Browse > Article
http://dx.doi.org/10.3745/JIPS.2008.3.2.082

A Delegation Model based on Agent in Distributed Systems  

Kim, Kyu-Il (Department of Computer Engineering, SungKyunKwan University)
Lee, Joo-Chang (Department of Computer Engineering, SungKyunKwan University)
Choi, Won-Gil (Department of Computer Engineering, SungKyunKwan University)
Lee, Eun-Ju (Department of Computer Engineering, SungKyunKwan University)
Kim, Ung-Mo (Department of Computer Engineering, SungKyunKwan University)
Publication Information
Journal of Information Processing Systems / v.3, no.2, 2007 , pp. 82-88 More about this Journal
Abstract
Web services are the new building block of today's Internet, and provides interoperability among heterogeneous distributed systems. Recently in web services environment, security has become one of the most critical issues. The hackers attack one of fragile point and can misuse legitimate user privilege because all of the connected devices provide services for the user control and monitoring in real time. Also, the users of web services must temporarily delegate some or all of their rights to agents in order to perform actions on their behalf. This fact risks the exposure of user privacy information. In this paper, we propose secure delegation model based on SAML that provides confidentiality and integrity about the user information in distributed systems. In order to support privacy protection, service confidentiality, and assertion integrity, encryption and a digital signature mechanism is deployed. We build web service management server based on XACML, in order to manage services and policies of web service providers.
Keywords
XACML; SAML; Agent;
Citations & Related Records
연도 인용수 순위
  • Reference
1 B.Pfitzmann, B.Waidner, Token-based web Single Sign-On with Enabled Clients, IBM Research Report RZ 3458(93844), Nobember 2002
2 V. Welch, I. Foster, C. Kesselman, O. Mulmo, L. Pearlman, S. Tuecke, J. Gawor, S. Meder and F. Siebenlist, X.509 Proxy Certificates for Dynamic Delegation, 2004
3 XML Encryption Syntax and Proceeding http://www.w3.org/TR/2002/REC-xmlenc-core-20021210
4 XML Signature, http://www.w3.org/TR/xmldsig-core
5 B.Clifford Neuman and Theodore Ts'o, Kerberos, An Authentication Service for Computer Networks, IEEE Communications, September 1994 pp33-38
6 OASIS "Profile for the OASIS Security Assertion Language (SAML)V2.0" OASIS Standard, 15 March 2005
7 R. Yavatkar, D. Pendarakis, and R. Guerin, A Framework for Policy-based Admission Control, IETF Informational Standard, RFC 2753, January 2000
8 Jung Wang, David Del Vecchio, Marty Humphery, Extending the Security Assertion Markup Language to Support Delegation for Web Services and Grid Services, In Proceedings of the IEEE International Conference on Web Services, 2005   DOI
9 G.Navarro, B.S.Firozabadi, E.Rissanen and J.Borrell, Constrained delegation in XML-based Access Control and Digital Rights Management Standards, Communication, Network, and Information Security 2003
10 C.A Ardagan, E.Damiani, S.De Capitani di Vimercati, P.Samarati, XML-based Access Control Language, 2004
11 Y. J Hu, Some thoughts on agent trust and delegation, In Proceeding of the fifth International Conference on Autonomous Agents, 2001   DOI
12 R.Sandhu, E. Coyne, H. Feinstein, and C.Youman, Role-Based Access Control Models, IEEE Computer, February 1996
13 G. Navarro, J. A. Ortega-Ruiz, J. Ametller, S. Robles, Distributed Authorization Framework form Mobile Agents, LNCS Mobility Aware Technologies and Applications, 2005   DOI   ScienceOn
14 OASIS "eXtensible Access Control Markup Language (XACML)V2.0", OASIS Standard, 1 February 2005