Hdl Handle:
http://hdl.handle.net/10545/214395
Title:
Dynamic authentication for cross-realm SOA-based business processes
Authors:
Xu, Jie; Zhang, Dacheng; Li, Xianxian; Liu, Lu ( 0000-0003-1013-4507 )
Abstract:
Modern distributed applications are embedding an increasing degree of dynamism, from dynamic supply-chain management, enterprise federations, and virtual collaborations to dynamic resource acquisitions and service interactions across organizations. Such dynamism leads to new challenges in security and dependability. Collaborating services in a system with a Service-Oriented Architecture (SOA) may belong to different security realms but often need to be engaged dynamically at runtime. If their security realms do not have a direct cross-realm authentication relationship, it is technically difficult to enable any secure collaboration between the services. A potential solution to this would be to locate intermediate realms at runtime, which serve as an authentication-path between the two separate realms. However, the process of generating an authentication path for two distributed services can be highly complicated. It could involve a large number of extra operations for credential conversion and require a long chain of invocations to intermediate services. In this paper, we address this problem by designing and implementing a new cross-realm authentication protocol for dynamic service interactions, based on the notion of service-oriented multi-party business sessions. Our protocol requires neither credential conversion nor establishment of any authentication path between the participating services in a business session. The correctness of the protocol is formally analyzed and proven, and an empirical study is performed using two production quality Grid systems, Globus 4 and CROWN. The experimental results indicate that the proposed protocol and its implementation have a sound level of scalability and impose only a limited degree of performance overhead, which is for example comparable with those security-related overheads in Globus 4.
Affiliation:
University of Leeds; University of Derby
Citation:
Dynamic Authentication for Cross-Realm SOA-Based Business Processes 2010 IEEE Transactions on Services Computing
Journal:
IEEE Transactions on Services Computing
Issue Date:
17-Jun-2010
URI:
http://hdl.handle.net/10545/214395
DOI:
10.1109/TSC.2010.33
Additional Links:
http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=5487492
Type:
Article
Language:
en
Description:
Authentication, inter-organizational security, multi-party interactions, Service-Oriented Architecture, Web services
ISSN:
1939-1374
Appears in Collections:
Department of Electronics, Computing & Maths

Full metadata record

DC FieldValue Language
dc.contributor.authorXu, Jieen
dc.contributor.authorZhang, Dachengen
dc.contributor.authorLi, Xianxianen
dc.contributor.authorLiu, Lu-
dc.date.accessioned2012-03-06T11:17:53Z-
dc.date.available2012-03-06T11:17:53Z-
dc.date.issued2010-06-17-
dc.identifier.citationDynamic Authentication for Cross-Realm SOA-Based Business Processes 2010 IEEE Transactions on Services Computingen
dc.identifier.issn1939-1374-
dc.identifier.doi10.1109/TSC.2010.33-
dc.identifier.urihttp://hdl.handle.net/10545/214395-
dc.descriptionAuthentication, inter-organizational security, multi-party interactions, Service-Oriented Architecture, Web servicesen
dc.description.abstractModern distributed applications are embedding an increasing degree of dynamism, from dynamic supply-chain management, enterprise federations, and virtual collaborations to dynamic resource acquisitions and service interactions across organizations. Such dynamism leads to new challenges in security and dependability. Collaborating services in a system with a Service-Oriented Architecture (SOA) may belong to different security realms but often need to be engaged dynamically at runtime. If their security realms do not have a direct cross-realm authentication relationship, it is technically difficult to enable any secure collaboration between the services. A potential solution to this would be to locate intermediate realms at runtime, which serve as an authentication-path between the two separate realms. However, the process of generating an authentication path for two distributed services can be highly complicated. It could involve a large number of extra operations for credential conversion and require a long chain of invocations to intermediate services. In this paper, we address this problem by designing and implementing a new cross-realm authentication protocol for dynamic service interactions, based on the notion of service-oriented multi-party business sessions. Our protocol requires neither credential conversion nor establishment of any authentication path between the participating services in a business session. The correctness of the protocol is formally analyzed and proven, and an empirical study is performed using two production quality Grid systems, Globus 4 and CROWN. The experimental results indicate that the proposed protocol and its implementation have a sound level of scalability and impose only a limited degree of performance overhead, which is for example comparable with those security-related overheads in Globus 4.en
dc.language.isoenen
dc.relation.urlhttp://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=5487492en
dc.rightsArchived with thanks to IEEE Transactions on Services Computingen
dc.titleDynamic authentication for cross-realm SOA-based business processesen
dc.typeArticleen
dc.contributor.departmentUniversity of Leedsen
dc.contributor.departmentUniversity of Derbyen
dc.identifier.journalIEEE Transactions on Services Computingen
This item is licensed under a Creative Commons License
Creative Commons
All Items in UDORA are protected by copyright, with all rights reserved, unless otherwise indicated.