Extending the security assertion markup language to support delegation for Web services and grid services

Extending the security assertion markup language to support delegation for Web services and grid services

Users of Web and grid services often must temporarily delegate some or all of their rights to a software entity to perform actions on their behalf. The problem with the typical grid services approach (X. 509 proxy certificates) is that commercial Web services tooling fails to recognize these certifi...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Jun Wang, Del Vecchio, D., Humphrey, M.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Authentication
Authorization
Europe
Information security
Laboratories
Markup languages
National electric code
Portals
Protocols
Web services
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 74 vol.1
container_issue
container_start_page 67
container_title
container_volume
creator Jun Wang
Del Vecchio, D.
Humphrey, M.
description Users of Web and grid services often must temporarily delegate some or all of their rights to a software entity to perform actions on their behalf. The problem with the typical grid services approach (X. 509 proxy certificates) is that commercial Web services tooling fails to recognize these certificates or process them properly. The security assertion markup language (SAML) is a standardized XML-based framework for exchanging authentication, authorization and attribute information. SAML has broadening commercial support but lacks delegation capabilities. To address this shortcoming, we exploit SAML's inherent extensibility to create a delegation framework for Web and grid services that supports both direct and indirect delegation. We develop a set of verification rules for delegation tokens that rely on WS-Security X.509 signatures, but do not force any trust relationship between the delegatee and the target service. We have implemented the framework on two common Web service hosting environments: Java/Tomcat and .NET. By leveraging existing Web services standards, we make it easier for Grid practitioners to build and consume Web and grid services without resorting to grid-specific protocols.
doi_str_mv 10.1109/ICWS.2005.59
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_1530784</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>1530784</ieee_id><sourcerecordid>1530784</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-312df4faf82caa63596311460d72ec2b812262639cfd49c73f43f36323b9ddcf3</originalsourceid><addsrcrecordid>eNo9j8FKAzEURQMiKLU7d27yAx2TvEwyWUqpWii4UOmypMnLGB1nhiQj9u8tVrybC5fDgUvINWcV58zcrpfb50owVle1OSNzoxumlamFZEZckHnO7-wYMEo3cEni6rtg72Pf0vKGNKObUiwHanPGVOLQ00-bPqaRdrZvJ9siLQPN0zgOqVCPHbb2lwpDolvcHwXpKzrM1Paetin6_-WKnAfbZZz_9Yy83q9elo-LzdPDenm3WUSu67IALnyQwYZGOGsV1EYB51IxrwU6sW-4EEooMC54aZyGICGAAgF7470LMCM3J29ExN2Y4vHAYcdrYLqR8AP_0Vcs</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Extending the security assertion markup language to support delegation for Web services and grid services</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Jun Wang ; Del Vecchio, D. ; Humphrey, M.</creator><creatorcontrib>Jun Wang ; Del Vecchio, D. ; Humphrey, M.</creatorcontrib><description>Users of Web and grid services often must temporarily delegate some or all of their rights to a software entity to perform actions on their behalf. The problem with the typical grid services approach (X. 509 proxy certificates) is that commercial Web services tooling fails to recognize these certificates or process them properly. The security assertion markup language (SAML) is a standardized XML-based framework for exchanging authentication, authorization and attribute information. SAML has broadening commercial support but lacks delegation capabilities. To address this shortcoming, we exploit SAML's inherent extensibility to create a delegation framework for Web and grid services that supports both direct and indirect delegation. We develop a set of verification rules for delegation tokens that rely on WS-Security X.509 signatures, but do not force any trust relationship between the delegatee and the target service. We have implemented the framework on two common Web service hosting environments: Java/Tomcat and .NET. By leveraging existing Web services standards, we make it easier for Grid practitioners to build and consume Web and grid services without resorting to grid-specific protocols.</description><identifier>ISBN: 9780769524092</identifier><identifier>ISBN: 0769524095</identifier><identifier>DOI: 10.1109/ICWS.2005.59</identifier><language>eng</language><publisher>IEEE</publisher><subject>Authentication ; Authorization ; Europe ; Information security ; Laboratories ; Markup languages ; National electric code ; Portals ; Protocols ; Web services</subject><ispartof>IEEE International Conference on Web Services (ICWS'05), 2005, p.67-74 vol.1</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/1530784$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,776,780,785,786,2052,4036,4037,27902,54895</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/1530784$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Jun Wang</creatorcontrib><creatorcontrib>Del Vecchio, D.</creatorcontrib><creatorcontrib>Humphrey, M.</creatorcontrib><title>Extending the security assertion markup language to support delegation for Web services and grid services</title><title>IEEE International Conference on Web Services (ICWS'05)</title><addtitle>ICWS</addtitle><description>Users of Web and grid services often must temporarily delegate some or all of their rights to a software entity to perform actions on their behalf. The problem with the typical grid services approach (X. 509 proxy certificates) is that commercial Web services tooling fails to recognize these certificates or process them properly. The security assertion markup language (SAML) is a standardized XML-based framework for exchanging authentication, authorization and attribute information. SAML has broadening commercial support but lacks delegation capabilities. To address this shortcoming, we exploit SAML's inherent extensibility to create a delegation framework for Web and grid services that supports both direct and indirect delegation. We develop a set of verification rules for delegation tokens that rely on WS-Security X.509 signatures, but do not force any trust relationship between the delegatee and the target service. We have implemented the framework on two common Web service hosting environments: Java/Tomcat and .NET. By leveraging existing Web services standards, we make it easier for Grid practitioners to build and consume Web and grid services without resorting to grid-specific protocols.</description><subject>Authentication</subject><subject>Authorization</subject><subject>Europe</subject><subject>Information security</subject><subject>Laboratories</subject><subject>Markup languages</subject><subject>National electric code</subject><subject>Portals</subject><subject>Protocols</subject><subject>Web services</subject><isbn>9780769524092</isbn><isbn>0769524095</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2005</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNo9j8FKAzEURQMiKLU7d27yAx2TvEwyWUqpWii4UOmypMnLGB1nhiQj9u8tVrybC5fDgUvINWcV58zcrpfb50owVle1OSNzoxumlamFZEZckHnO7-wYMEo3cEni6rtg72Pf0vKGNKObUiwHanPGVOLQ00-bPqaRdrZvJ9siLQPN0zgOqVCPHbb2lwpDolvcHwXpKzrM1Paetin6_-WKnAfbZZz_9Yy83q9elo-LzdPDenm3WUSu67IALnyQwYZGOGsV1EYB51IxrwU6sW-4EEooMC54aZyGICGAAgF7470LMCM3J29ExN2Y4vHAYcdrYLqR8AP_0Vcs</recordid><startdate>2005</startdate><enddate>2005</enddate><creator>Jun Wang</creator><creator>Del Vecchio, D.</creator><creator>Humphrey, M.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>2005</creationdate><title>Extending the security assertion markup language to support delegation for Web services and grid services</title><author>Jun Wang ; Del Vecchio, D. ; Humphrey, M.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-312df4faf82caa63596311460d72ec2b812262639cfd49c73f43f36323b9ddcf3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2005</creationdate><topic>Authentication</topic><topic>Authorization</topic><topic>Europe</topic><topic>Information security</topic><topic>Laboratories</topic><topic>Markup languages</topic><topic>National electric code</topic><topic>Portals</topic><topic>Protocols</topic><topic>Web services</topic><toplevel>online_resources</toplevel><creatorcontrib>Jun Wang</creatorcontrib><creatorcontrib>Del Vecchio, D.</creatorcontrib><creatorcontrib>Humphrey, M.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Jun Wang</au><au>Del Vecchio, D.</au><au>Humphrey, M.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Extending the security assertion markup language to support delegation for Web services and grid services</atitle><btitle>IEEE International Conference on Web Services (ICWS'05)</btitle><stitle>ICWS</stitle><date>2005</date><risdate>2005</risdate><spage>67</spage><epage>74 vol.1</epage><pages>67-74 vol.1</pages><isbn>9780769524092</isbn><isbn>0769524095</isbn><abstract>Users of Web and grid services often must temporarily delegate some or all of their rights to a software entity to perform actions on their behalf. The problem with the typical grid services approach (X. 509 proxy certificates) is that commercial Web services tooling fails to recognize these certificates or process them properly. The security assertion markup language (SAML) is a standardized XML-based framework for exchanging authentication, authorization and attribute information. SAML has broadening commercial support but lacks delegation capabilities. To address this shortcoming, we exploit SAML's inherent extensibility to create a delegation framework for Web and grid services that supports both direct and indirect delegation. We develop a set of verification rules for delegation tokens that rely on WS-Security X.509 signatures, but do not force any trust relationship between the delegatee and the target service. We have implemented the framework on two common Web service hosting environments: Java/Tomcat and .NET. By leveraging existing Web services standards, we make it easier for Grid practitioners to build and consume Web and grid services without resorting to grid-specific protocols.</abstract><pub>IEEE</pub><doi>10.1109/ICWS.2005.59</doi></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 9780769524092
ispartof IEEE International Conference on Web Services (ICWS'05), 2005, p.67-74 vol.1
issn
language eng
recordid cdi_ieee_primary_1530784
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Authentication
Authorization
Europe
Information security
Laboratories
Markup languages
National electric code
Portals
Protocols
Web services
title Extending the security assertion markup language to support delegation for Web services and grid services
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-10T14%3A20%3A41IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Extending%20the%20security%20assertion%20markup%20language%20to%20support%20delegation%20for%20Web%20services%20and%20grid%20services&rft.btitle=IEEE%20International%20Conference%20on%20Web%20Services%20(ICWS'05)&rft.au=Jun%20Wang&rft.date=2005&rft.spage=67&rft.epage=74%20vol.1&rft.pages=67-74%20vol.1&rft.isbn=9780769524092&rft.isbn_list=0769524095&rft_id=info:doi/10.1109/ICWS.2005.59&rft_dat=%3Cieee_6IE%3E1530784%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=1530784&rfr_iscdi=true