A Policy-driven Approach to Dynamic Composition of Authentication and Authorization Patterns and Services

During the past decade, the telecommunication environment has evolved from single operator featuring voice services to multi-operator featuring a range of different types of services. Services are being provided today in a distributed manner in a connectionless environment requiring cooperation of several components and actors. This paper focuses on the incremental means to ensure access to services for authorized users only by composing authentication and authorization patterns and services. We propose a novel framework of authentication and authorization patterns for securing access to services for authorized users only, and we demonstrate how the patterns can be dynamically composed with services using a policy-driven approach.

[1]  Øystein Haugen,et al.  Proposed notation for exception handling in UML 2 sequence diagrams , 2006, Australian Software Engineering Conference (ASWEC'06).

[2]  Emil C. Lupu,et al.  Reconciling role based management and role based access control , 1997, RBAC '97.

[3]  Jacqueline Floch,et al.  A Compositional Approach to Service Validation , 2005, SDL Forum.

[4]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[5]  Richard Torbjørn Sanders,et al.  Modeling peer-to-peer service goals in UML , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[6]  Morris Sloman,et al.  Policy Conflict Analysis in Distributed System Management , 1994 .

[7]  Bruce Schneier,et al.  Cryptanalysis of Microsoft's point-to-point tunneling protocol (PPTP) , 1998, CCS '98.

[8]  J.E.Y. Rosseboe,et al.  Towards a framework of authentication and authorization patterns for ensuring availability in service composition , 2006 .

[9]  Joseph W. Yoder,et al.  Architectural Patterns for Enabling Application Security , 1998 .

[10]  Emil C. Lupu,et al.  Ponder: A Language for Specifying Security and Management Policies for Distributed Systems , 2000 .

[11]  Frank Alexander Kraemer,et al.  Using UML 2.0 collaborations for compositional service specification , 2005, MoDELS'05.

[12]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[13]  Rolv Bræk,et al.  Towards a framework of authentication and authorization patterns for ensuring availability in service composition , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[14]  William A. Arbaugh,et al.  IEEE 52 Computer , 1985 .

[15]  Andreas Prinz,et al.  Application of Stuck-Free Conformance to Service-Role Composition , 2006, SAM.

[16]  Mass Soldal Lund,et al.  A Conceptual Model for Service Availability , 2006, Quality of Protection.

[17]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..

[18]  Rolv Bræk,et al.  Dynamic Role Binding in a Service Oriented Architecture , 2005, INTELLCOMM.

[19]  Stephan Reiff-Marganiec,et al.  A Policy Architecture for Enhancing and Controlling Features , 2003, FIW.

[20]  He Huang,et al.  IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution , 2001, POLICY.

[21]  Indrakshi Ray,et al.  Using uml to visualize role-based access control constraints , 2004, SACMAT '04.

[22]  Eduardo B. Fernandez,et al.  The Authenticator Pattern , 1999 .

[23]  Daniel Amyot,et al.  Service Discovery and Component Reuse with Semantic Interfaces , 2005, SDL Forum.