Browse > Article
http://dx.doi.org/10.13089/JKIISC.2008.18.4.111

An Extended SAML Delegation Model Based on Multi-Agent for Secure Web Services  

Kim, Kyu-Il (SungKyunKwan University)
Won, Dong-Ho (SungKyunKwan University)
Kim, Ung-Mo (SungKyunKwan University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.18, no.4, 2008 , pp. 111-122 More about this Journal
Abstract
Web service is defined to support interoperable machine to machine interaction over a network and defined as distributed technologies. Recently in web service environment, security has become one of the most critical issues. An attacker may expose user privacy and service information without authentication. Furthermore, the users of web services must temporarily delegate some or all of their behalf. This results in the exposure of user privacy information by agents. We propose a delegation model for providing safety of web service and user privacy in ubiquitous computing environments. In order to provide safety of web service and user privacy, XML-based encryption and a digital signature mechanism need to be efficiently integrated. In this paper, we propose web service management server based on XACML, in order to manage services and policies of web service providers. For this purpose, we extend SAML to declare delegation assertions transferred to web service providers by delegation among agents.
Keywords
SAML; XACML; Agent;
Citations & Related Records
연도 인용수 순위
  • Reference
1 OASIS 'eXtensible Access Control Markup Language (XACML)V2.0' OASIS Standard, 1 February 2005
2 D. Ferraiolo, R. Kuhn, 'Role-Based Access Control' Proceedings of 15th National Computer Security Conference, 1992
3 Hidehito Gomi, Makoto Hatakeyama, Shigeru Hosono, Satoru Fujita, 'A Delegation Frameork for Federated Idenity Management', In Proceedings of DIM workshop, 2005
4 C. A. Ardagna, E. Damiani, S. De Capitani di Vimercati, P.Samarati, 'XML-based Access Control Language', Elsevier Information Security Technical Report, 2004
5 D. Clark, J. Elien, C. Ellision, M.Fredette, A. Marcos, R. Rivest, 'Certificate Chain Discovery in SPKI/SDSI', ACM Journal of Computer Security, 2001
6 OASIS, 'Web Service Security: SOAP Message Security 1.0', OASIS Standard, March 2004
7 Juan Dai, Rolbert Steele, 'UDDI Access Control', In Proceedings of the Information Technology and Applications, 2005
8 Jun Wang, David Del Vecchio, Marty Humphrey, 'Extending the Security Assertion Markup Language to Support Delegation for Web Services and Grid Services', IEEE International Conference on Web Services, 2005
9 XML Signature, http://www.w3.org/TR/xmldsig-core
10 OASIS 'Profile for the OASIS Security Assertion Language(SAML)V2.0' OASIS Standard, 15 March 2005
11 G. Navarro, B.S. Firozabadi, E.Rissanen and J.Borrell, 'Constrained delegation in XML-based Access Control and Digital Rights Management Standards', Communication, Network, and Information Security, 2003
12 Y. J Hu, 'Some thoughts on agent trust and delegation', In Proceedings of the fzfth International Conference on Autonomous Agents, 2001
13 R. Sandhu, E. Coyne, H. Fenstein, and C. Youman, 'Role-Based Access Control Models', IEEE Computer, February 1996
14 V. Semar, 'Single Sign-On Using Cookies for Web application. Proceedings', IEEE 8th International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprise (WET ICE 99), 1999
15 W3C, Web Service Description Language (WSDL) 1.1, W3C Note, March 2001. http://www.w3.org/TR/wsdl.html
16 B. Pfitzmann, B. Waidner, 'Token-based web Single Sign-On with Enabled Clients', IBM Research Report RZ 3458(93844), Nomuember 2002
17 X. Feng, L. Guoyuan, H. Hao, and X. Li, 'Role-Based Access Control System for Web Services.' In Proceedings of the 4th International Conference on Computer and Information Technology (CIT 04), 2004
18 V.Welch, I. Foster, C. Kessehnan, O. Muhno, L. Pearlaman, S. Tuecke, J. Gawor, S. Meder and F. Siebenlist, 'X.509 Proxy Certificates for Dynamic Delegation', In 3rd Annual PKI R&D Workshop, 2004
19 XML Encryption Syntax and Proceeding, http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/