An Implementation of the OAuth 2.0 for an Enterprise Service Bus

The utilization of Service-Oriented Architecture (SOA) offers certain benefits, such as low coupling and interoperability. Considering its benefits, SOA is being used for integration of systems and applications within organizations. In order to evaluate and to provide evolution of legacy systems, SOA is an option for the modernization of the legacy systems. Regarding authorization with SOA, the OAuth 2.0 protocol was implemented as part of the solution of the Enterprise Service Bus (ESB) that is be used as important step for modernization of legacy systems. This research presents a case of study of a systematic mapping regarding the authentication and authorization mechanisms in SOA applied to legacy systems maintained and that are in use by students and professionals at University of Brasilia (UnB). Performance tests were carried out in the solution allowing to check the increase in the latency introduced by the Protocol and the average flow supported. Simulations were carried out with the objective to verify the behavior of the Protocol implemented when exposed to a replay attack.

[1]  Rodrigo Almeida,et al.  A Systematic Mapping Study on Legacy System Modernization , 2016, SEKE.

[2]  Edna Dias Canedo,et al.  Solutions analysis of authentication and authorization for service oriented architectures , 2016, CISTI 2016.

[3]  Patrick Traynor,et al.  More Guidelines Than Rules: CSRF Vulnerabilities from Noncompliant OAuth 2.0 Implementations , 2015, DIMVA.

[4]  Guang Gong,et al.  OAuth and ABE based authorization in semi-trusted cloud computing: aauth , 2011, DataCloud-SC '11.

[5]  Dieter Rombach,et al.  Phase 2: Define Goals, Strategies, and Measurement , 2014 .

[6]  Luigi Lo Iacono,et al.  On the Security Expressiveness of REST-Based API Definition Languages , 2017, TrustBus.

[7]  Han-Jin Cho,et al.  A study on secure user authentication and authorization in OAuth protocol , 2017, Cluster Computing.

[8]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[9]  Betim Cico,et al.  A framework for flexible REST services: Decoupling authorization for reduced service dependency , 2015, 2015 4th Mediterranean Conference on Embedded Computing (MECO).

[10]  Gary B. Wills,et al.  Using Goal-Question-Metric (GQM) Approach to Assess Security in Cloud Storage , 2015, ES.

[11]  Johan Wiklund,et al.  Performance tests of a new non-invasive sensor unit and ultrasound electronics , 2016 .

[12]  Joe Armstrong,et al.  Programming Erlang: Software for a Concurrent World , 1993 .

[13]  Zongkai Yang,et al.  SAML Based Unified Access Control Model for Inter-platform Educational Resources , 2008, 2008 International Conference on Computer Science and Software Engineering.

[14]  Xiang Li,et al.  The study on the application of BAN logic in formal analysis of authentication protocols , 2005, ICEC '05.

[15]  Feng Yang,et al.  A security analysis of the OAuth protocol , 2013, 2013 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM).

[16]  Bo Li,et al.  SOA Reference Architecture: Standards and Analysis , 2016, SmartCom.

[17]  Er. Gurleen Kaur,et al.  A Survey Paper on Social Sign-On Protocol OAuth 2.0 , 2013 .

[18]  Matjaz B. Juric,et al.  SOA Approach to Integration: XML, Web services, ESB, and BPEL in real-world SOA projects , 2007 .

[19]  Kun Gao,et al.  Deep data analyzing algorithm based on scale space theory , 2017, Cluster Computing.

[20]  Mark Conway Munro Text Functions (JSON) , 2017 .

[21]  Jie Xu,et al.  Dynamic Authentication for Cross-Realm SOA-Based Business Processes , 2012, IEEE Transactions on Services Computing.

[22]  Jakub Parák,et al.  W2E-–Wellness Warehouse Engine for Semantic Interoperability of Consumer Health Data , 2016, IEEE Journal of Biomedical and Health Informatics.