A delegation framework for federated identity management
Proceedings of the 2005 workshop on Digital identity management
Next steps for security assertion markup language (saml)
Proceedings of the 2007 ACM workshop on Secure web services
Commitment issues in delegation process
AISC '08 Proceedings of the sixth Australasian conference on Information security - Volume 81
Authorization through trust chains in ad hoc grids
Proceedings of the 2009 Euro American Conference on Telematics and Information Systems: New Opportunities to increase Digital Citizenship
A Secure Delegation Model Based on Multi-agent in Pervasive Environments
KES-AMSTA '09 Proceedings of the Third KES International Symposium on Agent and Multi-Agent Systems: Technologies and Applications
A classification of delegation schemes for attribute authority
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Collaboration for human-centric eGovernment workflows
WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
Key aspects of the UNICORE 6 security model
Future Generation Computer Systems
Delegation in a distributed healthcare context: a survey of current approaches
ISC'06 Proceedings of the 9th international conference on Information Security
A framework for modeling restricted delegation in service oriented architecture
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Hi-index | 0.00 |
Users of Web and Grid Services often must temporarily delegate someor all of their rights to a software entity to perform actions on their behalf.The problem with the typical Grid Services approach (X.509 proxycertificates) is that commercial Web Services tooling fails to recognize these certificates or process them properly. The Security Assertion MarkupLanguage (SAML) is a standardized XML-based framework for exchangingauthentication, authorization and attribute information. SAML has broadening commercial support but lacks delegation capabilities.To address this shortcoming, we exploit SAML's inherent extensibilityto create a delegation framework for Web and Grid Services that supportsboth direct and indirect delegation. We develop a set of verification rulesfor delegation tokens that rely on WSSecurity X.509 signatures, but donot force any trust relationship between the delegatee and the targetservice. We have implemented the framework on two common Web Service hosting environments: Java/Tomcat and .NET. By leveragingexisting Web Services standards, we make it easier for Grid practitionersto build and consume Web and Grid Services without resorting to Grid-specific protocols.