Sunday, November 28, 2004

Web services security and federated identity authentication

Recently I had an opportunity to do an extensive Literature review of
the whole federated authentication space within web services. The
literature review is attached and the abstract for the same is shown
below.

----------------------------------------------------------------------------
Abstract

Over the past few years as web services technology has matured, so has
its use in complex line of business applications. Projects to create
Service Oriented Architecture and Complex Supply Chain Integration are
pushing the boundaries of present web services specifications. As
organisations and applications using web services collaborate across
security domains the risks associated with compromised identities
increase. In order to mitigate these risks a system of Federated
Security domains is being used in web services projects. This paper
will look at the concepts behind digital identities, aspects of web
services security (WS-Security) and how federation is achieved in such
a landscape. Lastly it looks at Liberty Alliance ID-WSF and
WS-Federation specifications and how they compare against each other.
The paper finishes off with some recommendation for future projects to
investigate and do a threat assessment of applications built to these
two specifications.
----------------------------------------------------------------------------
Unfortunately I cant attach files to my blog, will have to find a way around this predicament.

No comments:

Post a Comment