Abstract
The problem of providing unified web security management in an environment with multiple autonomous security domains is considered. Security vendors provide separate security management solutions for cross-domain browser based and web service based interactions. This is partly due to the fact that different web standards dominate in each space. E.g. Security Assertion Markup Language (SAML) which is an important standard in cross domain single sign on (SSO) specializes in browser based access while WS-* standards focus on security needs of web services. However, cross domain web services are often invoked in context of a secure browser session. Considering these interactions in isolation will lead to a fractured security solution. This paper proposes a solution that provides seamless transfer of security context across various types of cross-domain web interactions.
Chapter PDF
Similar content being viewed by others
References
Cantor, S., et al.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0, http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
Hughes, J., et al.: Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0, http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf
Nadalin, A., et al.: Web Services Security: SOAP Message Security 1.0, WS-Security 2004 (2004), http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf
Anderson, S., et al.: Web Services Trust Language (WS-Trust) (February 2005), http://download.boulder.ibm.com/ibmdl/pub/software/dw/specs/ws-trust/ws-trust.pdf
Anderson, S., et al.: Web Services Secure Conversation Language (WS-SecureConversation) (February 2005), http://download.boulder.ibm.com/ibmdl/pub/software/dw/specs/ws-secon/ws-secureconversation.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kumar, A. (2008). Integrated Security Context Management of Web Components and Services in Federated Identity Environments. In: Bouguettaya, A., Krueger, I., Margaria, T. (eds) Service-Oriented Computing – ICSOC 2008. ICSOC 2008. Lecture Notes in Computer Science, vol 5364. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89652-4_47
Download citation
DOI: https://doi.org/10.1007/978-3-540-89652-4_47
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89647-0
Online ISBN: 978-3-540-89652-4
eBook Packages: Computer ScienceComputer Science (R0)