services From Encryption to a Web Service Security Infrastructure Kerberos WS-Security X.509 TLS Gateway OWSM WS-Policy Peter Lorenzen WS-Addressing Agent SAML Policy Manager Technology Manager

More information

XML Signatures in an Enterprise Service Bus Environment

XML Signatures in an Enterprise Service Bus Environment XML Signatures in an Enterprise Bus Environment Eckehard Hermann Research & Development XML Integration Uhlandstraße 12 64297 Darmstadt, Germany Eckehard.Hermann@softwareag.com Dieter Kessler Research

More information

Research and Implementation of Single Sign-On Mechanism for ASP Pattern *

Research and Implementation of Single Sign-On Mechanism for ASP Pattern * Research and Implementation of Single Sign-On Mechanism for ASP Pattern * Bo Li, Sheng Ge, Tian-yu Wo, and Dian-fu Ma Computer Institute, BeiHang University, PO Box 9-32 Beijing 100083 Abstract Software

More information

Identity as a Service Towards a Service-Oriented Identity Management Architecture

Identity as a Service Towards a Service-Oriented Identity Management Architecture Identity as a Service Towards a Service-Oriented Identity Management Architecture Christian Emig, Frank Brandt, Sebastian Kreuzer, and Sebastian Abeck Cooperation & Management, Universität Karlsruhe (TH),

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?

More information

Multi-Level Secure Architecture for Distributed Integrated Web Services

Multi-Level Secure Architecture for Distributed Integrated Web Services Multi-Level Secure Architecture for Distributed Integrated Web s J.G.R.Sathiaseelan Bishop Heber College (Autonomous) Tiruchirappalli 620 017, India jgrsathiaseelan@gmail.com S.Albert Rabara St Joseph

More information

Using WS-Federation and WS-Security for Identity Management in Virtual Organisations

Using WS-Federation and WS-Security for Identity Management in Virtual Organisations Using WS-Federation and WS-Security for Identity Management in Virtual Organisations Demchenko, Yu. , Universiteit van Amsterdam Abstracts The paper provides insight into one of key

More information

Federated Identity and Trust Management

Federated Identity and Trust Management Redpaper Axel Buecker Paul Ashley Neil Readshaw Federated Identity and Trust Management Introduction The cost of managing the life cycle of user identities is very high. Most organizations have to manage

More information

An Oracle White Paper November 2009. Oracle Primavera P6 EPPM Integrations with Web Services and Events

An Oracle White Paper November 2009. Oracle Primavera P6 EPPM Integrations with Web Services and Events An Oracle White Paper November 2009 Oracle Primavera P6 EPPM Integrations with Web Services and Events 1 INTRODUCTION Primavera Web Services is an integration technology that extends P6 functionality and

More information

Federation Proxy for Cross Domain Identity Federation

Federation Proxy for Cross Domain Identity Federation Proxy for Cross Domain Identity Makoto Hatakeyama NEC Corporation, Common Platform Software Res. Lab. 1753, Shimonumabe, Nakahara-Ku, Kawasaki, Kanagawa 211-8666, Japan +81-44-431-7663 m-hatake@ax.jp.nec.com

More information

IBM Tivoli Federated Identity Manager

IBM Tivoli Federated Identity Manager IBM Tivoli Federated Identity Manager Employ user-centric federated access management to enable secure online business collaboration Highlights Enhance business-to-business and business-to-consumer collaborations

More information

Securing Web Services Using Microsoft Web Services Enhancements 1.0. Petr PALAS PortSight Software Architect petrp@portsight.com www.portsight.

Securing Web Services Using Microsoft Web Services Enhancements 1.0. Petr PALAS PortSight Software Architect petrp@portsight.com www.portsight. Securing Web Services Using Microsoft Web Services Enhancements 1.0 Petr PALAS PortSight Software Architect petrp@portsight.com www.portsight.com Agenda What is WSE and Its Relationship to GXA Standards

More information

Reducing SOA Identity Fatigue through Automated Identity Testing

Reducing SOA Identity Fatigue through Automated Identity Testing TM Reducing SOA Identity Fatigue through Automated Identity Testing By Crosscheck Networks I. Introduction Identity Management plays a pivotal role in securing Web Services-based

More information

Web Services. Web Service Security. Copyright 2010 Davide Cerri & Srdjan Komazec

Web Services. Web Service Security. Copyright 2010 Davide Cerri & Srdjan Komazec Web Services Web Service Security Copyright 2010 Davide Cerri & Srdjan Komazec 1 Where Are We? # Title 1 Distributed Information Systems 2 Middleware 3 Web Technologies 4 Web Services 5 Basic Web Service

More information

Cloud-based Identity and Access Control for Diagnostic Imaging Systems

Cloud-based Identity and Access Control for Diagnostic Imaging Systems Cloud-based Identity and Access Control for Diagnostic Imaging Systems Weina Ma and Kamran Sartipi Department of Electrical, Computer and Software Engineering University of Ontario Institute of Technology

More information

Table of Contents. 1 Executive Summary... 2 2. SOA Overview... 3 2.1 Technology... 4 2.2 Processes and Governance... 8

Table of Contents. 1 Executive Summary... 2 2. SOA Overview... 3 2.1 Technology... 4 2.2 Processes and Governance... 8 Table of Contents 1 Executive Summary... 2 2. SOA Overview... 3 2.1 Technology... 4 2.2 Processes and Governance... 8 3 SOA in Verizon The IT Workbench Platform... 10 3.1 Technology... 10 3.2 Processes

More information

OIO SAML Profile for Identity Tokens

OIO SAML Profile for Identity Tokens > OIO SAML Profile for Identity Tokens Version 1.0 IT- & Telestyrelsen October 2009 Content > Document History 3 Introduction 4 Related profiles 4 Profile Requirements 6 Requirements 6

More information

Trends in Information Management (TRIM) ISSN: 0973-4163 10 (1), pp. 40-50

Trends in Information Management (TRIM) ISSN: 0973-4163 10 (1), pp. 40-50 Trends in Information Management (TRIM) ISSN: 0973-4163 10 (1), pp. 40-50 An Analytical Review of Quality Attributes of Service-Oriented Architecture Parminder Kaur Hardeep Sing Abstract Purpose: Service-Oriented

More information

AquaLogic Service Bus

AquaLogic Service Bus AquaLogic Bus Wolfgang Weigend Principal Systems Engineer BEA Systems 1 What to consider when looking at ESB? Number of planned business access points Reuse across organization Reduced cost of ownership

More information

2 Transport-level and Message-level Security

2 Transport-level and Message-level Security Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective The Globus Security Team 1 Version 4 updated September 12, 2005 Abstract This document provides an overview of the Grid Security

More information

OpenHRE Security Architecture. (DRAFT v0.5)

OpenHRE Security Architecture. (DRAFT v0.5) OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2

More information

Security Issues In Cloud Computing and Countermeasures

Security Issues In Cloud Computing and Countermeasures Security Issues In Cloud Computing and Countermeasures Shipra Dubey 1, Suman Bhajia 2 and Deepika Trivedi 3 1 Department of Computer Science, Banasthali University, Jaipur, Rajasthan / India 2 Department

More information

Authentication and Authorization Systems in Cloud Environments

Authentication and Authorization Systems in Cloud Environments Authentication and Authorization Systems in Cloud Environments DAVIT HAKOBYAN Master of Science Thesis Stockholm, Sweden 2012 TRITA-ICT-EX-2012:203 Abstract The emergence of cloud computing paradigm offers

More information

OPENIAM ACCESS MANAGER. Web Access Management made Easy

OPENIAM ACCESS MANAGER. Web Access Management made Easy OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access

More information

T-Check in Technologies for Interoperability: Web Services and Security Single Sign-On

T-Check in Technologies for Interoperability: Web Services and Security Single Sign-On T-Check in Technologies for Interoperability: Web Services and Security Single Sign-On Lutz Wrage Soumya Simanta Grace A. Lewis Saul Jaspan December 2007 TECHNICAL NOTE CMU/SEI-2008-TN-026 Integration

More information

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET http:// GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET Manisha Dawra 1, Ramdev Singh 2 1 Al-Falah School of Engg. & Tech., Vill-Dhauj, Ballabgarh-Sohna Road, Faridabad, Haryana (INDIA)-121004

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Redbook Overview Patterns: SOA Design with WebSphere Message Broker and WebSphere ESB

Redbook Overview Patterns: SOA Design with WebSphere Message Broker and WebSphere ESB IBM Software for WebSphere Redbook Overview Patterns: SOA Design with WebSphere Message Broker and WebSphere ESB Presenter: Kim Clark Email: kim.clark@uk.ibm.com Date: 27/02/2007 SOA Design with WebSphere

More information

Secure Semantic Web Service Using SAML

Secure Semantic Web Service Using SAML Secure Semantic Web Service Using SAML JOO-YOUNG LEE and KI-YOUNG MOON Information Security Department Electronics and Telecommunications Research Institute 161 Gajeong-dong, Yuseong-gu, Daejeon KOREA

More information

The increasing popularity of mobile devices is rapidly changing how and where we

The increasing popularity of mobile devices is rapidly changing how and where we Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

More information

Model driven Security of Service Oriented Systems based on Security as a Service

Model driven Security of Service Oriented Systems based on Security as a Service Japan-Austria Joint Workshop on ICT October 18-19 2010, Tokyo, Japan SECTET Model driven Security of Oriented Systems based on Security as a Basel Katt, Ruth Breu, Mukhtiar Memon and Michael Hafner Research

More information

Szolgáltatásorientált rendszerintegráció. WS-* standards

Szolgáltatásorientált rendszerintegráció. WS-* standards Szolgáltatásorientált rendszerintegráció WS-* standards Outline Requirements WS-* standards XML digital signature XML encryption 2 Integration requirements 3 Integration within a company SAP.NET? JEE SQL

More information

Web Services Security Standards Forum. Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc.

Web Services Security Standards Forum. Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc. Web Services Security Standards Forum Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc. Web Services Security Standards For Um For um: Meeting to tell people that everyone agrees on an issue Walk the

More information

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN CONNECTING TO THE CLOUD DAVID CHAPPELL DECEMBER 2009 SPONSORED BY AMAZON AND MICROSOFT CORPORATION CONTENTS The Challenge:

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

A Security Framework for Access Control in Web Services

A Security Framework for Access Control in Web Services A Security Framework for Access Control in Web Services Abolfazl Esfandi, Mehdi Sabbari Department of Computer Engineering Islamic Azad University Borujerd Branch, Iran ABSTRACT In this article, we focus

More information

An Open Policy Framework for Cross-vendor Integrated Governance

An Open Policy Framework for Cross-vendor Integrated Governance An Open Policy Framework for Cross-vendor Integrated Governance White Paper Intel SOA Expressway An Open Policy Framework for Cross-vendor Integrated Governance Intel SOA Expressway delivers a pluggable

More information

A Privacy Preserving Enhanced Trust Building Mechanism for Web Services

A Privacy Preserving Enhanced Trust Building Mechanism for Web Services A Privacy Preserving Enhanced Trust Building Mechanism for Web s Zhengping Wu, Alfred C. Weaver Department of Computer Science, University of Virginia 151 Engineer's Way, P.O. Box 400740, Charlottesville,

More information

MODELING AND ANALYSIS OF SECURITY STANDARDS FOR WEB SERVICES AND CLOUD COMPUTING. Ola Ajaj. A Dissertation Submitted to the Faculty of

MODELING AND ANALYSIS OF SECURITY STANDARDS FOR WEB SERVICES AND CLOUD COMPUTING. Ola Ajaj. A Dissertation Submitted to the Faculty of MODELING AND ANALYSIS OF SECURITY STANDARDS FOR WEB SERVICES AND CLOUD COMPUTING by Ola Ajaj A Dissertation Submitted to the Faculty of the College of Engineering and Computer Science in Partial Fulfillment

More information

The Use of Service Oriented Architecture In Tax and Revenue

The Use of Service Oriented Architecture In Tax and Revenue The Use of Service Oriented Architecture In Tax and Revenue Presented by: Bruce Baur & Adam Schaffer Revenue Solutions, Inc. Introduction Adam Schaffer Director, Revenue Administration Practice Line More

More information

SOA im Alltag 28.12.2009. Copyright 2009 by Nicolai Josuttis, IT-communication.de 1. Nicolai Josuttis. IT-communication.com.

SOA im Alltag 28.12.2009. Copyright 2009 by Nicolai Josuttis, IT-communication.de 1. Nicolai Josuttis. IT-communication.com. Nicolai M. Josuttis IT-communication.com Stand: 12/09 2009 by IT-communication.com 1 Independent consultant continuously learning since 1962 Nicolai M. Josuttis Systems Architect, Technical Manager finance,

More information

Enabling SAML for Dynamic Identity Federation Management

Enabling SAML for Dynamic Identity Federation Management Enabling SAML for Dynamic Identity Federation Management Patricia Arias Cabarcos 1, Florina Almenárez Mendoza 1, Andrés Marín López 1, Daniel Díaz Sanchez 1, P. Arias 1 et al. University Carlos III of

More information

Integral Federated Identity Management for Cloud Computing

Integral Federated Identity Management for Cloud Computing Integral Federated Identity Management for Cloud Computing Maicon Stihler, Altair Olivo Santin, Arlindo L. Marcon Jr. Graduate Program in Computer Science Pontifical Catholic University of Paraná Curitiba,

More information

<Insert Picture Here> Oracle Web Services Manager (WSM)

<Insert Picture Here> Oracle Web Services Manager (WSM) Oracle Web Services Manager (WSM) Marc Chanliau Director, Product Management Outline Introduction Product Overview Typical Use-Case Scenarios Roadmap Q & A Introduction

More information

Federated Security: Lightweight Security Infrastructure for Object Repositories and Web Services

Federated Security: Lightweight Security Infrastructure for Object Repositories and Web Services Submitted to NWeSP 05 (http://nwesp.org) 1 Federated Security: Lightweight Security Infrastructure for Object Repositories and Web Services Marek Hatala, Timmy Eap and Ashok Shah School of Interactive

More information

Meeting EHR Security Requirements: Authentication as asecurity Service

Meeting EHR Security Requirements: Authentication as asecurity Service Meeting EHR Security Requirements: Authentication as asecurity Service Basel Katt 1 Thomas Trojer 1 Ruth Breu 1 Thomas Schabetsberger 2 Florian Wozak 2 1 Research Group Quality Engineering, University

More information

Service Oriented Security Architecture

Service Oriented Security Architecture Service Oriented Security Architecture Cristian Opincaru University of the German Armed Forces, Munich cristian.opincaru@unibw.de Gabriela Gheorghe Politehnica University of Bucharest gabrielagh@gmail.com

More information

Accelerate your SOA Projects through Service Simulation

Accelerate your SOA Projects through Service Simulation Accelerate your SOA Projects through Service Simulation Overview Modern web services-based Service Oriented Architecture (SOA) enables service consumers and producers to exchange messages over ubiquitous

More information

A pattern for the WS-Trust standard for web services

A pattern for the WS-Trust standard for web services A pattern for the WS-Trust standard for web services Ola Ajaj and Eduardo B. Fernandez Department of Computer and Electrical Engineering and Computer Science Florida Atlantic University 777 Glades Road,

More information

Standards for Identity & Authentication. Catherine J. Tilton 17 September 2014

Standards for Identity & Authentication. Catherine J. Tilton 17 September 2014 Standards for Identity & Authentication Catherine J. Tilton 17 September 2014 Purpose of these standards Wide deployment of authentication technologies that may be used in a global context is heavily dependent

More information

JVA-122. Secure Java Web Development

JVA-122. Secure Java Web Development JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard

More information

Grid Security : Authentication and Authorization

Grid Security : Authentication and Authorization Grid Security : Authentication and Authorization IFIP Workshop 2/7/05 Jong Kim Dept. of Computer Sci. and Eng. Pohang Univ. of Sci. and Tech. (POSTECH) Contents Grid Security Grid Security Challenges Grid

More information

Virtual Hosting Environments for Online Gaming TG6 TG8 Meeting Paris 2008 David Brossard Senior Researcher BT CTO

Virtual Hosting Environments for Online Gaming TG6 TG8 Meeting Paris 2008 David Brossard Senior Researcher BT CTO Virtual Hosting Environments for Online Gaming TG6 TG8 Meeting Paris 2008 David Brossard Senior Researcher BT CTO Involved Partners: ANDAGO, ATOS, BT, CRMPA, URJC Table of Contents 1. BEinGRID Overview

More information

Improving performance for security enabled web services. - Dr. Colm Ó héigeartaigh

Improving performance for security enabled web services. - Dr. Colm Ó héigeartaigh Improving performance for security enabled web services - Dr. Colm Ó héigeartaigh Agenda Introduction to Apache CXF WS-Security in CXF 3.0.0 Securing Attachments in CXF 3.0.0 RS-Security in CXF 3.0.0 Some

More information

Digital Rights Management & XML Security Protocols

Digital Rights Management & XML Security Protocols Digital Rights Management & ML Security Protocols Head-to-Head or Hand-in-Hand? Holly Lynne McKinley, SSCP Booz Allen Hamilton McLean, VA Introduction Digital Rights Management brings to mind controversial

More information

A Gateway to Web Services Security Securing SOAP with Proxies

A Gateway to Web Services Security Securing SOAP with Proxies A Gateway to Web Services Security Securing with Proxies Gerald Brose Xtradyne Technologies Schönhauser Allee 6-7, 10119 Berlin, Germany gerald.brose@xtradyne.com Abstract. Integrating applications and

More information

Contents at a Glance. 1 Introduction 17. 2 Basic Principles of IT Security 23. 3 Authentication and Authorization in

Contents at a Glance. 1 Introduction 17. 2 Basic Principles of IT Security 23. 3 Authentication and Authorization in at a Glance 1 Introduction 17 2 Basic Principles of IT Security 23 3 Authentication and Authorization in SAP NetWeaver Application Server Java 53 4 Single Sign-On 151 5 Identity Provisioning 289 6 Secure

More information

A Quick Introduction to SOA

A Quick Introduction to SOA Software Engineering Competence Center TUTORIAL A Quick Introduction to SOA Mahmoud Mohamed AbdAllah Senior R&D Engineer-SECC mmabdallah@itida.gov.eg Waseim Hashem Mahjoub Senior R&D Engineer-SECC Copyright

More information

Secure Document Circulation Using Web Services Technologies

Secure Document Circulation Using Web Services Technologies Secure Document Circulation Using Web Services Technologies Shane Bracher Bond University, Gold Coast QLD 4229, Australia Siemens AG (Corporate Technology), Otto-Hahn-Ring 6, 81739 Munich, Germany sbracher@student.bond.edu.au

More information

REST and SOAP Services with Apache CXF

REST and SOAP Services with Apache CXF REST and SOAP Services with Apache CXF Andrei Shakirin, Talend ashakirin@talend.com ashakirin.blogspot.com/ Agenda Introduction in Apache CXF New CXF features Project using Apache CXF How CXF community

More information

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................

More information

Identity Security Using Authentication and Authorization in Cloud Computing

Identity Security Using Authentication and Authorization in Cloud Computing Identity Security Using Authentication and Authorization in Cloud Computing D.Ranjith #1, J.Srinivasan *2 # Department of Computer Science and Applications, Adhiparasakthi College of Arts and Science,Kalavai,Vellore-632506

More information

Managing SOA Security and Operations with SecureSpan

Managing SOA Security and Operations with SecureSpan Managing SOA Security and Operations with SecureSpan Francois Lascelles Technical Director, Layer 7 Technologies 1 Customers Revenue About Layer 7 Layer 7 is the leading vendor of security and governance

More information

A Unified Framework for Security Visualization and Enforcement in Business Process Driven Environments

A Unified Framework for Security Visualization and Enforcement in Business Process Driven Environments Institut für Architektur von Anwendungssystemen Universität Stuttgart Universitätsstraße 38 70569 Stuttgart Diplomarbeit Nr. 3113 A Unified Framework for Security Visualization and Enforcement in Business

More information

Chapter 12 GRID SECURITY ARCHITECTURE: Requirements,fundamentals, standards, and models

Chapter 12 GRID SECURITY ARCHITECTURE: Requirements,fundamentals, standards, and models Author manuscript, published in Security in Distributed, Grid, Mobile, and Pervasive Computing, Auerbach Publications, pp. 255-288, April, 2007 https://www.nics.uma.es Security in Distributed, Grid, and

More information

Federated Identity and Single Sign-On using CA API Gateway

Federated Identity and Single Sign-On using CA API Gateway WHITE PAPER DECEMBER 2014 Federated Identity and Single Sign-On using Federation for websites, Web services, APIs and the Cloud K. Scott Morrison VP Engineering and Chief Architect 2 WHITE PAPER: FEDERATED

More information

IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation

IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Author: Creation Date: Last Updated: Version: I. Bailey May 28, 2008 March 23, 2009 0.7 Reviewed By Name Organization

More information

Trend of Federated Identity Management for Web Services

Trend of Federated Identity Management for Web Services 30 Trend of Federated Identity Management for Web Services Chulung Kim, Sangyong Han Abstract While Web service providers offer different approaches to implementing security, users of Web services demand

More information

Title: A Client Middleware for Token-Based Unified Single Sign On to edugain

Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Sascha Neinert Computing Centre University of Stuttgart, Allmandring 30a, 70550 Stuttgart, Germany e-mail: sascha.neinert@rus.uni-stuttgart.de

More information

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN 1 Venkadesh.M M.tech, Dr.A.Chandra Sekar M.E., Ph.d MISTE 2 1 ResearchScholar, Bharath University, Chennai 73, India. venkadeshkumaresan@yahoo.co.in 2 Professor-CSC

More information

Identity Management Challenges for Intercloud Applications

Identity Management Challenges for Intercloud Applications Identity Management Challenges for Intercloud Applications David Núñez 1, Isaac Agudo 1, Prokopios Drogkaris 2 and Stefanos Gritzalis 2 1 Department of Computer Science, E.T.S. de Ingeniería Informática,

More information

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion. Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On

More information

CHAPTER - 3 WEB APPLICATION AND SECURITY

CHAPTER - 3 WEB APPLICATION AND SECURITY CHAPTER - 3 WEB APPLICATION AND SECURITY 3.1 Introduction Web application or Wepapp is the general term that is normally used to refer to all distributed web-based applications. According to the more technical

More information

Secure and Privacy-Preserving DRM for Mobile Devices with Web Service Security An Experience Report

Secure and Privacy-Preserving DRM for Mobile Devices with Web Service Security An Experience Report Secure and Privacy-Preserving DRM for Mobile Devices with Web Service Security An Experience Report Carsten Kleiner and Lukas Grittner and Daniel Kadenbach Abstract Preserving the customer s privacy has

More information

CryptoNET: Security Management Protocols

CryptoNET: Security Management Protocols CryptoNET: Security Management Protocols ABDUL GHAFOOR ABBASI, SEAD MUFTIC CoS, School of Information and Communication Technology Royal Institute of Technology Borgarfjordsgatan 15, SE-164 40, Kista,

More information

Satish Srirama Matthias Jarke Wolfgang Prinz

Satish Srirama Matthias Jarke Wolfgang Prinz 1/18 Outline Host Host: QoS extensions Host in P2P networks Realization of MWSMF Conclusions and future research directions 2/18 3/18 Wireless developments Host web services [LA, OMA] web service provisioning

More information

Web Service Security Management Using Semantic Web Techniques

Web Service Security Management Using Semantic Web Techniques Web Service Security Management Using Semantic Web Techniques Diego Zuquim Guimarães Garcia Institute of Computing University of Campinas POB 6176 Postal Code 13.4-971 Campinas, SP, Brazil +55 19 3788

More information

Service-Oriented Computing and Service-Oriented Architecture

Service-Oriented Computing and Service-Oriented Architecture Service-Oriented Computing and Service-Oriented Architecture Week 3 Lecture 5 M. Ali Babar Lecture Outline Service-Oriented Computing (SOC) Service-Oriented Architecture (SOA) Designing service-based systems

More information

Secure Identity in Cloud Computing

Secure Identity in Cloud Computing Secure Identity in Cloud Computing Michelle Carter The Aerospace Corporation March 20, 2013 The Aerospace Corporation 2013 All trademarks, service marks, and trade names are the property of their respective

More information

000-609. IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP. Version: Demo. Page <<1/10>>

000-609. IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP. Version: Demo. Page <<1/10>> 000-609 IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP Version: Demo Page 1. Which of the following is an advantage of using WS-Security instead of SSL? A. Provides assured message

More information

ISSN: 2321-7782 (Online) Volume 3, Issue 6, June 2015 International Journal of Advance Research in Computer Science and Management Studies

ISSN: 2321-7782 (Online) Volume 3, Issue 6, June 2015 International Journal of Advance Research in Computer Science and Management Studies ISSN: 2321-7782 (Online) Volume 3, Issue 6, June 2015 International Journal of Advance Research in Computer Science and Management Studies Research Article / Survey Paper / Case Study Available online

More information