Skip to main content
SpringerLink
Log in

A Model for Authentication Credentials Translation in Service Oriented Architecture

  • Chapter
Transactions on Computational Science IV

Part of the book series: Lecture Notes in Computer Science ((TCOMPUTATSCIE,volume 5430))

  • 689 Accesses

Abstract

Due to the increasing number of service providers, the grouping of these providers following the federation concept and the use of the Single Sign On (SSO) concept are helping users to gain a transparent access to resources, without worrying about their locations. However, current industry and academic production only provide SSO in cases with homogeneous underlying security technology. This paper deals with interoperability between heterogeneous security technologies. The proposed model is based on the Credential Translation Service that allows SSO authentication even heterogeneous security technologies are considered. Therefore, the proposed model provides authentication credentials translation and attribute transposition and, as a consequence, provides authorization involving different kinds of credentials and permissions in the federation environment. By making use of Web Services, this study is strongly based on concepts introduced in the SAML, WS-Trust and WS-Federation specifications.

This work has been developed within the scope of the “Security Mechanisms for Business Processes in Collaborative Networks” project (CNPq 484740/2007-5).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Jøsang, A., Pope, S.: User centric identity management. In: AusCERT Asia Pacific Information Technology Security Conference 2005 (May 2005)

    Google Scholar 

  2. W3C: Web Services Architecture. W3C Working Group (February 2004), http://www.w3.org/TR/2004/NOTE-ws-arch-20040211

  3. Vogels, W.: Web services are not distributed objects. Internet Computing 7(6), 59–66 (2003)

    Article  Google Scholar 

  4. Bartel, M., Boyer, J., Fox, B.: XML-Signature Syntax and Processing. W3C (February 2002), http://www.w3.org/TR/xmldsig-core

  5. Imamura, T., Dillaway, B., Simon, E.: XML Encryption Syntax and Processing. W3C (December 2002), http://www.w3.org/TR/xmlenc-core

  6. OASIS: eXtensible Access Control Markup Language (XACML) version 2.0. Organization for the Advancement of Structured Information Standards (February 2005)

    Google Scholar 

  7. OASIS: Security Assertion Markup Language (SAML) 2.0 Technical Overview. Organization for the Advancement of Structured Information Standards (June 2005)

    Google Scholar 

  8. OASIS: Web Services Security: SOAP Message Security 1.0. OASIS. (March 2004), http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf

  9. WS-Policy: Web Services Policy 1.5 (March 2007)

    Google Scholar 

  10. WS-SecurityPolicy: Web Services Security Policy Language (July 2005)

    Google Scholar 

  11. WS-PolicyAttachment: Web Services Policy Attachment (March 2006)

    Google Scholar 

  12. WS-Trust: Web Services Trust Language (WS-Trust) (February 2005), http://msdn.microsoft.com/library/en-us/dnglobspec/html/WS-Trust.asp

  13. Yavatkar, R., Pendarakis, D., Guerin, R.: A Framework for Policy-based Admission Control. IETF RFC 2753 (January 2000)

    Google Scholar 

  14. WS-Federation: Web Services Federation Language (July 2003), http://msdn.microsoft.com/ws/2003/07/ws-federation

  15. Shibboleth: Shibboleth Architecture (June 2005), http://shibboleth.internet2.edu/docs/draft-mace-shibboleth-tech-overview-latest.pdf

  16. Liberty: Introduction to the Liberty Alliance Identity Architecture. Liberty Alliance (March 2003)

    Google Scholar 

  17. Internet2, EduCause: eduperson, http://www.educause.edu/eduperson

  18. Wahl, M.: A Summary of the X.500(96) User Schema for use with LDAPv3. IETF RFC 2256 (December 1997)

    Google Scholar 

  19. Smith, M.: Definition of the inetOrgPerson LDAP Object Class. IETF RFC 2798 (April 2000)

    Google Scholar 

  20. InComm: Incomm federation: Common identity attributes, http://www.incommonfederation.org/docs/policies/federatedattributes.pdf

  21. OASIS: Authentication Context for the OASIS Security Assertion Markup Language (SAML) v2.0. Organization for the Advancement of Structured Information Standards (March 2005)

    Google Scholar 

  22. Morcos, A.: A Java implementation of Simple Distributed Security Infrastructure. Master’s thesis, MIT (May 1998)

    Google Scholar 

  23. OASIS: Web Services Security: SAML Token Profile. Organization for the Advancement of Structured Information Standards (December 2004)

    Google Scholar 

  24. Vecchio, D.D., Basney, J., Nagaratnam, N.: Credex: User-centric credential management for grid and web services. In: International Conference on Web Services, Orlando, Florida - EUA, pp. 149–156 (2005)

    Google Scholar 

  25. Lorch, M., Proctor, S., Lepro, R., Kafura, D., Shah, S.: First experiences using xacml for access control in distributed systems. In: ACM Workshop on XML Security (October 2003)

    Google Scholar 

  26. Spence, D., Geddes, N., Jensen, J., Richards, A., Viljoen, M., Martin, A., Dovey, M., Norman, M., Tang, K., Trefethen, A., Wallom, D., Allan, R., Meredith, D.: Shibgrid: Shibboleth access for the uk national grid service. In: Proceedings of the Second IEEE International Conference on e-Science and Grid Computing (e-Science 2006), p. 75. IEEE Computer Society, Los Alamitos (2006)

    Chapter  Google Scholar 

  27. Jones, M., Pickles, S.: Shebangs final report. Technical report, University of Manchester (2007)

    Google Scholar 

  28. Basney, J., Humphrey, M., Von Welch: The myproxy online credential repository: Research articles. Softw. Pract. Exper. 35(9), 801–816 (2005)

    Article  Google Scholar 

  29. Winslett, M., Yu, T., Seamons, K.E., Hess, A., Jacobson, J., Jarvis, R., Smith, B., Yu, L.: Negotiating trust on the web. IEEE Internet Computing 06(6), 30–37 (2002)

    Article  Google Scholar 

  30. Canovas, O., Lopez, G., Gomez-Skarmeta, A.F.: A credential conversion service for SAML-based scenarios. In: Katsikas, S.K., Gritzalis, S., López, J. (eds.) EuroPKI 2004. LNCS, vol. 3093, pp. 297–305. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  31. Lopez, G., Canovas, O., Gomez-Skarmeta, A.F., Otenko, S., Chadwick, D.: A heterogeneous network access service based on PERMIS and SAML. In: Chadwick, D., Zhao, G. (eds.) EuroPKI 2005. LNCS, vol. 3545, pp. 55–72. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Automation and Systems, Federal University of Santa Catarina, Florianópolis, SC, Brazil

    Emerson Ribeiro de Mello, Joni da Silva Fraga, Edson T. de Camargo & Davi da Silva Böger

  2. Federal Institute of Santa Catarina, São José, SC, Brazil

    Emerson Ribeiro de Mello

  3. Embedded and Distributed Systems Group Univali, São José, SC, Brazil

    Michelle S. Wangham

Authors
  1. Emerson Ribeiro de Mello
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michelle S. Wangham
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Joni da Silva Fraga
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Edson T. de Camargo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Davi da Silva Böger
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  2. OptimaNumerics Ltd., Cathedral House, 23-31 Waring Street, BT1 2DX, Belfast, UK

    C. J. Kenneth Tan

  3. University of Amazonas State - UEA Manaus, AM, Brazil

    Edward David Moreno

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

de Mello, E.R., Wangham, M.S., da Silva Fraga, J., de Camargo, E.T., da Silva Böger, D. (2009). A Model for Authentication Credentials Translation in Service Oriented Architecture. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds) Transactions on Computational Science IV. Lecture Notes in Computer Science, vol 5430. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01004-0_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-01004-0_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-01003-3

  • Online ISBN: 978-3-642-01004-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation