PARA'04 State-of-the-Art
in Scientific Computing
June 20-23, 2004 (Home page)
Updated: 15 February 2004

Design of policy-based security mechanisms in a distributed Web Services Architecture

Valentinar Casola, Antonino Mazzeo, Nicola Mazzocca, and Salvatore Venticinque
Seconda Universit di Napoli
Italy
email: valentina.casola@unina2.it

In the recent years we are assisting to a wide number of integration and cooperation of legacy and/or new systems. The emerging technology to primary face interoperability problems, is based on web services solutions, it is in fact based on open standards and common data formats which allow a deep cooperation among Entities and applications and guarantee strong resource sharing. In such context security plays a primary role to authenticate all subjects involved in any transaction and to guarantee correct authorizations to access data and functionalities offered by distributed services. We are particularly interested in security and its management, as this imply the choice of opportune security mechanism during the phases of design and implementation in all levels of an infrastructure. Furthermore they allow the management of personalized services based on the profile of the requestor, in this way, in fact the infrastructure could offer different quality of services based on resource technical limitation and/or on user security profile. In this paper we illustrate a policy-based approach to manage security and personalization, in particular we have designed a distributed infrastructure based on web services in which policy enforcer mechanisms are managed both in a centralized way by the UDDI register (the UDDI uses a policy to first authenticate an user and then to implement a personalized research of the available services) and in a distributed way, i.e. each service implements security mechanisms to authenticate and authorize users. A case study is finally illustrated showing an interesting application of our approach.

Home page