E-Commerce Design and Implementation Tutorial



Similar documents
Privacy-preserving Infrastructure for. Social Identity Management

Customer Intimacy Analytics

for High Performance Computing

Introduction to Service-Oriented Architecture for Business Analysts

Buyout and Distressed Private Equity: Performance and Value Creation

User Guidance in Business Process Modelling

BMC Software Inc. Technical Disclosure Publication Document Enterprise Service Bus (ESB) Insulation Service. Author. Vincent J.

SOA CERTIFIED CONSULTANT

Targeted Advertising and Consumer Privacy Concerns Experimental Studies in an Internet Context

Developers Integration Lab (DIL) System Architecture, Version 1.0

Tomáš Müller IT Architekt 21/04/2010 ČVUT FEL: SOA & Enterprise Service Bus IBM Corporation

An Enterprise Modeling Framework for Banks using. Algebraic Graph Transformation

Air Force SOA Enterprise Service Bus Study Using Business Process Management Workflow Orchestration for C4I Systems Integration

Getting Started with Service- Oriented Architecture (SOA) Terminology

SOA CERTIFIED JAVA DEVELOPER (7 Days)

Avoiding Web Services Chaos with WebSphere Service Registry and Repository

The Enterprise Service Bus: Making Service-Oriented Architecture Real

An Oracle White Paper Dec Oracle Access Management Security Token Service

JOURNAL OF OBJECT TECHNOLOGY

Introduction to ESB and Petals ESB

Federal Enterprise Architecture and Service-Oriented Architecture

CONCEPT OF OPERATIONS FOR THE SWIM COMMON REGISTRY (SCR)

Closer Look at Enterprise Service Bus. Deb L. Ayers Sr. Principle Product Manager Oracle Service Bus SOA Fusion Middleware Division

Service Oriented Architecture 1 COMPILED BY BJ

Boom and Bust Cycles in Scientific Literature A Toolbased Big-Data Analysis

Service-Oriented Architecture Foundation

BIOMETRIC AUTHENTICATION AND AUTHORISATION INFRASTRUCTURES

Cost-Benefit Analysis of Videoconferencing and Telepresence Systems in Virtual Project Environments: a Holistic Approach. D i p l o m a r b e i t

Service Oriented Architecture (SOA) An Introduction

Requirements and Challenges for the Migration from EDIFACT-Invoices to XML-Based Invoices. Master Thesis

Integration using INDEX, SAP and IBM WebSphere Business Integration

Table of Contents. 1 Executive Summary SOA Overview Technology Processes and Governance... 8

INTEGRATING ESB / BPM / SOA / AJAX TECHNOLOGIES

A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems

Service-Oriented Architectures

AquaLogic Service Bus

IBM WebSphere Enterprise Service Bus, Version 6.0.1

Multi-Channel Distribution Strategies in the Financial Services Industry

Increasing IT flexibility with IBM WebSphere ESB software.

ESB as a SOA mediator: Minimizing Communications Complexity

Introduction to WebSphere Process Server and WebSphere Enterprise Service Bus

SOA REFERENCE ARCHITECTURE: SERVICE TIER

On-demand Provisioning of Workflow Middleware and Services An Overview

Satellite-UMTS - Specification of Protocols and Traffic Performance Analysis

SOA Architect Certification Self-Study Kit Bundle

Enterprise Service Bus Defined. Wikipedia says (07/19/06)

EAI OVERVIEW OF ENTERPRISE APPLICATION INTEGRATION CONCEPTS AND ARCHITECTURES. Enterprise Application Integration. Peter R. Egli INDIGOO.

Service-Oriented Architecture and Software Engineering

Integrated Systems & Solutions. Some Performance and Security Findings Relative to a SOA Ground Implementation. March 28, John Hohwald.

Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems

Contents. Overview 1 SENTINET

Service Oriented Architecture (SOA) Michael Herrmann Applying Semantics within SOA

Service-Oriented Architecture and its Implications for Software Life Cycle Activities

Enterprise Service Bus in detail

The Way to SOA Concept, Architectural Components and Organization

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact

Federation Proxy for Cross Domain Identity Federation

Case Study: Adoption of SOA at the IRS

SERVICE-ORIENTED MODELING FRAMEWORK (SOMF ) SERVICE-ORIENTED SOFTWARE ARCHITECTURE MODEL LANGUAGE SPECIFICATIONS

Christoph Emmersberger. Florian Springer. Senacor Technologies AG Wieseneckstraße Schwaig b. Nürnberg

Objectif. Participant. Prérequis. Pédagogie. Oracle SOA Suite 11g - Build Composite Applications. 5 Jours [35 Heures]

Extending SOA Infrastructure for Semantic Interoperability

How To Develop A Business Model For Big Data Driven Innovation

Increasing IT flexibility with IBM WebSphere ESB software.

An Oracle White Paper November Oracle Primavera P6 EPPM Integrations with Web Services and Events

Approach to Service Management

Next-Generation ESB. Kevin Conner SOA Platform Architect, Red Hat Keith Babo JBoss ESB Project Lead, Red Hat. June 23rd, 2010

Government's Adoption of SOA and SOA Examples

COUNTERACTING PHISHING THROUGH HCI: DETECTING ATTACKS AND WARNING USERS

e-gov Architecture Architectural Blueprint

AquaLogic ESB Design and Integration (3 Days)

Enterprise Reference Architecture

Designing an Enterprise Application Framework for Service-Oriented Architecture 1

The SOA Yellow Brick Road: Drawing the Curtin on the SOA Wizard

Architectures, and. Service-Oriented. Cloud Computing. Web Services, The Savvy Manager's Guide. Second Edition. Douglas K. Barry. with.

Service Oriented Architecture: An Overview Discussion. Jeff Simpson Principle SOA Architect

Service Virtualization: Managing Change in a Service-Oriented Architecture

NIST s Guide to Secure Web Services

JOURNAL OF OBJECT TECHNOLOGY

Transcription:

A Mediated Access Control Infrastructure for Dynamic Service Selection Dissertation zur Erlangung des Grades eines Doktors der Wirtschaftswissenschaften (Dr. rer. pol.) eingereicht an der Fakultat fur Wirtschaftswissenschaften der Universitat Regensburg vorgelegt von Christoph Fritsch Berichterstatter: Prof. Dr. Giinther Pernul Prof. Dr. Peter Lory Tag der Disputation: 7. Mai 2012

Contents 1 Introduction 1 1.1 Motivation and Background 1 1.2 Research Questions 2 1.3 Research Methodology 4 1.4 Chapter Structure 6 1 Fundamentals 9 2 Smart Business Networks 11 2.1 Inter-Organizational Collaboration 11 2.2 Remarkable Demand for Flexibility 14 2.3 The SPIKE Project 16 2.3.1 SPIKE Basics and Vision 16 2.3.2 Overview and Main Objectives 18 2.3.2.1 Process Specification and Semantic Workflows as a Basis 19 2.3.2.2 SPIKE Portal and Service Bus as Runtime 20 2.3.2.3 Security as a Major Focus 20 2.4 Summary 21 3 Service-oriented Architecture 23 3.1 SOA Basics 24 3.2 Web Services 27 3.2.1 Web Services vs. Web-based Services 28 3.2.2 Technological Options 29 3.2.2.1 SOAP Web Services 30 3.2.2.2 RESTful Web Services 32 3.2.2.3 Further Web Service Alternatives 34 3.2.3 The Need for Service Descriptions 35 3.2.3.1 Service Description Formats 35 3.2.3.2 Service Discovery and Registries 38 3.3 Enterprise Service Bus 40 3.3.1 Standards and Specifications 42

3.3.2 ESB Main Functionalities 44 3.4 Business Process Modelling and Management 46 3.5 Dynamic SOA for Spontaneous Cooperation 48 3.6 Summary 50 4 Security in Dynamic SOA 51 4.1 Security Functions and Implications 52 4.1.1 Term»Security«52 4.1.2 Security Glossary 53 4.1.3 Fundamental Security Functions 54 4.1.4 Different Perspectives: User, Service Provider, Broker 55 4.1.5 Security Implications 56 4.2 Security and Business Context of Identity 57 4.2.1 Digital Identity 58 4.2.2 Cross-Organizational Identity and Access Management 60 4.2.3 Single-Sign-On 62 4.2.4 Identity Federation and Trust Relationships 64 4.3 Web Service Security 65 4.3.1 Defining Security Requirements and Policies 66 4.3.2 Web Service Security Tokens 68 4.3.2.1 SOAP Web Services and the WS-* Stack 69 4.3.2.2 RESTful Services 72 4.3.3 Related Research 73 4.3.4 Mediated Authorization and Access Control 75 4.4 Summary 76 II Proposed Dynamic Service Selection and Mediated Access Control Infrastructure 77 5 Access Control Infrastructure Context 79 5.1 Overview 79 5.2 Terms and Definitions 81 5.3 Status Quo 83 5.4 Design Considerations 85 5.4.1 Significance and Pervasiveness of Security 86 5.4.2 Preconditions 87 5.4.3 Design Goals 88 5.5 Summary 91

6 ESB-based Dynamic Service Selection 93 6.1 Initial Position 93 6.2 From Static to Dynamic Service Selection 96 6.2.1 Desirable Properties and Current Limitations 98 6.2.2 Degrees of Freedom 101 6.2.3 Addressed Challenges 102 6.2.4 Related Work 105 6.2.4.1 Dynamic Service Selection 105 6.2.4.2 Semantic Technologies 106 6.3 Conceptual Overview 108 6.3.1 Uniform Service Description as a Basis 110 6.3.2 Standards-Based Implementation 113 6.3.3 Components and Capabilities 114 6.3.4 Organizational Levels and Alternative Options 118 6.4 Opportunities and Limitations 120 6.5 Summary 122 7 Dynamic Mediated Access Control Infrastructure 123 7.1 Status Quo 123 7.2 Infrastructure Characteristics 125 7.3 Conceptual Overview 128 7.3.1 Attribute-Based Pull Access Management 128 7.3.2 Roles, Functions and Allocation 131 7.4 Course of Actions and Global Architecture 133 7.5 Building Blocks and Components 137 7.5.1 Mediator and Security Broker 137 7.5.1.1 Role and Challenges 137 7.5.1.2 Implementation Alternatives 138 7.5.1.3 Implementation Option Decision 141 7.5.1.4 Trust Implications and Attacker Model 142 7.5.1.5 Integration with Dynamic Service Selection 144 7.5.2 Identity Provider 144 7.5.2.1 Role and Challenges 146 7.5.2.2 Interdependencies 147 7.5.3 Service Provider 148 7.5.3.1 Role and Challenges 148 7.5.3.2 Dependencies 150 7.5.3.3 Service Access Control and Policy Definition 151 7.5.4 Service Clients and Requesters 153 7.5.4.1 Role and Challenges 154 7.5.4.2 Implementation Options 155

7.5.5 User 155 7.5.5.1 Role and Challenges 156 7.5.5.2 User Profile Authorization 157 7.6 Summary 159 8 Identity Provider/Security Token Service 161 8.1 Key Functions and Interaction 161 8.2 User Profile Access Control 166 8.2.1 Disclosure Willingness and Attribute Release Policy 166 8.2.2 Partial Identity Definition, Authorization and Access Control. 168 8.3 Convenient and Adequate Interfaces 170 8.3.1 Identity Management GUI 171 8.3.2 Security Token Service 172 8.3.2.1 Security Token Retrieval 173 8.3.2.2 Credentials Assignment and Storage 177 8.4 Security Tokens Allocation and Mapping 178 8.4.1 Attribute Aggregation and Assertions 179 8.4.2 Security Credentials Mapping 181 8.5 Summary 182 9 Access Control Credential Enrichment 183 9.1 Basic Principle: Inversion of Access Control 183 9.2 Credentials Enrichment Process 185 9.3 Mediation Infrastructure and Security Broker 188 9.3.1 Interrelations 188 9.3.2 Policy Evaluation 189 9.3.2.1 Service Providers' Service Access Policy 189 9.3.2.2 Users' Profile Access Policies 190 9.3.2.3 Service Selection Strategy and Policy Impact 191 9.4 Summary 192 III Implementation 193 10 Prototype 195 10.1 Service Selection and Access Control Infrastructure 195 10.1.1 Components Overview 197 ^10.1.2 ESB-based Mediator 199 10.1.2.1 Service Discovery and Candidate Pool 199 10.1.2.2 Dynamic Selection and Routing Services 201 10.1.2.3 Mediation and Transformation Services 202 10.1.2.4 Credential Enrichment Services/Security Broker... 205

10.2 Identity Provider and Security Token Service 207 10.2.1 Web IdP 207 10.2.2 Mobile IdP 211 10.2.3 STS Endpoint and Brokering Service 214 10.2.3.1 IdP, Attribute and Token Discovery 214 10.2.3.2 Security Token Query Endpoint 216 10.2.3.3 Security Tokens and Attribute Formats 220 10.2.3.4 Store Security Token Endpoint 222 10.2.3.5 OAuth-Based Access Control 222 10.3 Summary 224 11 Conclusions 225 Appendices 229 A Security Tokens and Policies 231 B Axschema.org Attribute Identifiers 235 C STS Endpoint Specifications 237 Bibliography 241

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information