Abstract
The utilization of Service-Oriented Architecture (SOA) offers certain benefits, such as low coupling and interoperability. Considering its benefits, SOA is being used for integration of systems and applications within organizations. In order to evaluate and to provide evolution of legacy systems, SOA is an option for the modernization of the legacy systems. Regarding authorization with SOA, the OAuth 2.0 protocol was implemented as part of the solution of the Enterprise Service Bus (ESB) that is be used as important step for modernization of legacy systems. This research presents a case of study of a systematic mapping regarding the authentication and authorization mechanisms in SOA applied to legacy systems maintained and that are in use by students and professionals at University of Brasília (UnB). Performance tests were carried out in the solution allowing to check the increase in the latency introduced by the Protocol and the average flow supported. Simulations were carried out with the objective to verify the behavior of the Protocol implemented when exposed to a replay attack.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Agilar, E., Almeida, R., Canedo, E.: A systematic mapping study on legacy system modernization. In: The 28th International Conference on Software Engineering and Knowledge Engineering, San Francisco Bay, California, USA - SEKE, pp. 345–350 (2016)
Armstrong, J.: Programming Erlang: Software for a Concurrent World. Pragmatic Bookshelf, Armstrong (2007)
Bansal, C., Bhargavan, K., Maffeis, S.: Discovering concrete attacks on website authorization by formal analysis. In: 2012 IEEE 25th Computer Security Foundations Symposium, pp. 247–262, June 2012
Basili, V., Trendowicz, A., Kowalczyk, M., Heidrich, J., Seaman, C., Münch, J., Rombach, D.: Phase 2: define goals, strategies, and measurement. Aligning Organizations Through Measurement. TFISSSE, pp. 29–67. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-05047-8_5
Bhatia, R., Ganpati, A.: In depth analysis of web performance testing tools. IRACST Eng. Sci. Technol. Int. J. (ESTIJ) 6(5), 15–19 (2016). ISSN 2250–3498. In Depth
Chae, C.-J., Kim, K.-B., Cho, H.-J.: A study on secure user authentication and authorization in OAuth protocol. Cluster Comput. 20, 1–9 (2017)
da Conceição, R.A.: Um Protocolo de Autenticação e Autorização Seguro para Arquiteturas Orientadas a Serviços. Ph.D. thesis, Universidade de Brasília (2014)
de Sousa Ribeiro, A., Canedo, E.D.: Solutions analysis of authentication and authorization for service oriented architectures. In: 2016 11th Iberian Conference on Information Systems and Technologies (CISTI), June Gran Canaria, Spain, pp. 1–6 (2016)
Hammer-Lahav, E.: Introducing OAuth 2.0. Hueniverse, May 2010
Hammer-Lahav, E.: The OAuth 1.0 protocol. Internet engineering task force (IETF). Request for comments: 5849, April 2010
Hardt,D.: The OAuth 2.0 authorization framework (2012)
Honko, H., Andalibi, V., Aaltonen, T., Parak, J., Saaranen, M., Viik, J., Korhonen, I.: W2E–wellness warehouse engine for semantic interoperability of consumer health data. IEEE J. Biomed. Health Inf. 20(6), 1632–1639 (2016)
Jha, N., Popli, R.: Comparative analysis of web applications using JMeter. Int. J. 8(3), 774–777 (2017)
Juric, M.B.: SOA Approach to Integration: XML, Web Services, ESB, and BPEL in Real-world SOA Projects. Packt Publishing Ltd., Birmingham (2007)
Kao, C.H., Lin, C.C., Lu, H.T.: Toward automatic performance testing for rest-based web applications. In: The Eleventh International Conference on Software Engineering Advances - ICSEA 2016 - Rome, Italy, pp. 81–87 (2016)
Kaur, G., Aggarwal, D.: A survey paper on social sign-on protocol OAuth 2.0. J. Eng. Comput. Appl. Sci. 2(6), 93–96 (2013)
Kotzé, R., Ricci, S., Birkhofer, B., Wiklund, J.: Performance tests of a new non-invasive sensor unit and ultrasound electronics. Flow Measur. Instrum. 48, 104–111 (2016). https://doi.org/10.1016/j.flowmeasinst.2015.08.013
Laurent, S.S.: Introducing Erlang: Getting Started in Functional Programming. O’Reilly Media, Inc., Newton (2017)
Memeti, A., Selimi, B., Besimi, A., Çiço, B.: A framework for flexible rest services: decoupling authorization for reduced service dependency. In: 2015 4th Mediterranean Conference on Embedded Computing (MECO), pp. 51–55, June 2015
Munro, M.C.: Text functions (JSON). In: Munro, M.C. (ed.) Learn FileMaker Pro 16, pp. 313–320. Apress, Berkeley (2017). https://doi.org/10.1007/978-1-4842-2863-0_14
Nguyen, H.V., Tolsdorf, J., Lo Iacono, L.: On the security expressiveness of REST-based API definition languages. In: Lopez, J., Fischer-Hübner, S., Lambrinoudakis, C. (eds.) TrustBus 2017. LNCS, vol. 10442, pp. 215–231. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64483-7_14
Shang, C., Yang, Z., Liu, Q., Zhao, C.: SAML based unified access control model for inter-platform educational resources. In: 2008 International Conference on Computer Science and Software Engineering, vol. 5, pp. 909–912, December 2008
Shernan, E., Carter, H., Tian, D., Traynor, P., Butler, K.: More guidelines than rules: CSRF vulnerabilities from noncompliant OAuth 2.0 implementations. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 239–260. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_13
Tassanaviboon, A., Gong, G.: OAuth and abe based authorization in semi-trusted cloud computing: Aauth. In: Proceedings of the Second International Workshop on Data Intensive Computing in the Clouds, DataCloud-SC 2011, pp. 41–50. ACM, New York (2011)
Wen, J., Zhang, M., Li, X.: The study on the application of ban logic in formal analysis of authentication protocols. In: Proceedings of the 7th International Conference on Electronic Commerce, pp. 744–747. ACM (2005)
Williams, J.L., Cramer, D.: System and method for validating documentation of representational state transfer (rest) services. US Patent 9,621,440, 11 April 2017
Xu, J., Zhang, D., Liu, L., Li, X.: Dynamic authentication for cross-realm SOA-based business processes. IEEE Trans. Serv. Comput. 5(1), 20–32 (2012)
Yahya, F., Walters, R.J., Wills, G.B.: Using goal-question-metric (GQM) approach to assess security in cloud storage. In: Chang, V., Ramachandran, M., Walters, R.J., Wills, G. (eds.) Enterprise Security. LNCS, vol. 10131, pp. 223–240. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-54380-2_10
Yang, F., Manoharan, S.: A security analysis of the oauth protocol. In: 2013 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM), pp. 271–276, August 2013
Yuan, Y., Li, B., Kreger, H.: SOA reference architecture: standards and analysis. In: Qiu, M. (ed.) SmartCom 2016. LNCS, vol. 10135, pp. 469–476. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-52015-5_48
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
de Sousa Ribeiro, A., Canedo, E.D., de Andrade Freitas, S.A. (2018). An Implementation of the OAuth 2.0 for an Enterprise Service Bus. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2018. ICCSA 2018. Lecture Notes in Computer Science(), vol 10960. Springer, Cham. https://doi.org/10.1007/978-3-319-95162-1_32
Download citation
DOI: https://doi.org/10.1007/978-3-319-95162-1_32
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-95161-4
Online ISBN: 978-3-319-95162-1
eBook Packages: Computer ScienceComputer Science (R0)