Integrated Security Context Management of Web Components and Services in Federated Identity Environments
The problem of providing unified web security management in an environment with multiple autonomous security domains is considered. Security vendors provide separate security management solutions for cross-domain browser based and web service based interactions. This is partly due to the fact that different web standards dominate in each space. E.g. Security Assertion Markup Language (SAML) which is an important standard in cross domain single sign on (SSO) specializes in browser based access while WS-* standards focus on security needs of web services. However, cross domain web services are often invoked in context of a secure browser session. Considering these interactions in isolation will lead to a fractured security solution. This paper proposes a solution that provides seamless transfer of security context across various types of cross-domain web interactions.
- 1.Cantor, S., et al.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0, http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
- 2.Hughes, J., et al.: Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0, http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf
- 3.Nadalin, A., et al.: Web Services Security: SOAP Message Security 1.0, WS-Security 2004 (2004), http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf
- 4.Anderson, S., et al.: Web Services Trust Language (WS-Trust) (February 2005), http://download.boulder.ibm.com/ibmdl/pub/software/dw/specs/ws-trust/ws-trust.pdf
- 5.Anderson, S., et al.: Web Services Secure Conversation Language (WS-SecureConversation) (February 2005), http://download.boulder.ibm.com/ibmdl/pub/software/dw/specs/ws-secon/ws-secureconversation.pdf