Abstract
Due to the increasing number of service providers, the grouping of these providers following the federation concept and the use of the Single Sign On (SSO) concept are helping users to gain a transparent access to resources, without worrying about their locations. However, current industry and academic production only provide SSO in cases with homogeneous underlying security technology. This paper deals with interoperability between heterogeneous security technologies. The proposed model is based on the Credential Translation Service that allows SSO authentication even heterogeneous security technologies are considered. Therefore, the proposed model provides authentication credentials translation and attribute transposition and, as a consequence, provides authorization involving different kinds of credentials and permissions in the federation environment. By making use of Web Services, this study is strongly based on concepts introduced in the SAML, WS-Trust and WS-Federation specifications.
This work has been developed within the scope of the “Security Mechanisms for Business Processes in Collaborative Networks” project (CNPq 484740/2007-5).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Jøsang, A., Pope, S.: User centric identity management. In: AusCERT Asia Pacific Information Technology Security Conference 2005 (May 2005)
W3C: Web Services Architecture. W3C Working Group (February 2004), http://www.w3.org/TR/2004/NOTE-ws-arch-20040211
Vogels, W.: Web services are not distributed objects. Internet Computing 7(6), 59–66 (2003)
Bartel, M., Boyer, J., Fox, B.: XML-Signature Syntax and Processing. W3C (February 2002), http://www.w3.org/TR/xmldsig-core
Imamura, T., Dillaway, B., Simon, E.: XML Encryption Syntax and Processing. W3C (December 2002), http://www.w3.org/TR/xmlenc-core
OASIS: eXtensible Access Control Markup Language (XACML) version 2.0. Organization for the Advancement of Structured Information Standards (February 2005)
OASIS: Security Assertion Markup Language (SAML) 2.0 Technical Overview. Organization for the Advancement of Structured Information Standards (June 2005)
OASIS: Web Services Security: SOAP Message Security 1.0. OASIS. (March 2004), http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf
WS-Policy: Web Services Policy 1.5 (March 2007)
WS-SecurityPolicy: Web Services Security Policy Language (July 2005)
WS-PolicyAttachment: Web Services Policy Attachment (March 2006)
WS-Trust: Web Services Trust Language (WS-Trust) (February 2005), http://msdn.microsoft.com/library/en-us/dnglobspec/html/WS-Trust.asp
Yavatkar, R., Pendarakis, D., Guerin, R.: A Framework for Policy-based Admission Control. IETF RFC 2753 (January 2000)
WS-Federation: Web Services Federation Language (July 2003), http://msdn.microsoft.com/ws/2003/07/ws-federation
Shibboleth: Shibboleth Architecture (June 2005), http://shibboleth.internet2.edu/docs/draft-mace-shibboleth-tech-overview-latest.pdf
Liberty: Introduction to the Liberty Alliance Identity Architecture. Liberty Alliance (March 2003)
Internet2, EduCause: eduperson, http://www.educause.edu/eduperson
Wahl, M.: A Summary of the X.500(96) User Schema for use with LDAPv3. IETF RFC 2256 (December 1997)
Smith, M.: Definition of the inetOrgPerson LDAP Object Class. IETF RFC 2798 (April 2000)
InComm: Incomm federation: Common identity attributes, http://www.incommonfederation.org/docs/policies/federatedattributes.pdf
OASIS: Authentication Context for the OASIS Security Assertion Markup Language (SAML) v2.0. Organization for the Advancement of Structured Information Standards (March 2005)
Morcos, A.: A Java implementation of Simple Distributed Security Infrastructure. Master’s thesis, MIT (May 1998)
OASIS: Web Services Security: SAML Token Profile. Organization for the Advancement of Structured Information Standards (December 2004)
Vecchio, D.D., Basney, J., Nagaratnam, N.: Credex: User-centric credential management for grid and web services. In: International Conference on Web Services, Orlando, Florida - EUA, pp. 149–156 (2005)
Lorch, M., Proctor, S., Lepro, R., Kafura, D., Shah, S.: First experiences using xacml for access control in distributed systems. In: ACM Workshop on XML Security (October 2003)
Spence, D., Geddes, N., Jensen, J., Richards, A., Viljoen, M., Martin, A., Dovey, M., Norman, M., Tang, K., Trefethen, A., Wallom, D., Allan, R., Meredith, D.: Shibgrid: Shibboleth access for the uk national grid service. In: Proceedings of the Second IEEE International Conference on e-Science and Grid Computing (e-Science 2006), p. 75. IEEE Computer Society, Los Alamitos (2006)
Jones, M., Pickles, S.: Shebangs final report. Technical report, University of Manchester (2007)
Basney, J., Humphrey, M., Von Welch: The myproxy online credential repository: Research articles. Softw. Pract. Exper. 35(9), 801–816 (2005)
Winslett, M., Yu, T., Seamons, K.E., Hess, A., Jacobson, J., Jarvis, R., Smith, B., Yu, L.: Negotiating trust on the web. IEEE Internet Computing 06(6), 30–37 (2002)
Canovas, O., Lopez, G., Gomez-Skarmeta, A.F.: A credential conversion service for SAML-based scenarios. In: Katsikas, S.K., Gritzalis, S., López, J. (eds.) EuroPKI 2004. LNCS, vol. 3093, pp. 297–305. Springer, Heidelberg (2004)
Lopez, G., Canovas, O., Gomez-Skarmeta, A.F., Otenko, S., Chadwick, D.: A heterogeneous network access service based on PERMIS and SAML. In: Chadwick, D., Zhao, G. (eds.) EuroPKI 2005. LNCS, vol. 3545, pp. 55–72. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
de Mello, E.R., Wangham, M.S., da Silva Fraga, J., de Camargo, E.T., da Silva Böger, D. (2009). A Model for Authentication Credentials Translation in Service Oriented Architecture. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds) Transactions on Computational Science IV. Lecture Notes in Computer Science, vol 5430. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01004-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-01004-0_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01003-3
Online ISBN: 978-3-642-01004-0
eBook Packages: Computer ScienceComputer Science (R0)