Automated Security Service Orchestration for the Identity Management in Web Service Based Systems

Today, there is a huge amount of security services that can be used to implement different security requirements in Web Service based systems. For example, identity management services are required for authentication and authorization whereas message logging services are necessary to achieve non-repudiation. However, the deployment and configuration of these security services usually requires expert knowledge about the systems and expert knowledge about security requirements and implementations which a person can only learn by experience. Furthermore, today's Web Service based systems become increasingly complex. Thus, implementing security requirements is a complex and error prone task, even for experts. For this paper, we analysed several service-based implementations for identity management and their differences in the service orchestration. We present an approach to derive the needed security services, their configuration, and their connections to the functional services, based on defined security requirements for a Web Service based system. Therefore, we evaluate the UML use case model of the system and apply service security pattern derived during the analysis of the identity management implementations.

[1]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[2]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[3]  Sebastian Rieger,et al.  User-Centric Identity Management in Heterogeneous Federations , 2009, 2009 Fourth International Conference on Internet and Web Applications and Services.

[4]  Christoph Meinel,et al.  A Pattern-Driven Generation of Security Policies for Service-Oriented Architectures , 2010, 2010 IEEE International Conference on Web Services.

[5]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[6]  Gerard G. Meszaros,et al.  A pattern language for pattern writing , 1997 .

[7]  Christoph Meinel,et al.  SecureSOA Modelling Security Requirements for Service-Oriented Architectures , 2010, 2010 IEEE International Conference on Services Computing.

[8]  Audun Jøsang,et al.  Trust Requirements in Identity Management , 2005, ACSW.

[9]  E.B. Fernandez,et al.  A Pattern Language for Identity Management , 2007, 2007 International Multi-Conference on Computing in the Global Information Technology (ICCGI'07).