Journal of Information Processing Systems

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

A Delegation Model based on Agent in Distributed Systems

  • Kim, Kyu-Il (Department of Computer Engineering, SungKyunKwan University) ;
  • Lee, Joo-Chang (Department of Computer Engineering, SungKyunKwan University) ;
  • Choi, Won-Gil (Department of Computer Engineering, SungKyunKwan University) ;
  • Lee, Eun-Ju (Department of Computer Engineering, SungKyunKwan University) ;
  • Kim, Ung-Mo (Department of Computer Engineering, SungKyunKwan University)
  • Published : 2007.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Web services are the new building block of today's Internet, and provides interoperability among heterogeneous distributed systems. Recently in web services environment, security has become one of the most critical issues. The hackers attack one of fragile point and can misuse legitimate user privilege because all of the connected devices provide services for the user control and monitoring in real time. Also, the users of web services must temporarily delegate some or all of their rights to agents in order to perform actions on their behalf. This fact risks the exposure of user privacy information. In this paper, we propose secure delegation model based on SAML that provides confidentiality and integrity about the user information in distributed systems. In order to support privacy protection, service confidentiality, and assertion integrity, encryption and a digital signature mechanism is deployed. We build web service management server based on XACML, in order to manage services and policies of web service providers.

Keywords

References

  1. OASIS "eXtensible Access Control Markup Language (XACML)V2.0", OASIS Standard, 1 February 2005
  2. B.Clifford Neuman and Theodore Ts'o, Kerberos, An Authentication Service for Computer Networks, IEEE Communications, September 1994 pp33-38
  3. OASIS "Profile for the OASIS Security Assertion Language (SAML)V2.0" OASIS Standard, 15 March 2005
  4. Jung Wang, David Del Vecchio, Marty Humphery, Extending the Security Assertion Markup Language to Support Delegation for Web Services and Grid Services, In Proceedings of the IEEE International Conference on Web Services, 2005 https://doi.org/10.1109/ICWS.2005.59
  5. G.Navarro, B.S.Firozabadi, E.Rissanen and J.Borrell, Constrained delegation in XML-based Access Control and Digital Rights Management Standards, Communication, Network, and Information Security 2003
  6. C.A Ardagan, E.Damiani, S.De Capitani di Vimercati, P.Samarati, XML-based Access Control Language, 2004
  7. R. Yavatkar, D. Pendarakis, and R. Guerin, A Framework for Policy-based Admission Control, IETF Informational Standard, RFC 2753, January 2000
  8. B.Pfitzmann, B.Waidner, Token-based web Single Sign-On with Enabled Clients, IBM Research Report RZ 3458(93844), Nobember 2002
  9. V. Welch, I. Foster, C. Kesselman, O. Mulmo, L. Pearlman, S. Tuecke, J. Gawor, S. Meder and F. Siebenlist, X.509 Proxy Certificates for Dynamic Delegation, 2004
  10. Y. J Hu, Some thoughts on agent trust and delegation, In Proceeding of the fifth International Conference on Autonomous Agents, 2001 https://doi.org/10.1145/375735.376424
  11. R.Sandhu, E. Coyne, H. Feinstein, and C.Youman, Role-Based Access Control Models, IEEE Computer, February 1996
  12. XML Encryption Syntax and Proceeding http://www.w3.org/TR/2002/REC-xmlenc-core-20021210
  13. XML Signature, http://www.w3.org/TR/xmldsig-core
  14. G. Navarro, J. A. Ortega-Ruiz, J. Ametller, S. Robles, Distributed Authorization Framework form Mobile Agents, LNCS Mobility Aware Technologies and Applications, 2005 https://doi.org/10.1007/11569510_13