Secure Hardware-based Distributed Authorisation Underpinning a Web Service Framework

نویسندگان

  • Marco Casassa Mont
  • Adrian Baldwin
  • Joe Pato
چکیده

This paper presents a distributed authorisation model suitable for use in a web service framework where multiple parties are involved in performing a particular transaction. The authorisation model uses a third party authorisation service that checks users or services’ credentials against a set of authorisation policies. A traditional service provision model does not scale well for such transactions. The proposed model uses a hardware security appliance to deliver the service to the most appropriate site involved in the transaction. The authorisation model supports a multi-party session so that authorisation policies can be checked and built as part of the web service composition process.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

On the design, implementation and application of an authorisation architecture for web services

This paper proposes an authorisation architecture for web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its components for secure authorisation of web services as well as the support for the management of authorisation information. The paper then describes the implementation aspects of the architecture. The architecture has be...

متن کامل

Pervasive geo-security - a lightweight triple-A approach to securing distributed geo-service infrastructures

Security has recently become a major concern in distributed geo-infrastructures for spatial data provision. Thus, a lightweight approach for securing distributed low-power environments such as geo-sensor networks is needed. The first part of this article presents a survey of current security mechanisms for authentication and authorisation. Based on this survey, a lightweight and scalable token-...

متن کامل

Security for Distributed Web-Services via Aspect-Oriented Programming

Identity Management is becoming more and more important in business systems as they are opened for third parties including trading partners, consumers and suppliers. This paper presents an approach securing a system without any knowledge of the system source code. The security module adds to the existing system authentication and authorisation based on aspect oriented programming and the libert...

متن کامل

Hardware Encapsulation of Security Services

Hardware security modules can be used to encapsulate simple security services that bind security functions such as decryption with authorisation and authentication. Such hardware secured services provide a functional root of trust that can be placed within context of a wider IT solution hence enabling strong separations of control and duty. This paper describes an approach to using such hardwar...

متن کامل

Trust enhanced distributed authorisation for web services

a r t i c l e i n f o a b s t r a c t In this paper, we propose a trust enhanced distributed authorisation architecture (TEDA) that provides a holistic framework for authorisation taking into account the state of a user platform. The model encompasses the notions of 'hard' and 'soft' trust to determine whether a platform can be trusted for authorisation. We first explain the rationale for the o...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2003