An XML-Based security architecture for integrating single sign-on and rule-based access control in mobile and ubiquitous web environments

Quantified Score

Visualization

Abstract

Since mobile and Web applications are integrated, the number of services, a typical mobile user can now access, has greatly increased With a variety of services, a user will be frequently asked to provide his security information to a system This iterative request is one critical problem which can cause frequent transmission of user's security information Another serious problem is how an administrator controls access request of internal users who were authenticated In order to establish effective security scheme for integrated environments, Single Sign-On and access control also need to be integrated In this paper, we propose an XML-based architecture integrating authentication and access control policy in integrated environment to be extended to ubiquitous environment To provide flexibility, extensibility, and interoperability between environments to be integrated, we have implemented an architecture based on SAML and XACML, which are standardized specifications By specifying security policies in XML schema and exchanging security information according to that schema, the proposed architecture offers the opportunities to build standardized schemes for authentication and authorization Additionally, the proposed architecture makes it possible to establish a fine-grained access control scheme by specifying the XML element unit as a target to be protected.