Dynamic authentication for cross-realm SOA-based business processes
Journal article
Authors | Xu, Jie, Zhang, Dacheng, Li, Xianxian and Liu, Lu |
---|---|
Abstract | Authentication, inter-organizational security, multi-party interactions, Service-Oriented Architecture, Web services |
Modern distributed applications are embedding an increasing degree of dynamism, from dynamic supply-chain management, enterprise federations, and virtual collaborations to dynamic resource acquisitions and service interactions across organizations. Such dynamism leads to new challenges in security and dependability. Collaborating services in a system with a Service-Oriented Architecture (SOA) may belong to different security realms but often need to be engaged dynamically at runtime. If their security realms do not have a direct cross-realm authentication relationship, it is technically difficult to enable any secure collaboration between the services. A potential solution to this would be to locate intermediate realms at runtime, which serve as an authentication-path between the two separate realms. However, the process of generating an authentication path for two distributed services can be highly complicated. It could involve a large number of extra operations for credential conversion and require a long chain of invocations to intermediate services. In this paper, we address this problem by designing and implementing a new cross-realm authentication protocol for dynamic service interactions, based on the notion of service-oriented multi-party business sessions. Our protocol requires neither credential conversion nor establishment of any authentication path between the participating services in a business session. The correctness of the protocol is formally analyzed and proven, and an empirical study is performed using two production quality Grid systems, Globus 4 and CROWN. The experimental results indicate that the proposed protocol and its implementation have a sound level of scalability and impose only a limited degree of performance overhead, which is for example comparable with those security-related overheads in Globus 4. | |
Year | 2010 |
Journal | IEEE Transactions on Services Computing |
ISSN | 1939-1374 |
Digital Object Identifier (DOI) | https://doi.org/10.1109/TSC.2010.33 |
Web address (URL) | http://hdl.handle.net/10545/214395 |
hdl:10545/214395 | |
Publication dates | 17 Jun 2010 |
Publication process dates | |
Deposited | 06 Mar 2012, 11:17 |
Rights | Archived with thanks to IEEE Transactions on Services Computing |
Contributors | University of Leeds and University of Derby |
File | File Access Level Open |
File | File Access Level Open |
File | File Access Level Open |
File | File Access Level Open |
https://repository.derby.ac.uk/item/95039/dynamic-authentication-for-cross-realm-soa-based-business-processes
Download files
63
total views21
total downloads0
views this month2
downloads this month