Hao Zeng,Dianfu Ma,Yongwang Zhao,Zhuqing Li

DOI: https://doi.org/10.1007/s11761-013-0143-5

2013-01-01

Abstract:Due to the dynamic, heterogeneous and interorganizational nature, different web services and different ports or operations in the same service, even the same services at different times may have their different security requirements because of their different security domains and different business backgrounds. How to design a flexible, fine-grained and comprehensive architecture for web services security processing has become a matter of great urgency. However, no ideal solutions have been worked out for these problems. As a result of our study, we have presented in this paper a policy-based architecture termed policy-based architecture for web services security processing (PBA4WSSP) to meet the dynamic, complete and fine-grained security requirements. In PBA4WSSP, the processing of all security problems is based on security policy in service stage to support flexibly security configuration. Moreover, we have designed a service policy model to describe the fine-grained security requirements. And the conversion method between security policy model and security policy expression has also been described. In addition, a staged complete security processing architecture is provided to reduce the dependency among protocol implementations. Furthermore, with PBA4WSSP, a web service security module has been designed and implemented as well. Eventually, the performance evaluation results amply demonstrate that our system is flexible and usable.

Di Wu,Yabo Dong,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11563952_52

2005-01-01

Abstract:The fast development of E-Commerce and information technology brings much higher requirements for enterprise informationization. Because of the differences in platforms, development languages and standards etc, enterprise application integration (EAI) has become the important form of enterprise informationization to support complex business processes. Web services have emerged as the next generation of integration technology which provides the power to support interoperability. However EAI doesn’t just present new interoperability challenges; it also presents serious privacy and security challenges. This paper presents security architecture of Web Services based EAI which uses distributed Single Sign On authentication and distributed Role-based Access Control authorization. The basic concept and prototype system of the security architecture are described in detail.

Hao Zeng,Yongwang Zhao,Dianfu Ma

DOI: https://doi.org/10.12733/jcis7282

2013-01-01

Journal of Computational Information Systems

Abstract:Web service has emerged as a fundamental technique for developing Web application due to its highly dynamic and cross-domain characteristics, but which still pose new challenges and difficulties for web services authorization. However, the system-centric view (static control environment) of protecting services and resources taken by traditional access control models is not suitable for web service environment. As is presented in this paper, one finding of our study is a Policy Tree based architecture for web services authorization termed PTBA4WSA. It is established on a staged attribute based access control framework. The paper proposes a Policy Tree model to describe subjects, resources as well as environment attributes, and it also presents a loading classification based policy evaluation algorithm. Both of which cannot only provide high-efficient and _ne-grained access control for web services, but also can support access control policy release mechanism. With PTBA4WSA, we design and implement a service authorization processing system which exhibits high efficiency and availability as is shown by the performance evaluation results. © 2013 Binary Information Press.

Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Lin Yao,Xiangwei Kong,Guowei Wu,Qingna Fan,Chi Lin

DOI: https://doi.org/10.1007/s11767-008-0089-5

2010-01-01

Abstract:In pervasive computing environments, users can get services anytime and anywhere, but the ubiquity and mobility of the environments bring new security challenges. The user and the service provider do not know each other in advance, they should mutually authenticate each other. The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous. Privacy and security are two important but seemingly contradictory objectives. As a result, a user prefers not to expose any sensitive information to the service provider such as his physical location, ID and so on when being authenticated. In this paper, a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed. Not only can a user’s anonymous authentication be achieved, but also the public key cryptography operations can be reduced by adopting this scheme. Different access control policies for different services are enabled by using biometric encryption technique. The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.

Bao Liu,Minhua Shi,Deren Chen

2001-01-01

Abstract:Web Services are self-contained, modular applications that can be described, published, located, and invoked over a network, generally, the Web. Yet the problem emerges as different Web Services interoperate each other. In this paper we recommend the Simple Object Access Protocol (SOAP)[1] as the communication standard in the Web Services Architecture to solve the problem.First, we describe what is Web Services and present the architecture of it. Then, according to the challenge that Web Services faces, we address the key enabling technologies of which SOAP be composed. SOAP has many advantages that other binary protocols, such as Java RMI, do not have. Finally, by introducing an E-business model based on the integration of SOAP, UDDI [2], MQ [3] etc., we show the manner and flow of SOAP to implement Web Services architecture.

YB Peng,J Gao,J Hu,BS Liao

DOI: https://doi.org/10.1109/cit.2005.35

2005-01-01

Abstract:Information systems researchers continue to develop Web services hoping that, in a near future, these services will be used in every application system expediently. Although many implementations of Web services are currently available, no project can solve the problem of autonomous controlling the whole execution process of Web services. In this paper, we present a policy-driven IMCSBA (Infrastructure for Managing and Controlling the Social Behavior of Agents) project, which provides a platform to autonomous control the whole execution process of Web services. In addition, an agent infrastructure to realize this system was developed and a simulated test was conducted successfully.

Yuan Shuhong,Zhu Miaoliang,Yun Xia,Wu Di

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.01.048

2008-01-01

Abstract:Traditional Enterprise Application Integration(EAI) solutions lacking the support of the united standard have difficulties in resolving the main security problems such as authentication and authorization.To solve these problems,a brand new application integration security architecture based on Web Services WSSA-EAI is proposed.Web Services are applied to create general access interface,and SSO(Single Sign On) authentication and RBAC(Role-based Access Control)authorization are combined.A united EAI security architecture which is easy for maintenance is presented..

Peng Qi-rui,Wang Cheng,Wu Jing,Li Jun

DOI: https://doi.org/10.1109/icsess.2010.5552305

2010-01-01

Abstract:To integrate distributed information systems in group companies, people favor the Service-Oriented-Architecture (SOA) for its features such as loose-coupling and standardization. But SOA brings security problems. Consequently, an authentication and authorization solution is proposed in this paper. By designing security architecture based on Service-Access-Agent, this solution can simplify the security program, and bring good to the system flexibility and loose coupling, thereby meet the integrated system's requirements for dynamics and agility. This solution has been applied to a project of “national 863 plan”, and shown its validity in engineering practices.

Hao Zeng,Yong Wang Zhao,Dian Fu Ma

DOI: https://doi.org/10.4028/www.scientific.net/amm.644-650.2943

2014-01-01

Applied Mechanics and Materials

Abstract:With the rapid development of web services technology, the security policies defined in WS-SecurityPolicy are widely used for expressing security properties, capabilities, constraints and requirements of web services. It is well-known that security policies are crucial in the negotiation phase of service discovery and selection. However, such security policies are hard to understand and extremely error-prone, due to the complexity of the WS-SecurityPolicy specification. At the same time, because the WS-SecurityPolicy is described by natural language, there have ambiguity problem. These problem seriously hindered the development of web services policy. Therefore, this paper proposes a web services security policy description model to describe accurately and clearly security policies. The security policy model employs the formal modeling method to convert the policy assertions into the security rules.

Fan Zhang,Ji Gao,Bei-Shui Liao

DOI: https://doi.org/10.1109/ICMLC.2006.258812

2006-01-01

Abstract:Web service is an important technology in open distributed system. But because of the dynamical and heterogeneous nature of web services, it is difficult to be managed directly. On the other hand, multi-agent system provides a model for automatic discovery, negotiation and cooperation. It can be designed as a container of web services for autonomic management. This paper provides a policy-driven model base on multi-agent system that encapsulates the web service as an agent. It can supervise the dynamical agents and web services that may join in or leave out at run time according to high-level policies or business requirements.

Beishui Liao,Ji Gao

DOI: https://doi.org/10.3321/j.issn:1003-9775.2006.02.009

2006-01-01

Abstract:A policy-desire-contract extended agent model (PDC-Agent) is proposed to establish automatic composition of web services. According to the three types of factors such as policies, desires and contracts, PDC-Agent can rationally select the intended services and their properties by virtue of a preference-based decision-making mechanism, and participate in virtual-organization (VO) formation and service composition. The process of autonomic service composition and a case study are presented. This system can be well adapted to the variation of business requirements and perform real-time application integration in the open, dynamic and heterogeneous VO environment.

Fan Zhang,Ji Gao,Hang Guo,Peiyou Zhu,Beishui Liao

DOI: https://doi.org/10.1109/WCICA.2006.1714432

2006-01-01

Abstract:Web Services, as a wonderful distributed computing technology, are used in many business system, such as ERP and CRM. However, dynamical nature of web services and changeful business requirements result in increasing complexities of management of web services, especially in large-scale business system. In this paper, we present architecture of autonomic management for web services base on federated multi-agent system. It uses task agent as a container of web services to manage web services and has an autonomic cooperation mechanism to share information and cooperate among task agents, manager agents and middle agents in agent federation to finish some computing tasks.

X Peng,Wy Zhao,E Ye

DOI: https://doi.org/10.1007/978-3-540-24679-4_104

2004-01-01

Abstract:Web service based data exchange has been the trend of EAI. We can create Proxies to expose existing systems as web services. There have been some tools that can help users to construct web services on the basis of existing systems. However, authority control and dynamic service configuration are not taken into account in the process of construction. In this paper we present an EAI-Oriented unified authentication model, and then put forward the serviceitems-based authority control and dynamic service configuration management in the construction of EAI-oriented web service architecture. Tool support in the process of construction is also discussed.

BS Liao,J Gao,J Hu,JJ Chen

DOI: https://doi.org/10.1109/icmlc.2004.1380585

2004-01-01

Abstract:Presently, resource sharing and integration within or cross enterprises (organizations) based on Web services, semantic Web and agents, are developing rapidly. However, different level of requirements of enterprise applications, and dynamic nature of Web services and application requirements, result in increasing complexities of management of Web services and related agents. This paper proposes a federated multi-agent system for autonomic Web services control. The main point of this paper is to propose an approach based on hierarchical architecture-oriented agent federations to control the internal cooperation and external coordination and transaction of Web services. In addition, an agent infrastructure to realize this system was developed and a simulated test was conducted successfully.

Wenan TAN -,Yicheng XU -,Ting ZHANG -,Xiang WEN -,Linshan Cui -,Chuanqun JIANG -

DOI: https://doi.org/10.4156/jdcta.vol5.issue7.16

2011-01-01

International Journal of Digital Content Technology and its Applications

Abstract:Currently, the security issues of Web services are hot area in information system (IS). This research mainly discusses the key technologies of information access control focusing on following works: After analyzing the dynamic characteristic of application nature for Web services, a Dynamic Role-Based Access Control using Context and Trust model (abbreviated as CT-DRBAC) for Web services is proposed. During Web services, both the subject of invoking request and object of providing service resources are dynamic nature. So, access policies are needed to consider the dynamic nature. The proposed model has been developed and the authorization framework is discussed detail. In order to implement the dynamic trust management mechanism, a dynamic user role authorization algorithm which considers the user lifecycle contexts in the open systems is proposed and designed to meet the dynamic characteristic of subject and object effectively, and achieve intelligent and scientific user role assignments. The proposed access control module can be used in intelligent information systems to grant dynamically roles to users according to the current context.

X Feng,L Guoyuan,H Hao,X Li

DOI: https://doi.org/10.1109/cit.2004.1357221

2004-01-01

Abstract:This paper first briefly reviews the state of the security technology research and access control in the Web Services environment, and then presents a service-orient role-based access control model and security architecture model for Web Services. In this Security Architecture model, SOAP Proxy is employed to enforce access control for Web Services and security mechanisms are separated from the business logic. In this paper, a new technology is presented to implement the RBAC on the Web Services by designing the secure cookies and secure SOAP messages. Finally, the conclusion is given and the problems are pointed out, which should be resolved in further research.

Gansen Zhao,Zhongjie Ba,Feng Zhang,Qi Chen,Jianguo Li,Yong Tang

DOI: https://doi.org/10.1109/CSC.2013.24

2013-01-01

Abstract:Cloud computing enables rapid deployment of services on an on-demand basis in large scale. Public clouds are open to all users with identities from various domains, requiring the support of multiple identity providers and hybrid authentication protocols. The complexity of the authentication scenario brings a great burden to service providers. Service providers and users know only a small part of the complicated authentication network. This work explores a system view on the authentication network in cloud, allowing the authentication interaction and the trust relations to be explicitly described and analyzed. A cross-domain single sign-on model is proposed and the implementation details of the authentication architecture and protocol is presented.

HU He,ZHANG Qin,CHEN Guo-qing,YANG Yang

DOI: https://doi.org/10.3724/SP.J.1087.2011.00577

2011-01-01

Journal of Computer Applications

Abstract:In order to achieve the goal of unified scheduling and unified management in application system,unified authentication and authorization has become more and more important and sophisticated.The background and the goal of unified authentication and unified authorization system were analyzed firstly,then the unified authentication,authorization and Web services were analyzed and compared,and a unified method of authentication and authorization in enterprise combining the Web services was proposed;therefore,it was more convenient to administer the concrete application system for administrator,which truly reconstructed completely unified authentication and authorization,and the design and implementation of the concrete service specification(or interface) by the practical project were given.