Federated security: lightweight security infrastructure for object repositories and Web services

To realize the idea of Web services as a scalable technology, enabling access to a provider´s resources for a wide range of clients, requires a similar scalable security solution. Management of user accounts for all possible clients in each provider is simply unfeasible. The alternative approach to having federated identity management is currently being developed by main software vendors. In this paper we present the design and implementation of a lightweight security infrastructure, for the federated security, that enable the establishment of a trust federation between several organizations. The infrastructure consists of an augmented security layer placed on top of the Web service protocol. The solution utilizes the latest WS-security specifications and, at the infrastructure level, is compatible with Shibboleth - a federated security solution for Web resources. In order to illustrate the potential of the infrastructure, we describe it in the context of two case studies: an object repository with complex access policies and the connection with the authenticated P2P network for learning resources.