Enterprise Delegation for Service Based Systems
Coimbatore Chandersekaran1, William R. Simpson2
1 The Secretary of the Air Force (SAF/A6) 1500 Wilson Blvd., Rosslyn, VA 22209, US
2 The Institute for Defense Analyses, 4850 Mark Center Drive, Alexandria, VA 22311, USA
Abstract.
Sharing information and maintaining privacy and security is a requirement in distributed environments. Mitigating threats in a distributed environment requires constant vigilance and defense-indepth. Most systems lack a secure model that guarantees an end-to-end security. We devise a model that mitigates a number of threats to the distributed computing pervasive in enterprises. This authentication process is part of a larger information assurance systemic approach that requires that all active entities (users, machines and services) be named, and credentialed. Authentication is bi-lateral using PKI credentialing, and authorization is based upon Security Assertion Markup Language (SAML) attribution statements. Communication across domains is handled as a federation activity using WS-* protocols. We present the architectural model, elements of which are currently being tested in an operational environment. Elements of this architecture include real time computing, edge based distributed mashups, and dependable, reliable computing. The architecture is also applicable to a private cloud.
Keywords:
Credentialing, Authentication, Authorization, Delegation, Attribution, Least Privilege, Public Key Infrastructure, Security Assertion Markup Language (SAML)
Original Source Link : http://airccse.org/journal/nsa/0511ijnsa10.pdf
No comments:
Post a Comment