User-Controlled Dynamic Access Credential Enrichment for Run-time Service Selection

Dynamic run-time selection and sourcing of service components provide considerable potential in todays changing business world. They provide means to counter agility, flexibility and the ability to integrate applications originating from systems of different security domains. While the advantages are obvious strong implications to security in general and authorization and access control in particular do exist. In this paper we present an infrastructure-based approach for en-route dynamic credential enrichment. It enables dynamic replacement of access-restricted service instances by implementing runtime supplementation of security tokens. If authorized, a security intermediary accesses user profiles and retrieves security tokens supplied by identity providers and needed for access control at dynamically selected access-restricted service instances.

[1]  Zongwei Luo,et al.  SOA-Trust: Towards Developing Trustworthy RFID Enabled Intelligent Service Solutions , 2007 .

[2]  Mark Gaynor,et al.  Web Services: Enabling Dynamic Business Networks , 2003, Commun. Assoc. Inf. Syst..

[3]  Mike P. Papazoglou,et al.  Service oriented architectures: approaches, technologies and research issues , 2007, The VLDB Journal.

[4]  Christoph Meinel,et al.  A Web Service Architecture for Decentralised Identity- and Attribute-Based Access Control , 2009, 2009 IEEE International Conference on Web Services.

[5]  Marc-Thomas Schmidt,et al.  The Enterprise Service Bus: Making service-oriented architecture real , 2005, IBM Syst. J..

[6]  Hannes Hartenstein,et al.  FedWare: Middleware Services to Cope with Information Consistency in Federated Identity Management , 2010, 2010 International Conference on Availability, Reliability and Security.

[7]  Karol Furdík,et al.  Support of Semantic Interoperability in a Service-based Business Collaboration Platform , 2011, Scalable Comput. Pract. Exp..

[8]  Bin Chen,et al.  DRESR: Dynamic Routing in Enterprise Service Bus , 2007, IEEE International Conference on e-Business Engineering (ICEBE'07).

[9]  Elisa Bertino,et al.  A Service-Oriented Approach to Security--Concepts and Issues , 2007, 11th IEEE International Workshop on Future Trends of Distributed Computing Systems (FTDCS'07).

[10]  Hongke Zhang,et al.  Web Service Selection in Trustworthy Collaboration Network , 2011, 2011 IEEE 8th International Conference on e-Business Engineering.

[11]  Günther Pernul,et al.  DS3I - A Dynamic Semantically Enhanced Service Selection Infrastructure , 2011, EC-Web.

[12]  Günther Pernul,et al.  Security for Dynamic Service-Oriented eCollaboration - Architectural Alternatives and Proposed Solution , 2010, TrustBus.

[13]  Elisa Bertino,et al.  Security for Web Services and Service-Oriented Architectures , 2009 .

[14]  Gary McGraw,et al.  Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[15]  Schahram Dustdar,et al.  End-to-End Support for QoS-Aware Service Selection, Binding, and Mediation in VRESCo , 2010, IEEE Transactions on Services Computing.

[16]  Gabriela Gheorghe,et al.  Service Oriented Security Architecture , 2007, Enterp. Model. Inf. Syst. Archit. Int. J. Concept. Model..

[17]  Alexander Pretschner,et al.  Usage Control in Service-Oriented Architectures , 2007, TrustBus.

[18]  Peng Zhang,et al.  iWeb: A Service-Oriented Web Application Framework with Service Selection over QoS and Context , 2011, 2011 IEEE 8th International Conference on e-Business Engineering.

[19]  Eric van Heck,et al.  Smart business networks: how the network wins , 2007, CACM.

[20]  Soo Dong Kim,et al.  A Practical Framework for Dynamic Composition on Enterprise Service Bus , 2007, IEEE International Conference on Services Computing (SCC 2007).

[21]  Frank Leymann,et al.  Virtualizing Services and Resources with ProBus: The WS-Policy-Aware Service and Resource Bus , 2009, 2009 IEEE International Conference on Web Services.