Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Reference Architecture for Securing Web Services in a Heterogeneous Environment
Master Security Token Service (MSTS) acts as a broker for all security authorization without duplicating the effort

Web Services have played a key role in integrating heterogeneous applications, particularly in cross domains. As part of identity management, Security Token Services are used for request and response tokens. However, we need multiple communication channels among Security Token Services when multiple applications in different domains try to reach other Web Services.

In this article we have proposed a Master Security Token Service (MSTS) that can act as a broker for all security authorization without duplicating the effort at every domain.

In a world of heterogeneous systems where each application is leveraging the services of other applications, a service-oriented analysis and design process has become significant. Web Services are sets of services used for integrating business processes and services, and can be accessed over the Internet or executed on a remote system hosting the Web Service requests using standard protocols. WS-Federation offers the opportunity of fulfilling the SSO behavior across domains. Security information can be shared across the domains of applications through federated identity, which is about identity information across security domains. Heterogeneous applications will have interactions through either Web Service requests or browser requests. While Web Service requests follow the WS-Security and WS-Trust standards, browser requests follow on how the service messages are secured and encoded with Http messages to transport among the resources.

While Web Services use is now predominant in many enterprises across domains using different protocols, the security of the Web Services is debatable, consequently federated identity management implementation for the integrated environment of various applications across domains using Web Services has become a hot topic for the reference architectural framework.

Federated identity management should do authentication, authorization, auditing, reporting, and upstream and downstream session management. Security Token Service (STS) implements the protocol for message formats and message exchange patterns as defined in the WS-Trust specification and WS-Secure Conversation will allow multiple Security Token Service requests. The main challenge is how to federate identity and establish connection in domains when multiple applications are in different domains. We can have independent security authentication using separate Security Token Services for each of the applications and each of the services, which involves sets of repeated activities. To minimize the effort of using multiple Security Token Services, we've identified and proven the architecture, which will have one Security Token Services Server called a Master Security Token Services Server. This will reduce the replication of management credentials and provide robust security since it's a centrally monitored server.

Proposed MSTS Framework
Figure 1 shows a reference architecture for managing the security of Web Services in a heterogeneous enterprise environment. It's common for organizations to have multiple domains and for each domain to have a separate Security Token Service Server. It creates a lot of complexity if these systems have to interact with each other securely. In the context of Service Oriented Architecture, we use WS-Security and WS-Trust specifications to secure these services. These services will also make use of a Security Token Service from each realm/domain. This will also create a lot of complexity since every STS in one realm/domain has to issue tokens to STS in other domains. In the architecture proposed below, MSTS will reduce the complexity by having fewer communication channels.

This architecture recommends creating a Master STS that doesn't belong to any realm/domain in particular. This central STS has to maintain bindings to the other STS from all the realms/domains. Suppose, for example, that a client from domain 3 wants to call a service from domain 2. It can call the Master STS and get a token to make a call on STS 2. Then the client can call STS 2 and get a token to call the service from domain 2. Only the Master STS has to maintain a trust relationship with all the other realms/domains rather than the individual realms/domains. This way managing the STS will be easy since only the Master STS has to be changed if any realms/domains are added or deleted. The same architecture can be extended to external realms/domains. You can treat any external realm/domain as another domain.

Conclusion and Future Work
Implementing an MSTS will reduce STS complexity and simplify the overall architecture of the enterprise applications. It will help manage STS connections. Going forward, we're focused on identity management with WS-Federation and SAML2.0. We're also planning to work on the persistence of token services.

References

About GVB Subrahmanyam
GVB Subrahmanyam an Application Developer, Lead, Project Manager, Development Manager and Delivery Manager in a wide variety of business applications as part of an IT service provider. He focuses on Development, Delivery and Sustenance of IT Applications in Supply Chain/Insurance/Banking/Finance. Albeit most of his projects are Java-based assignments, he is technology agnostic.

In his current role, Subrahmanyam is working as a solution provider for Commercial Healthcare, Insurance, banking and Financial systems with Mahindra Satyam. He is also TOGAF certified Enterprise Architect and IBM certified Ratioanal Software Architect.

GVB Subrahmanyam has an M.Tech. and Ph.D. from IIT Kharagpur in the area of Chemical Technology, India and MS in Software Systems from BITS Pilani. He is also a PMI certified PMP. He attended one year of the Executive Program in Business Management(EPBM) from IIM Calcutta.

Latest Cloud Developer Stories
DX World EXPO, LLC, a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the ...
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, an...
SYS-CON Events announced today that Conference Guru has been named “Media Sponsor” of the 22nd International Cloud Expo, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. A valuable conference experience generates new contacts, sales leads, potentia...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (Clo...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enter...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE