Modern distributed business applications are embedding an increasing degree of automation and dynamism, from dynamic supply-chain management, enterprise federations, and virtual collaborations to dynamic service interactions across organizations. Such dynamism leads to new challenges in security and dependability. In Service-Oriented Architecture, collaborating services may belong to different security realms but often need to be engaged dynamically at runtime. If a cross-realm authentication relationship can not be generated dynamically at runtime between heterogeneous security realms, it is technically difficult to enable dynamic business processes through secure collaborations between services. A potential solution to this problem is to generate a trust relationship across security realms so that a user can use the credential in the local security realm to obtain the credentials to access resources in a remote realm. However, the process of generating such kinds of trust relationships between two disjoint security realms is very complex and time consuming, which could involve a large number of extra operations for credential conversion and require collaborations in multiple security realms. In this paper, we propose a new cross-realm authentication protocol for dynamic service interactions. This protocol does not require credential conversion or establishment of authentication paths.
展开▼
