A Signing Proxy for Web Services Security.

Users are being provided an enriched experience while carrying out business on the Web at reduced overhead and improved customer service. ... The idea of maintaining a single profile and gaining access to multiple services has been accepted well by the customers. ... The Service Provider does not find the required cookie in the User's Web-client and hence redirects the User to the Proxy to Sign-in to the Passport. ...

doi:10.1007/11535706_23 fatcat:yri4kevuq5dbpnxcode6xawrge

SORAPES is a serviceoriented reference architecture designed for enterprise elearning systems. This architecture is designed by re-using web services and learning objects for distributed environment. ... This traffic will be minimized by centrally managing caching scheme and secured web service requests. ... The effective way to protect the security of core systems is to avoid letting anyone reach the service hosting platform. This can be done by deploying a proxy for the web services within SOA. ...

doi:10.5120/4644-6901 fatcat:mqchi3kzujcnzjncvi7be6i4r4

But making these technologies suitable for the financial market's special needs is a major challenge. ... For example, building private networks for every application might ensure security, but it defeats the purpose of contemporary financial services, which is to give customers access to financial information ... Acknowledgments We thank Xianjun Geng, Upkar Varshney, and Yongguang Zhang for their helpful discussions of these topics. ...

doi:10.1109/mitp.2003.1216228 fatcat:xad7llilsnhqnjibcthnmlsvli

The protocol defines a REST service that works alongside other IVO services to enable such a delegation in a secure manner. ... The credential delegation protocol allows a client program to delegate a user's credentials to a service such that that service may make requests of other services in the name of that user. ... The protocol described below is derived from the delegation service in Globus Toolkit 4. ...

arXiv:1110.0509v1 fatcat:y6n2qdgbc5aopdgingqcbsp3la

Grid computing has attracted many researchers over a few years, and as a result many new protocols have emerged and also evolved since its inception a decade ago. ... Grid protocols play major role in implementing services that facilitate coordinated resource sharing across diverse organizations. ... A Single Sign-On mechanism solves this problem by creating a temporary proxy credential for user and using this proxy credential rather than long term credential for repeated authentication. ...

arXiv:1302.5481v1 fatcat:e6jao5446fer7faovr65tkmdeq

In particular, the proxy renewal service becomes unnecessary at all. ... Our approach allows to avoid using the proxy certificates. This makes the security infrastructure of distributed computing systems simpler for development, support and use. ... A user signs a request to the WLCG by a self signed secondary certificated, namely by the proxy certificate. ...

doi:10.1016/j.procs.2015.11.059 fatcat:wpptb5dqhfeyxa3olotjx7x4ru

Open Access

Approved client-server authentication mechanisms are described for the IVOA single-sign-on profile: digital signatures (for SOAP services); TLS with passwords (for user sign-on points); TLS with client ... certificates (for everything else). ... The prior art for the use of proxy certificates comes from the Globus Alliance. ...

arXiv:1110.0506v1 fatcat:v6ffpsarcra4jkfald4siotheq

The Security Assertion Markup Language (SAML) standard supports the expression of security assertions such as authentication, role membership, or permissions. ... SAML-Based Web Single-Sign-On This section briefly describes the Security Assertion Markup Language (SAML), an XML-based framework for representing and exchanging security information, and how it is used ... The three main entities involved in the Web single sign-on are: • A user running a Web browser • An asserting party (often termed an identity provider) • A relying party (generally, a Web site) Typically ...

doi:10.1109/mnet.2006.1705878 fatcat:ju4h2kwh75cfzk3te2wedd5nu4

The main use case envisioned for GridCertLib, is to provide seamless and secure access to Grid/X.509 certificates and proxies in web applications and portals: when a user logs in to the portal using Shibboleth ... authentication, GridCertLib can automatically obtain a Grid/X.509 certificate from the SLCS service and generate a VOMS proxy from it. ... like to thank all our collaborators in the Swiss Grid Portal project-Cesare Pautasso, Frédérique Lisacek, Heinz Stockinger-and also all the help we received from the Hungarian Academy of Sciences SZTAKI for ...

doi:10.1007/s10723-011-9195-y fatcat:w6sqrbjksjdnrmk6556rj24au4

Multiple Versions

It allows to reduce the time spent for the job submission, granting at the same time a higher efficiency and a better security level in proxy delegation and management. ... L-GRID is a light portal to access the EGEE/EGI Grid infrastructure via Web, allowing users to submit their jobs from a common Web browser in a few minutes, without any knowledge about the Grid infrastructure ... With the new public key, a Certificate Signing Request (CSR) is created -the service uses user DN to fill in appropriate values for the fields in CSR -and sent back over the secured channel to the initiator ...

doi:10.1088/1742-6596/331/7/072043 fatcat:csnx5ntf4fg2rfoqlqbabjr5u4

Multiple Versions

It was intended to serve primarily static content from a Network-attached Storage, and privileging strict security, using separate web servers for internal (ATLAS Technical and Control Network - ATCN) ... The base of the current web service architecture was designed a few years ago, at the beginning of the ATLAS operation (Run 1). ... connected to GPN and one to ATCN  Virtual IPs configured for both to be used by keepalived  A second server will be added for redundancy Introduction -Web Services The base of the current web service ...

doi:10.5281/zenodo.3598933 fatcat:eryb2acagrh3hcqnfjj2dhitg4

Open Access

In this paper we present SINE, a cache-friendly protocol for integrity-enforced web documents. ... We developed a prototype implementation of SINE with minimal changes to the standard web client/server architecture and conducted experiments using the standard Squid web proxy. ... This time, AT hash is cached along with the web document on the proxy server, but the web server will store and secure the AT sign for every web document it serves. Integrity Verification. ...

doi:10.1109/npsec.2009.5342250 fatcat:xmq55sai7nha7cfsrb4edyyji4

Index Terms-single sign-on, web service, cross domain, reverse proxy, B/S, C/S ... On the basis of analyzing the advantages and disadvantages of existing single sign-on models, combined with the key technology like Web Service, Applet and reverse proxy, two core problems such as single ... Compare with the traditional sign-on model, this text presents a new solution which is single sign-on of hybrid framework of being based on Web Service. ...

doi:10.4304/jnw.7.1.165-172 fatcat:c4p2n5nrdrblhbr4ht5sqf7pdm

Szczepanski

With CredEx, a user can achieve single sign-on by acquiring a single (default) credential then dynamically exchanging that credential as needed for services that authenticate a different way. ... In particular, independentlymanaged Web and Grid Services vary with regard to the type of security token (credential) used to prove user identity (username/password, X.509 signing, Kerberos, etc.). ... Passport aims to be a single sign-on solution for the Web: users need only one set of credentials (id, key, etc.), centrally stored and password-accessible authentication to any Passportenabled service ...

doi:10.1109/icws.2005.43 dblp:conf/icws/VecchioHBN05 fatcat:y2nz2g4mo5fcfa4rbec7ihnnyi

The underlying idea is to implement a Web Server inside a SIM, and to allow for transparent access to it from the Internet. ... The contribution of our approach is that a SIM, which is currently a security module (smart card) fitted in a GSM mobile phone, becomes also a personal security server in the Internet. ... Secure, reliable authentication, which is a basic prerequisite for billing customers for services on a large scale, still has no globally accepted solution. ...

doi:10.1007/978-0-387-35528-3_12 fatcat:ozo6haidmvg6pat6daz6l3dgyi

Trusted Identity and Session Management Using Secure Cookies [chapter]

Preserved Fulltext

Reference Architecture for Personalized E-learning Systems using Proxy and Caching (RAPESPAC)

Preserved Fulltext

Securing a new era of financial services

Preserved Fulltext

IVOA Recommendation: IVOA Credential Delegation Protocol Version 1.0 [article]

Preserved Fulltext

Classification and Characterization of Core Grid Protocols for Global Grid Computing [article]

Preserved Fulltext

Special Aspects of the Development of the Security Infrastructure for Distributed Computing Systems

Preserved Fulltext

IVOA Recommendation: IVOA Single-Sign-On Profile: Authentication Mechanisms Version 1.01 [article]

Preserved Fulltext

Using SAML to protect the session initiation protocol (SIP)

Preserved Fulltext

GridCertLib: A Single Sign-on Solution for Grid Web Applications and Portals

Preserved Fulltext

Other Versions

The Anatomy of a Grid portal

Preserved Fulltext

Designing a new infrastructure for ATLAS Online Web Services

Preserved Fulltext

SINE: Cache-friendly integrity for the web

Preserved Fulltext

The Design and Implementation of Single Sign-on Based on Hybrid Architecture

Preserved Fulltext

CredEx: user-centric credential management for grid and Web services

Preserved Fulltext

How to Turn a GSM SIM into a Web Server [chapter]

Preserved Fulltext