DocumentCode :
2387328
Title :
Extending the security assertion markup language to support delegation for Web services and grid services
Author :
Wang, Jun ; Del Vecchio, David ; Humphrey, Marty
Author_Institution :
C & C Res. Labs., NEC Eur. Ltd., Germany
fYear :
2005
fDate :
11-15 July 2005
Firstpage :
67
Abstract :
Users of Web and grid services often must temporarily delegate some or all of their rights to a software entity to perform actions on their behalf. The problem with the typical grid services approach (X. 509 proxy certificates) is that commercial Web services tooling fails to recognize these certificates or process them properly. The security assertion markup language (SAML) is a standardized XML-based framework for exchanging authentication, authorization and attribute information. SAML has broadening commercial support but lacks delegation capabilities. To address this shortcoming, we exploit SAML´s inherent extensibility to create a delegation framework for Web and grid services that supports both direct and indirect delegation. We develop a set of verification rules for delegation tokens that rely on WS-Security X.509 signatures, but do not force any trust relationship between the delegatee and the target service. We have implemented the framework on two common Web service hosting environments: Java/Tomcat and .NET. By leveraging existing Web services standards, we make it easier for Grid practitioners to build and consume Web and grid services without resorting to grid-specific protocols.
Keywords :
Internet; XML; authorisation; digital signatures; formal verification; grid computing; network operating systems; .NET; Java/Tomcat; SAML; WS-Security X.509 signatures; Web service hosting environment; X. 509 proxy certificates; XML; authentication; authorization; delegation tokens; grid services; information attribution; security assertion markup language; service delegation; trust relationship; verification rules; Authentication; Authorization; Europe; Information security; Laboratories; Markup languages; National electric code; Portals; Protocols; Web services;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Web Services, 2005. ICWS 2005. Proceedings. 2005 IEEE International Conference on
Print_ISBN :
0-7695-2409-5
Type :
conf
DOI :
10.1109/ICWS.2005.59
Filename :
1530784
Link To Document :
بازگشت