An authorization control framework to enable service composition Takashi Suzuki, Randy H. Katz EECS Department University of California, Berkeley {tsuzuki,

Slides:

Advertisements

Similar presentations

Simple Object Access Protocol (SOAP) v1.1 CS-328 Dick Steflik.

Advertisements

SOAP.

XML Technology in E-Commerce

Information Management NTU Web Services. Information Management NTU What Are Web Services? Semantically encapsulate discrete functionality Loosely coupled,

SOAP Lee Jong-uk. Introduction What is SOAP? The features of SOAP The structure of SOAP SOAP exchange message model & message Examples of SOAP.

SOAP Ashish V. Tendulkar Directory Database integration group ( Persistent Systems Pvt. Ltd. Pune (

LANMAN2002 Stockholm. Sweden Privacy Enhanced Architecture for Location Based Services (PE-LBS) Alberto Escudero-Pascual Royal Institute of Technology.

Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.

XML Technologies and Applications Rajshekhar Sunderraman Department of Computer Science Georgia State University Atlanta, GA 30302

Slide 1 EE557: Server-Side Development Lecturer: David Molloy Room: XG19 Mondays 10am-1pm Notes:

SOAP (Simple Object Access Protocol) Knarig Arabshian Department of Computer Science Columbia University April 24, 2002.

Web Services Seppo Heikkinen MITA seminar/TUT

SOAP Chandra Dutt Yarlagadda Introduction  Why ?  What ?  How ?  Security Issues in SOAP  Advantages  Uses  Conclusion.

XML Web Services Hangning Qiu For CS843. What is XML Web service? A Web service is a service program that relies on the Web programming model and XML.

INTRODUCTION TO WEB SERVICES CS 795. What is a Web Service ? Web service is a means by which computers talk to each other over the web using HTTP and.

Web Services Michael Smith Alex Feldman. What is a Web Service? A Web service is a message-oriented software system designed to support inter-operable.

Source: George Colouris, Jean Dollimore, Tim Kinderberg & Gordon Blair (2012). Distributed Systems: Concepts & Design (5 th Ed.). Essex: Addison-Wesley.

1 what is soap don box sun/netscape bof january 25, 2000.

Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical.

Service Oriented Architecture CPSC 410 Some content based on IBM’s SOA material, especially SW708: For Business Partners: Service-Oriented Architecture.

AMS confidential & proprietary International Business and Technology Consultants 1 XML as a Document Exchange Format Tom Loukas AMS Center for Advanced.

Discovering E-Services Using UDDI in SELF-SERV Quan Z. Sheng, Boualem Benatallah, Rayan Stephan, Eileen Oi-Yan Mak, Yan Q. Zhu School of Computer Science.

Introducing Axis2 Eran Chinthaka. Agenda  Introduction and Motivation  The “big picture”  Key Features of Axis2 High Performance XML Processing Model.

Evaluating Web Services for FDMS Cynthia Loitch OAR/PMEL (PI) Eugene Burger OAR/PMEL NOAA Research Webshop 2003 Longmont, CO 3-5 June 2003.

Web services: Why and How OOPSLA 2001 F. Curbera, W.Nagy, S.Weerawarana Nclab, Jungsook Kim.

Adaptability for flexible mobile service provision in 3G and beyond Nikos Houssos

A Semantic-Based Web Service Composition Facility for ebXML Registries Asuman Dogac Yildiray Kabak Gokce Laleci Middle East Technical University Ankara.

Enabling Embedded Systems to access Internet Resources.

Vidiator Technology (US) Inc. Slide 3-1 Vidiator Xenon Platform Training Platform Configuration, and Integration.

Outline  Enterprise System Integration: Key for Business Success  Key Challenges to Enterprise System Integration  Service-Oriented Architecture (SOA)

Web Services (SOAP, WSDL, and UDDI)

Simple Object Access Protocol (SOAP) Mark H Needleman Data Research Associates, Inc. ZIG Meeting December 2000.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 ITU-T Security Standardization on Mobile Web Services Lee, Jae Seung Special Fellow,

CSC8530 Distributed Systems XML Web Services David Vaglia.

Comparison of Web Services, RMI, CORBA, DCOM Usha, Lecturer MCA Department of Computer Science and Engineering.

Web Services Kanda Runapongsa Dept. of Computer Engineering Khon Kaen University.

Web Services based e-Commerce System Sandy Liu Jodrey School of Computer Science Acadia University July, 2002.

SOAP. Introduction SOAP is  a lightweight protocol  used for exchanging data in a decentralized distributed environment  XML-based  independent from.

Web Services for Satellite Emulation Development Kathy J. LiszkaAllen P. Holtz The University of AkronNASA Glenn Research Center.

XML Web Services Architecture Siddharth Ruchandani CS 6362 – SW Architecture & Design Summer /11/05.

A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.

AUTHORS: MIKE P. PAPAZOGLOU WILLEM-JAN VAN DEN HEUVEL PRESENTED BY: MARGARETA VAMOS Service oriented architectures: approaches, technologies and research.

Internet Technologies Review Week 1 How does Jigsaw differ from EchoServer.java? What abstractions are made available to the servlet writer (under.

Enterprise Computing: Web Services

XML, XSL, and SOAP Building Object Systems from Documents CSC/ECE 591o Summer 2000.

S imple O bject A ccess P rotocol Karthikeyan Chandrasekaran & Nandakumar Padmanabhan.

.NET and SOAP An Overview of SOAP By Raghavendra Aekka.

Introduction to Web Services. SOAP SOAP originally stood for "Simple Object Access Protocol". Web Services expose useful functionality to Web users through.

INRIA - Progress report DBGlobe meeting - Athens November 29 th, 2002.

An Introduction to Web Services Web Services using Java / Session 1 / 2 of 21 Objectives Discuss distributed computing Explain web services and their.

David Smiley SOA Technology Evangelist Software AG Lead, follow or get out of the way Here Comes SOA.

Web Services Part 1 -- Qinwei Zhu Part 2 – Yongqun He.

1 G52IWS: Web Services Chris Greenhalgh. 2 Contents The World Wide Web Web Services example scenario Motivations Basic Operational Model Supporting standards.

A quick overview of Network communications A quick overview of Network communications Anthony Lomax Anthony Lomax Scientific Software Mouans-Sartoux, France.

Providing web services to mobile users: The architecture design of an m-service portal Minder Chen - Dongsong Zhang - Lina Zhou Presented by: Juan M. Cubillos.

A SOAP Binding for NETCONF Ted Goddard draft-goddard-netconfsoap-00.txt.

CORBA AND SOAP Unmesh Kulkarni i2 Group Ashish V. Tendulkar Directory Database integration group ( Persistent Systems Pvt. Ltd.

Netprog: Soap & XML-RPC1 XML-RPC and SOAP. Netprog: Soap & XML-RPC2 XML Extensible Markup Language Markup Language. –HTML is also a markup language (but.

Introduction to Web Services Presented by Sarath Chandra Dorbala.

SOAP, Web Service, WSDL Week 14 Web site:

SOAP : Simple Object Access Protocol A ‘clean’ tool for remote procedure calls.

Software Architecture Patterns (3) Service Oriented & Web Oriented Architecture source: microsoft.

A service Oriented Architecture & Web Service Technology.

Added Value to XForms by Web Services Supporting XML Protocols Elina Vartiainen Timo-Pekka Viljamaa T Research Seminar on Digital Media Autumn.

A Semi-Automated Digital Preservation System based on Semantic Web Services Jane Hunter Sharmin Choudhury DSTC PTY LTD, Brisbane, Australia Slides by Ananta.

Web Services CO5027.

AAA: A Survey and a Policy- Based Architecture and Framework

Presentation transcript:

An authorization control framework to enable service composition Takashi Suzuki, Randy H. Katz EECS Department University of California, Berkeley {tsuzuki,

Motivation Demand for customized service provisioning for each individual user  Web service composition Portal Request User Profile Device Profile LocationTime Customized Service Loosely coupled Service components How to manage authorization for a composed service which contains various service components in different administrative domains?  Need an authorization control framework to support flexible and complex service composition.

Example of composed service Customized multimedia content streaming over mobile networks Portal Content Server Edge Server Content Adaptation QoS Manager User User Profile Mobile NW (domain 1) Domain 2 Domain 3 Domain 4 Authorization control function Location Device Credit Preference age

Issues to be solved Various service components are invoked in a session. Protocol between authorization control server and service components should be able to carry various authorization information Existing protocols are designed only for specific services  (e.g., DIAMETER for network access, COPS for QoS control)  A generic authorization control protocol Portal needs to invoke service components beyond its local administrative domain It needs to get many credentials (tickets) from external administrative domains. Or, each service component need to prepare multiple authorization rules for different credentials from external domains.  An authorization control scheme with credential transformation

A generic authorization control protocol Designed to build a common authorization control infrastructure Based on SOAP/XML SOAP  Lightweight protocol for remote service invocation  Firewall-traversal  Independent of underlying transport protocol, or security mechanism XML based language for authorization information  Simple but powerful enough to express complex data structure  By using schema languages, it becomes possible to define common authorization control class methods  New application support by defining new name space without spoiling interoperability UserPortal Authorization control infrastructure 1 Service 1 Policy 3 1,3,5 Service request 2,4,6 Decision request 24 Service Authorization control protocol

An authorization control function Authorization rule tree Authorization Control Function HTTP Server Rule Tree Check SOAP Server Parameter Verification Result XML Parser Credentials, Conditions Service Action DOM Rules SOAP Client HTTP Client Service Component Service Rule1Rule2Rule n Credential 1Credential 2Condition 1Condition 2 Action mAction1 Authorization decision request Authorization decision response Post /AuthorizationDecision HTTP/1.1 Host: Content-Type: text/xml; charset="UTF-8" Content-Length: nnnn SOAPACTION: "/AuthorizationDecision" <SOAP-ENV:Envelope xmlns:SOAP-ENV=" SOAP-ENV:encodingStyle=" … Example of SOAP message: AuthorizationDecision Request

Example of SOAP message Post /AuthorizationDecision HTTP/1.1 Host: Content-Type: text/xml; charset="UTF-8" Content-Length: nnnn SOAPACTION: "/AuthorizationDecision" <SOAP-ENV:Envelope xmlns:SOAP-ENV=" SOAP-ENV:encodingStyle=" … (a) AuthorizationDecision Request HTTP/ OK Content-Type: text/xml; charset="UTF-8" Content-Length: nnnn <SOAP-ENV:Envelope xmlns:SOAP-ENV=" SOAP-ENV:encodingStyle=" … (b) AuthorizationDecision Response

Domain 2Domain 1 An authorization control scheme with credential transformation Service Action Credential/ Condition c1c1 c1c1 c' 1 e' 1 c2c2 e2e2 Transformation Rule c' 1 c2c2 e2e2 e' 1 Authorization rule hierarchyDynamically generated rule hierarchy Request with local credentials Rule repository Rule repository Credential Transformation Rule ServiceUser Service invocation across domains Authorization control function Authorization control function dynamically converts authorization rule hierarchy, according to credential transformation rules. Then it make a authorization decision based on generated rule. Credentials Decision request with credentials of domain 1

An authorization control function with credential transformation Authorization Decision function Rule Tree Check Parameter Verification Result XML Parser Credentials, Conditions Service, Action DOM Authorization rule Transform Credential transformation rule Base Application specific HTTP Server SOAP ServerSOAP Client HTTP Client Service component Authorization decision request with external credentials Transformation rule described using XSLT Transform XML document (authorization rule) based on XSLT document (transformation rule)

Conclusion Studied an authorization control framework to enable service composition across administrative domains A generic authorization control protocol is needed to support various service components  Designed SOAP/XML-based protocol so that it meets the requirements Proposed an authorization control scheme with credential transform  To reduce overhead of a portal to obtain multiple credentials (tickets) from external administrative domains.  To liberate service providers from preparing multiple authorization rules for different administrative domains. Future work Implement a generic authorization control protocol and authorization control function. Investigate a scalable authorization scheme to support composed services containing many service components.