Transferência de autenticação e autorização através de Serviços Web
Resumo
Neste trabalho é apresentado um modelo que visa permitir a transferência de autenticação e autorização entre diferentes domínios administrativos e de segurança. O modelo faz uso das especificações de segurança propostas para a arquitetura dos Serviços Web e está fundamentado no conceito das teias de federações que permite soluções de gerenciamento de direitos escaláveis e flexíveis. No trabalho é apresentado um exemplo, que ilustra a integração de diferentes tecnologias de segurança, no caso, o SPKI/SDSI e o X.509.
Referências
Ancajima, G. M. C., de Mello, E. R., and da Silva Fraga, J. (2004). Integração da arquitetura de segurança dos serviços web com modelos de confiança igualitária. In Anais SSI 2004, São José dos Campos, SP Brazil. ITA, SSI.
Bartel, M., Boyer, J., and Fox, B. (2002). XML-Signature Syntax and Processing. W3C. http://www.w3.org/TR/xmldsig-core.
Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A. (1999). The keynote trust-management system version 2. Internet Engineering Task Force RFC 2704.
Christensen, E., Curbera, F., Meredith, G., and Weerawarana, S. (2001). Web Services Description Language 1.1. W3C Working Group.
Ellison, C. M., Frantz, B., Lampson, B., Rivest, R., Thomas, B. M., and Ylonen, T. (1999). SPKI Certificate Theory. Internet Engineering Task Force RFC 2693.
Foley, S. N., Quilinan, T. B., O'Connor, M., Mulcahy, B. P., and Morrison, J. P. (2004). A framework for heterogeneous middleware security. In 18th International Parallel and Distributed Processing Symposium (IPDPS'04).
Ford, W. and Hallam-Baker, P. (2001). XML Key Management Specification (XKMS). W3C. http://www.w3.org/TR/xkms.
Foster, I. and Kesselman, C. (1999). The grid: blueprint for a new computing infrastructure, chapter A Toolkit-Based Grid Architecture, pages 259 - 278. Morgan Kaufmann Publishers Inc.
Freier, A. O., Karlton, P., and Kocher, P. C. (1996). The SSL protocol v.3. Internet Draft.
Gnutella (2001). The Gnutella Protocol Specification v0.4. Clip2. Doc. rev. 1.2.
Imamura, T., Dillaway, B., and Simon, E. (2002). XML Encryption Syntax and Processing. W3C. http://www.w3.org/TR/xmlenc-core.
ITU-T (1993). ITU-T recommendation x.509.
Kohl, J. and Neuman, C. (1993). The Kerberos Network Authentication Service (v5). Internet Engineering Task Force RFC 1510.
Liberty (2003). Liberty Architecture Overview v1.1. Liberty Alliance.
OASIS (2002). Security Assertion Markup Language (SAML). OASIS. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security.
OASIS (2004a). Universal Description, Discovery and Integration v3.0.2 (UDDI). Organization for the Advancement of Structured Information Standards (OASIS).
OASIS (2004b). Web Services Security: SOAP Message Security 1.0. OASIS. [link].
OASIS (2005). eXtensible Access Control Markup Language (XACML) version 2.0. Organization for the Advancement of Structured Information Standards (OASIS). [link].
OMG (2002). Object Management Group The Common Object Request Broker Architecture v3.0.2. OMG Document 02-12-06.
Santin, A., Fraga, J., Mello, E., and Siqueira, F. (2003). Teias de Federações como extensões ao modelo de autenticação e autorização SDSI/SPKI. In Anais XXI Simpósio Brasileiro de Redes de Computadores, pages 553 - 568, Natal, RN Brazil. SBRC.
Skogsrud, H., Benatallah, B., and Casati, F. (2003). Modelo-driven trust negotiation for web services. In IEEE Internet Computing, pages 45- 52. IEE Computer Society.
VeriSign (2002). VeriSign Digital Trust Services: Enabling Trusted Web Services. VeriSign.
W3C (2004). Web Services Architecture. W3C Working Group.
Winslett, M., Yu, T., Seamons, K. E., Hess, A., Jacobson, J., Jarvis, R., Smith, B., and Yu, L. (2002). Negotiating trust on the web. In IEEE Internet Computing, pages 30-37.
Wlech, C., Siebenlist, F., Foster, I., Bresnahan, J., Czajkowski, K., Gawor, J., Kesselman, C., Meder, S., Pearlman, L., and Tuecke, S. (2003). Security for grid services. In 12th IEEE Int. Symp. on High Performance Distributed Computing.
WS-Federation (2003). Web Services Federation Language. http://msdn.microsoft.com/ws/2003/07/ws-federation.
WS-Policy (2004). Web Services Policy Framework. http://msdn.microsoft.com/ws/2004/09/policy/.
WS-PolicyAssertions (2003). Web Services Policy Assertion Language. http://msdn.microsoft.com/ws/2002/12/PolicyAssertions.
WS-PolicyAttachment (2004). Web Services Policy Attachment. http://msdn.microsoft.com/ws/2004/09/policyattachment.
WS-SecurityPolicy (2005). Web Services Security Policy Language.
WS-Trust (2005). Web Services Trust Language (WS-Trust).
Yavatkar, R., Pendarakis, D., and Guerin, R. (2000). A Framework for Policy-based Admission Control. IETF RFC 2753.
Bartel, M., Boyer, J., and Fox, B. (2002). XML-Signature Syntax and Processing. W3C. http://www.w3.org/TR/xmldsig-core.
Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A. (1999). The keynote trust-management system version 2. Internet Engineering Task Force RFC 2704.
Christensen, E., Curbera, F., Meredith, G., and Weerawarana, S. (2001). Web Services Description Language 1.1. W3C Working Group.
Ellison, C. M., Frantz, B., Lampson, B., Rivest, R., Thomas, B. M., and Ylonen, T. (1999). SPKI Certificate Theory. Internet Engineering Task Force RFC 2693.
Foley, S. N., Quilinan, T. B., O'Connor, M., Mulcahy, B. P., and Morrison, J. P. (2004). A framework for heterogeneous middleware security. In 18th International Parallel and Distributed Processing Symposium (IPDPS'04).
Ford, W. and Hallam-Baker, P. (2001). XML Key Management Specification (XKMS). W3C. http://www.w3.org/TR/xkms.
Foster, I. and Kesselman, C. (1999). The grid: blueprint for a new computing infrastructure, chapter A Toolkit-Based Grid Architecture, pages 259 - 278. Morgan Kaufmann Publishers Inc.
Freier, A. O., Karlton, P., and Kocher, P. C. (1996). The SSL protocol v.3. Internet Draft.
Gnutella (2001). The Gnutella Protocol Specification v0.4. Clip2. Doc. rev. 1.2.
Imamura, T., Dillaway, B., and Simon, E. (2002). XML Encryption Syntax and Processing. W3C. http://www.w3.org/TR/xmlenc-core.
ITU-T (1993). ITU-T recommendation x.509.
Kohl, J. and Neuman, C. (1993). The Kerberos Network Authentication Service (v5). Internet Engineering Task Force RFC 1510.
Liberty (2003). Liberty Architecture Overview v1.1. Liberty Alliance.
OASIS (2002). Security Assertion Markup Language (SAML). OASIS. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security.
OASIS (2004a). Universal Description, Discovery and Integration v3.0.2 (UDDI). Organization for the Advancement of Structured Information Standards (OASIS).
OASIS (2004b). Web Services Security: SOAP Message Security 1.0. OASIS. [link].
OASIS (2005). eXtensible Access Control Markup Language (XACML) version 2.0. Organization for the Advancement of Structured Information Standards (OASIS). [link].
OMG (2002). Object Management Group The Common Object Request Broker Architecture v3.0.2. OMG Document 02-12-06.
Santin, A., Fraga, J., Mello, E., and Siqueira, F. (2003). Teias de Federações como extensões ao modelo de autenticação e autorização SDSI/SPKI. In Anais XXI Simpósio Brasileiro de Redes de Computadores, pages 553 - 568, Natal, RN Brazil. SBRC.
Skogsrud, H., Benatallah, B., and Casati, F. (2003). Modelo-driven trust negotiation for web services. In IEEE Internet Computing, pages 45- 52. IEE Computer Society.
VeriSign (2002). VeriSign Digital Trust Services: Enabling Trusted Web Services. VeriSign.
W3C (2004). Web Services Architecture. W3C Working Group.
Winslett, M., Yu, T., Seamons, K. E., Hess, A., Jacobson, J., Jarvis, R., Smith, B., and Yu, L. (2002). Negotiating trust on the web. In IEEE Internet Computing, pages 30-37.
Wlech, C., Siebenlist, F., Foster, I., Bresnahan, J., Czajkowski, K., Gawor, J., Kesselman, C., Meder, S., Pearlman, L., and Tuecke, S. (2003). Security for grid services. In 12th IEEE Int. Symp. on High Performance Distributed Computing.
WS-Federation (2003). Web Services Federation Language. http://msdn.microsoft.com/ws/2003/07/ws-federation.
WS-Policy (2004). Web Services Policy Framework. http://msdn.microsoft.com/ws/2004/09/policy/.
WS-PolicyAssertions (2003). Web Services Policy Assertion Language. http://msdn.microsoft.com/ws/2002/12/PolicyAssertions.
WS-PolicyAttachment (2004). Web Services Policy Attachment. http://msdn.microsoft.com/ws/2004/09/policyattachment.
WS-SecurityPolicy (2005). Web Services Security Policy Language.
WS-Trust (2005). Web Services Trust Language (WS-Trust).
Yavatkar, R., Pendarakis, D., and Guerin, R. (2000). A Framework for Policy-based Admission Control. IETF RFC 2753.
Publicado
26/09/2005
Como Citar
MELLO, Emerson Ribeiro de; FRAGA, Joni da Silva; CAMARGO, Edson Tavares de.
Transferência de autenticação e autorização através de Serviços Web. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 5. , 2005, Florianópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2005
.
p. 54-67.
DOI: https://doi.org/10.5753/sbseg.2005.21523.
