Skip to main content
SpringerLink
Log in

An Approach to Identity Management for Service Centric Systems

  • Conference paper
Towards a Service-Based Internet (ServiceWave 2008)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5377))

Included in the following conference series:

Abstract

Today users consume applications composed by services from different providers across trust domains. By experience we know that security requirements and user identity management make services composition difficult. We believe that delegation of access rights across trust domains will become an essential mechanism in services composition scenarios. Users care about security but cannot deal with the variety of existing solutions for access control. A unified interface of access control and delegation is essential for multi-domain composite services. This paper addresses the problem of identity management for service-centric systems and proposes a novel approach based on an abstract delegation framework supporting different access control mechanisms. We show how the abstract delegation framework is designed to give control and clarity to the user consuming applications based on service composition. Besides the theoretical aspects, the paper shares experiences based on scenarios from the automotive industry.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Tziviskou, C., Di Nitto, E.: Logic-based management of security in web services. In: IEEE SCC, pp. 228–235. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  2. SeCSE: SeCSE IST Project, http://secse.eng.it

  3. Colombo, M., Di Nitto, E., Mauri, M.: Scene: A service composition execution environment supporting dynamic changes disciplined through rules. In: Dan, A., Lamersdorf, W. (eds.) ICSOC 2006. LNCS, vol. 4294, pp. 191–202. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  4. Papazoglou, M.: The challenges of service evolution. In: Bellahsène, Z., Léonard, M. (eds.) CAiSE 2008. LNCS, vol. 5074. Springer, Heidelberg (2008) (keynote address)

    Chapter  Google Scholar 

  5. CEFRIEL, EMIC, L.T.: A4.d14 state of art and impact analysis of identity management. Report, SeCSE project (May 2007), http://www.secse-project.eu/wp-content/uploads/2007/09/a4d14-state-of-the-art-and-impact-analysis-of-identity-management.pdf

  6. CEFRIEL, EMIC, L.T.T.: A4.d16 design of the 3nd version of the secse delivery platform. Report, SeCSE project (September 2007), http://www.secse-project.eu/wp-content/uploads/2007/09/a4d16-design-of-the-3nd-version-of-the-service-delivery-platform.zip

  7. SeCSE Consortium: Design of the 3rd version of the SeCSE delivery platform (focused on IdM). Public report A4.D19, SeCSE Project (February 2008), http://secse.eng.it/wp-content/uploads/ .

  8. Nadalin, A., Goodner, M., Gudgin, M., Barbir, A., Granqvist, H.: OASIS WS-Trust 1.4. Specification Version 1.4, OASIS, Currently in draft status, refer to version 1.3 for latest approved version (February 2008)

    Google Scholar 

  9. Moses, T.: OASIS eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard oasis-access_control-xacml-2.0-core-spec-os, OASIS (February 2005)

    Google Scholar 

  10. Cavallaro, L., Di Nitto, E.: An approach to adapt service requests to actual service interfaces. In: SEAMS 2008: Proceedings of the 2008 international workshop on Software engineering for adaptive and self-managing systems, pp. 129–136. ACM, New York (2008)

    Google Scholar 

  11. Active Endpoints: The ActiveBPEL Community Edition Engine, http://www.activevos.com/community-open-source.php

  12. JBoss: Drools, http://www.jboss.org/drools/

  13. Di Penta, M., Esposito, R., Villani, M.L., Codato, R., Colombo, M., Di Nitto, E.: Ws binder: a framework to enable dynamic binding of composite web services. In: ICSE Workshop on Service-Oriented Software Engineering (IW-SOSE 2006) (2006)

    Google Scholar 

  14. Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: Rfc 2693 – spki certificate theory (1999)

    Google Scholar 

  15. Becker, M.Y., Gordon, A.D., Fournet, C.: Secpal: Design and semantics of a decentralized authorization language. Technical Report MSR-TR-2006-120, Microsoft Research (September 2006)

    Google Scholar 

  16. Google: Google calendar, http://www.google.com/calendar

  17. Robinson, P., Kerschbaum, F., Schaad, A.: From business process choreography to authorization policies. In: [27] pp. 297–309 ISBN 978-3-540-36796-3

    Google Scholar 

  18. Mukkamala, R., Atluri, V., Warner, J., Abbadasari, R.: A distributed coalition service registry for ad-hoc dynamic coalitions: A service-oriented approach. In: [27] ISBN 978-3-540-36796-3

    Google Scholar 

  19. Wimmer, M., Kemper, A., Rits, M., Lotz, V.: Consolidating the access control of composite applications and workflows. In: [27], pp. 44–59 ISBN 978-3-540-36796-3

    Google Scholar 

  20. She, W., Thuraisingham, B., Yen, I.L.: Delegation-based security model for web services. In: Proceedings of 10th IEEE High Assurance Systems Engineering Symposium (HASE 2007), pp. 82–91. IEEE Computer Society, Los Alamitos (2007)

    Chapter  Google Scholar 

  21. López, G., Cánovas, O., Gómez-Skarmeta, A.F., Otenko, S., Chadwick, D.W.: A Heterogeneous Network Access Service Based on PERMIS and SAML. In: Chadwick, D., Zhao, G. (eds.) EuroPKI 2005. LNCS, vol. 3545, pp. 55–72. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  22. Freudenthal, E., Pesin, T., Port, L., Keenan, E., Karamcheti, V.: dRBAC: Distributed role-based access control for dynamic coalition environments. In: Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS 2002), Washington, DC, USA, pp. 411–420. IEEE Computer Society, Los Alamitos (2002)

    Chapter  Google Scholar 

  23. OAuth Core Workgroup: OAuth Core 1.0. Technical report (2007)

    Google Scholar 

  24. Anonymous: Understanding Windows Live delegated authentication. White paper, Microsoft Corporation (February 2008), http://msdn2.microsoft.com/en-us/library/cc287613.aspx

  25. Yu, W.D.: An intelligent access control for web services based on service oriented architecture platform. In: Proceedings of the The Fourth IEEE Workshop on Software Technologies for Future Embedded and Ubiquitous Systems, and the Second International Workshop on Collaborative Computing, Integration, and Assurance (SEUS-WCCIA 2006), pp. 190–198. IEEE Computer Society, Los Alamitos (2006)

    Google Scholar 

  26. Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A multipolicy authorization framework for grid security. In: Fifth IEEE International Symposium on Network Computing and Applications, pp. 269–272. IEEE Press, Los Alamitos (2006)

    Chapter  Google Scholar 

  27. Damiani, E., Liu, P. (eds.): Data and Applications Security 2006. LNCS, vol. 4127. Springer, Heidelberg (2006)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. European Microsoft Innovation Center, Aachen, Germany

    Laurent Bussard, Anna Nano & Olivier Nano

  2. Politecnico di Milano, Milan, Italy

    Elisabetta Di Nitto

  3. CEFRIEL, Milan, Italy

    Gianluca Ripa

Authors
  1. Laurent Bussard
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elisabetta Di Nitto
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anna Nano
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Olivier Nano
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Gianluca Ripa
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Wireless Networks, RWTH Aachen University, Kackertstrasse 9, 52072, Aachen, Germany

    Petri Mähönen

  2. Software Systems Engineering, University Duisburg-Essen, Schützenbahn 70, 45117, Essen, Germany

    Klaus Pohl

  3. INRIA Rennes - Bretagne Atlantique, Campus de Beaulieu, 35042, Rennes Cedex, France

    Thierry Priol

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bussard, L., Di Nitto, E., Nano, A., Nano, O., Ripa, G. (2008). An Approach to Identity Management for Service Centric Systems. In: Mähönen, P., Pohl, K., Priol, T. (eds) Towards a Service-Based Internet. ServiceWave 2008. Lecture Notes in Computer Science, vol 5377. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89897-9_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-89897-9_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-89896-2

  • Online ISBN: 978-3-540-89897-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation