Presentation is loading. Please wait.

Presentation is loading. Please wait.

An authorization control framework to enable service composition Takashi Suzuki, Randy H. Katz EECS Department University of California, Berkeley {tsuzuki,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "An authorization control framework to enable service composition Takashi Suzuki, Randy H. Katz EECS Department University of California, Berkeley {tsuzuki,"— Presentation transcript:

1 An authorization control framework to enable service composition Takashi Suzuki, Randy H. Katz EECS Department University of California, Berkeley {tsuzuki, randy}@EECS.Berkeley.EDU

2 Motivation Demand for customized service provisioning for each individual user  Web service composition Portal Request User Profile Device Profile LocationTime Customized Service Loosely coupled Service components How to manage authorization for a composed service which contains various service components in different administrative domains?  Need an authorization control framework to support flexible and complex service composition.

3 Example of composed service Customized multimedia content streaming over mobile networks Portal Content Server Edge Server Content Adaptation QoS Manager User User Profile 1 2 3 4 5 6 7 Mobile NW (domain 1) Domain 2 Domain 3 Domain 4 Authorization control function Location Device Credit Preference age

4 Issues to be solved Various service components are invoked in a session. Protocol between authorization control server and service components should be able to carry various authorization information Existing protocols are designed only for specific services  (e.g., DIAMETER for network access, COPS for QoS control)  A generic authorization control protocol Portal needs to invoke service components beyond its local administrative domain It needs to get many credentials (tickets) from external administrative domains. Or, each service component need to prepare multiple authorization rules for different credentials from external domains.  An authorization control scheme with credential transformation

5 A generic authorization control protocol Designed to build a common authorization control infrastructure Based on SOAP/XML SOAP  Lightweight protocol for remote service invocation  Firewall-traversal  Independent of underlying transport protocol, or security mechanism XML based language for authorization information  Simple but powerful enough to express complex data structure  By using schema languages, it becomes possible to define common authorization control class methods  New application support by defining new name space without spoiling interoperability UserPortal Authorization control infrastructure 1 Service 1 Policy 3 1,3,5 Service request 2,4,6 Decision request 24 Service 2 6 5 Authorization control protocol

6 An authorization control function Authorization rule tree Authorization Control Function HTTP Server Rule Tree Check SOAP Server Parameter Verification Result XML Parser Credentials, Conditions Service Action DOM Rules SOAP Client HTTP Client Service Component Service Rule1Rule2Rule n Credential 1Credential 2Condition 1Condition 2 Action mAction1 Authorization decision request Authorization decision response Post /AuthorizationDecision HTTP/1.1 Host: www.AAAserver.com Content-Type: text/xml; charset="UTF-8" Content-Length: nnnn SOAPACTION: "/AuthorizationDecision" <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> … Example of SOAP message: AuthorizationDecision Request

7 Example of SOAP message Post /AuthorizationDecision HTTP/1.1 Host: www.AAAserver.com Content-Type: text/xml; charset="UTF-8" Content-Length: nnnn SOAPACTION: "/AuthorizationDecision" <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> … (a) AuthorizationDecision Request HTTP/1.1 200 OK Content-Type: text/xml; charset="UTF-8" Content-Length: nnnn <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> … (b) AuthorizationDecision Response

8 Domain 2Domain 1 An authorization control scheme with credential transformation Service Action Credential/ Condition c1c1 c1c1 c' 1 e' 1 c2c2 e2e2 Transformation Rule c' 1 c2c2 e2e2 e' 1 Authorization rule hierarchyDynamically generated rule hierarchy Request with local credentials Rule repository Rule repository Credential Transformation Rule ServiceUser Service invocation across domains Authorization control function Authorization control function dynamically converts authorization rule hierarchy, according to credential transformation rules. Then it make a authorization decision based on generated rule. Credentials Decision request with credentials of domain 1

9 An authorization control function with credential transformation Authorization Decision function Rule Tree Check Parameter Verification Result XML Parser Credentials, Conditions Service, Action DOM Authorization rule Transform Credential transformation rule Base Application specific HTTP Server SOAP ServerSOAP Client HTTP Client Service component Authorization decision request with external credentials Transformation rule described using XSLT Transform XML document (authorization rule) based on XSLT document (transformation rule)

10 Conclusion Studied an authorization control framework to enable service composition across administrative domains A generic authorization control protocol is needed to support various service components  Designed SOAP/XML-based protocol so that it meets the requirements Proposed an authorization control scheme with credential transform  To reduce overhead of a portal to obtain multiple credentials (tickets) from external administrative domains.  To liberate service providers from preparing multiple authorization rules for different administrative domains. Future work Implement a generic authorization control protocol and authorization control function. Investigate a scalable authorization scheme to support composed services containing many service components.

Download ppt "An authorization control framework to enable service composition Takashi Suzuki, Randy H. Katz EECS Department University of California, Berkeley {tsuzuki,"

Similar presentations

Simple Object Access Protocol (SOAP) v1.1 CS-328 Dick Steflik.

Simple Object Access Protocol (SOAP) v1.1 CS-328 Dick Steflik.
SOAP.

SOAP.
XML Technology in E-Commerce

XML Technology in E-Commerce
Information Management NTU Web Services. Information Management NTU What Are Web Services? Semantically encapsulate discrete functionality Loosely coupled,

Information Management NTU Web Services. Information Management NTU What Are Web Services? Semantically encapsulate discrete functionality Loosely coupled,
SOAP 20041094 Lee Jong-uk. Introduction What is SOAP? The features of SOAP The structure of SOAP SOAP exchange message model & message Examples of SOAP.

SOAP Lee Jong-uk. Introduction What is SOAP? The features of SOAP The structure of SOAP SOAP exchange message model & message Examples of SOAP.
SOAP Ashish V. Tendulkar Directory Database integration group (www.eusersolutions.com) Persistent Systems Pvt. Ltd. Pune (www.pspl.co.in)

SOAP Ashish V. Tendulkar Directory Database integration group ( Persistent Systems Pvt. Ltd. Pune (
LANMAN2002 Stockholm. Sweden Privacy Enhanced Architecture for Location Based Services (PE-LBS) Alberto Escudero-Pascual Royal Institute of Technology.

LANMAN2002 Stockholm. Sweden Privacy Enhanced Architecture for Location Based Services (PE-LBS) Alberto Escudero-Pascual Royal Institute of Technology.
Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.

Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.
XML Technologies and Applications Rajshekhar Sunderraman Department of Computer Science Georgia State University Atlanta, GA 30302

XML Technologies and Applications Rajshekhar Sunderraman Department of Computer Science Georgia State University Atlanta, GA 30302
Slide 1 EE557: Server-Side Development Lecturer: David Molloy Room: XG19 Mondays 10am-1pm Notes:

Slide 1 EE557: Server-Side Development Lecturer: David Molloy Room: XG19 Mondays 10am-1pm Notes:
SOAP (Simple Object Access Protocol) Knarig Arabshian Department of Computer Science Columbia University April 24, 2002.

SOAP (Simple Object Access Protocol) Knarig Arabshian Department of Computer Science Columbia University April 24, 2002.
Web Services Seppo Heikkinen MITA seminar/TUT 5.11.2003.

Web Services Seppo Heikkinen MITA seminar/TUT
SOAP Chandra Dutt Yarlagadda Introduction  Why ?  What ?  How ?  Security Issues in SOAP  Advantages  Uses  Conclusion.

SOAP Chandra Dutt Yarlagadda Introduction  Why ?  What ?  How ?  Security Issues in SOAP  Advantages  Uses  Conclusion.
XML Web Services Hangning Qiu For CS843. What is XML Web service? A Web service is a service program that relies on the Web programming model and XML.

XML Web Services Hangning Qiu For CS843. What is XML Web service? A Web service is a service program that relies on the Web programming model and XML.
INTRODUCTION TO WEB SERVICES CS 795. What is a Web Service ? Web service is a means by which computers talk to each other over the web using HTTP and.

INTRODUCTION TO WEB SERVICES CS 795. What is a Web Service ? Web service is a means by which computers talk to each other over the web using HTTP and.
Web Services Michael Smith Alex Feldman. What is a Web Service? A Web service is a message-oriented software system designed to support inter-operable.

Web Services Michael Smith Alex Feldman. What is a Web Service? A Web service is a message-oriented software system designed to support inter-operable.
Source: George Colouris, Jean Dollimore, Tim Kinderberg & Gordon Blair (2012). Distributed Systems: Concepts & Design (5 th Ed.). Essex: Addison-Wesley.

Source: George Colouris, Jean Dollimore, Tim Kinderberg & Gordon Blair (2012). Distributed Systems: Concepts & Design (5 th Ed.). Essex: Addison-Wesley.
1 what is soap don box sun/netscape bof january 25, 2000.

1 what is soap don box sun/netscape bof january 25, 2000.
Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical.

Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical.
Service Oriented Architecture CPSC 410 Some content based on IBM’s SOA material, especially SW708: For Business Partners: Service-Oriented Architecture.

Service Oriented Architecture CPSC 410 Some content based on IBM’s SOA material, especially SW708: For Business Partners: Service-Oriented Architecture.

Similar presentations

Ads by Google