Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
Reference Architecture for Securing Web Services in a Heterogeneous Environment
Master Security Token Service (MSTS) acts as a broker for all security authorization without duplicating the effort

Web Services have played a key role in integrating heterogeneous applications, particularly in cross domains. As part of identity management, Security Token Services are used for request and response tokens. However, we need multiple communication channels among Security Token Services when multiple applications in different domains try to reach other Web Services.

In this article we have proposed a Master Security Token Service (MSTS) that can act as a broker for all security authorization without duplicating the effort at every domain.

In a world of heterogeneous systems where each application is leveraging the services of other applications, a service-oriented analysis and design process has become significant. Web Services are sets of services used for integrating business processes and services, and can be accessed over the Internet or executed on a remote system hosting the Web Service requests using standard protocols. WS-Federation offers the opportunity of fulfilling the SSO behavior across domains. Security information can be shared across the domains of applications through federated identity, which is about identity information across security domains. Heterogeneous applications will have interactions through either Web Service requests or browser requests. While Web Service requests follow the WS-Security and WS-Trust standards, browser requests follow on how the service messages are secured and encoded with Http messages to transport among the resources.

While Web Services use is now predominant in many enterprises across domains using different protocols, the security of the Web Services is debatable, consequently federated identity management implementation for the integrated environment of various applications across domains using Web Services has become a hot topic for the reference architectural framework.

Federated identity management should do authentication, authorization, auditing, reporting, and upstream and downstream session management. Security Token Service (STS) implements the protocol for message formats and message exchange patterns as defined in the WS-Trust specification and WS-Secure Conversation will allow multiple Security Token Service requests. The main challenge is how to federate identity and establish connection in domains when multiple applications are in different domains. We can have independent security authentication using separate Security Token Services for each of the applications and each of the services, which involves sets of repeated activities. To minimize the effort of using multiple Security Token Services, we've identified and proven the architecture, which will have one Security Token Services Server called a Master Security Token Services Server. This will reduce the replication of management credentials and provide robust security since it's a centrally monitored server.

Proposed MSTS Framework
Figure 1 shows a reference architecture for managing the security of Web Services in a heterogeneous enterprise environment. It's common for organizations to have multiple domains and for each domain to have a separate Security Token Service Server. It creates a lot of complexity if these systems have to interact with each other securely. In the context of Service Oriented Architecture, we use WS-Security and WS-Trust specifications to secure these services. These services will also make use of a Security Token Service from each realm/domain. This will also create a lot of complexity since every STS in one realm/domain has to issue tokens to STS in other domains. In the architecture proposed below, MSTS will reduce the complexity by having fewer communication channels.

This architecture recommends creating a Master STS that doesn't belong to any realm/domain in particular. This central STS has to maintain bindings to the other STS from all the realms/domains. Suppose, for example, that a client from domain 3 wants to call a service from domain 2. It can call the Master STS and get a token to make a call on STS 2. Then the client can call STS 2 and get a token to call the service from domain 2. Only the Master STS has to maintain a trust relationship with all the other realms/domains rather than the individual realms/domains. This way managing the STS will be easy since only the Master STS has to be changed if any realms/domains are added or deleted. The same architecture can be extended to external realms/domains. You can treat any external realm/domain as another domain.

Conclusion and Future Work
Implementing an MSTS will reduce STS complexity and simplify the overall architecture of the enterprise applications. It will help manage STS connections. Going forward, we're focused on identity management with WS-Federation and SAML2.0. We're also planning to work on the persistence of token services.

References

About GVB Subrahmanyam
GVB Subrahmanyam an Application Developer, Lead, Project Manager, Development Manager and Delivery Manager in a wide variety of business applications as part of an IT service provider. He focuses on Development, Delivery and Sustenance of IT Applications in Supply Chain/Insurance/Banking/Finance. Albeit most of his projects are Java-based assignments, he is technology agnostic.

In his current role, Subrahmanyam is working as a solution provider for Commercial Healthcare, Insurance, banking and Financial systems with Mahindra Satyam. He is also TOGAF certified Enterprise Architect and IBM certified Ratioanal Software Architect.

GVB Subrahmanyam has an M.Tech. and Ph.D. from IIT Kharagpur in the area of Chemical Technology, India and MS in Software Systems from BITS Pilani. He is also a PMI certified PMP. He attended one year of the Executive Program in Business Management(EPBM) from IIM Calcutta.

Latest AJAXWorld RIA Stories
DX World EXPO, LLC, a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the ...
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structu...
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct ...
In his session at 21st Cloud Expo, James Henry, Co-CEO/CTO of Calgary Scientific Inc., introduced you to the challenges, solutions and benefits of training AI systems to solve visual problems with an emphasis on improving AIs with continuous training in the field. He explored app...
The question before companies today is not whether to become intelligent, it’s a question of how and how fast. The key is to adopt and deploy an intelligent application strategy while simultaneously preparing to scale that intelligence. In her session at 21st Cloud Expo, Sangeeta...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021


SYS-CON Featured Whitepapers
ADS BY GOOGLE