Abstract
Since mobile and Web applications are integrated, the number of services, a typical mobile user can now access, has greatly increased. With a variety of services, a user will be frequently asked to provide his security information to a system. This iterative request is one critical problem which can cause frequent transmission of user’s security information. Another serious problem is how an administrator controls access request of internal users who were authenticated. In order to establish effective security scheme for integrated environments, Single Sign-On and access control also need to be integrated. In this paper, we propose an XML-based architecture integrating authentication and access control policy in integrated environment to be extended to ubiquitous environment. To provide flexibility, extensibility, and interoperability between environments to be integrated, we have implemented an architecture based on SAML and XACML, which are standardized specifications. By specifying security policies in XML schema and exchanging security information according to that schema, the proposed architecture offers the opportunities to build standardized schemes for authentication and authorization. Additionally, the proposed architecture makes it possible to establish a fine-grained access control scheme by specifying the XML element unit as a target to be protected.
An erratum to this chapter can be found at http://dx.doi.org/10.1007/11915072_109.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
OWASP (Open Web Application Security Project): http://www.owasp.org/document/topten.html
He, Q., Khosla, P., Su, Z.: A Practical Study on Security of Agent-Based Ubiquitous Computing. In: Falcone, R., Barber, S., Korba, L., Singh, M.P. (eds.) AAMAS 2002. LNCS, vol. 2631, pp. 194–208. Springer, Heidelberg (2003)
Parker, T.A.: Single sign-on systems-the technologies and the products. In: European Convention on Security and Detection, May 16-18, pp. 151–155 (1995)
Bindings and Profiles for the OASIS Security Assertion Markup Language (SAML) V1.1: http://www.oasis-open.org/committees/security/
eXtensible Access Control Markup Language (XACML) Version 1.0: http://www.oasis-open.org/committees/xacml/repository/
Pfitzmann, B., Waidner, B.: Token-based web Single Signon with Enabled Clients, IBM Research Report RZ 3458 (#93844) (November 2002)
Barkley, J., Cincotta, A., Ferraiolo, D., Gavrila, S., Kuhn, R.: Role based access for the world wide web. In: National Information Systems Security Conference (October 1997)
Ferraiolo, D., Barkley, J., Kuhn, R.: A Role Based Access Control Model and Reference Implementation within a Corporate Intranet. ACM Transactions on Information Systems Security 1(2) (1999)
Shin, D., Shin, D., Jeong, J., Oh, H.-M.: A Study on XML-based Single Sign-On System Supporting Mobile and Ubiquitous Service Environments. In: Yang, L.T., Guo, M., Gao, G.R., Jha, N.K. (eds.) EUC 2004. LNCS, vol. 3207, pp. 903–913. Springer, Heidelberg (2004)
WAPWhite_Paper1.pdf: http://www.wapforum.org/what/WAPWhite_Paper1.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jeong, J., Shin, D., Shin, D. (2006). An XML-Based Security Architecture for Integrating Single Sign-On and Rule-Based Access Control in Mobile and Ubiquitous Web Environments. In: Meersman, R., Tari, Z., Herrero, P. (eds) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. OTM 2006. Lecture Notes in Computer Science, vol 4278. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11915072_39
Download citation
DOI: https://doi.org/10.1007/11915072_39
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-48273-4
Online ISBN: 978-3-540-48276-5
eBook Packages: Computer ScienceComputer Science (R0)