503 research outputs found
Open Access to Resource Management in Multimedia Networks
The paper is dedicated to mechanisms for open
access to resource management in the Internet Protocol (IP)
multimedia networks. First we present the concept of IP
Multimedia Subsystem (IMS) and explain the IMS functional
architecture, principles of quality of service management and
service control in IMS. Then we describe the idea behind the
opening of network interfaces for third parties so that others
besides the network operator can create and deploy services.
Open Service Access (OSA) and Parlay appear to be the
technologies for value-added service delivery in multimedia
networks. In the paper we take a closer look to the
Parlay/OSA interfaces that allow third party applications to
access the resource management functions in IMS. OSA
"Connectivity Manager" interfaces and OSA "Policy
Management" interfaces are considered. Parlay X Web
Services interfaces provide a higher level of abstraction than
Parlay/OSA interfaces and gain an amazing amount of
support among service developers. We address "Applicationdriven Quality of Service" Parlay X Web Service and
"Policy" Parlay X Web Service also
SFTSDH: Applying Spring Security Framework with TSD-Based OAuth2 to Protect Microservice Architecture APIs
The Internet of Medical Things (IoMT) combines medical devices and applications that use network technologies to connect healthcare information systems (HIS). IoMT is reforming the medical industry by adopting information and communication technologies (ICTs). Identity verification, secure collection, and exchange of medical data are essential in health applications. In this study, we implemented a hybrid security solution to secure the collection and management of personal health data using Spring Framework (SF), Services for Sensitive Data (TSD) as a service platform, and Hyper-Text-Transfer-Protocol (HTTP (H)) security methods. The adopted solution (SFTSDH = SF + TSD + H) instigated the following security features: identity brokering, OAuth2, multifactor authentication, and access control to protect the Microservices Architecture Application Programming Interfaces (APIs), following the General Data Protection Regulation (GDPR). Moreover, we extended the adopted security solution to develop a digital infrastructure to facilitate the research and innovation work in the electronic health (eHealth) section, focusing on solution validation with theoretical evaluation and experimental testing. We used a web engineering security methodology to achieve and explain the adopted security solution. As a case study, we designed and implemented electronic coaching (eCoaching) prototype system and deployed the same in the developed infrastructure to securely record and share personal health data. Furthermore, we compared the test results with related studies qualitatively for the efficient evaluation of the implemented security solution. The SFTSDH implementation and configuration in the prototype system have effectively secured the eCoach APIs from an attack in all the considered scenarios. The eCoach prototype with the SFTSDH solution effectively sustained a load of (â) 1000 concurrent users in the developed digital health infrastructure. In addition, we performed a qualitative comparison among the following security solutions: SF security, third-party security, and SFTSDH, where SFTSDH showed a promising outcome.publishedVersio
Esquema de Seguridad en SOAP Basado en OpenSAML
SOAP es un protocolo de comunicacioÌn basado en XML para el intercambio de informacioÌn entre aplicaciones en un entorno distribuido. SOAP no cuenta con mecanismos propios de seguridad para la transmisioÌn segura de sus mensajes. De manera que no cifra la informacioÌn y estaÌ viaja en claro por la red. Para suplir esta carencia, SOAP hace uso del estaÌndar WS-Security implementando el XMLSignature y XMLEncryptation para garantizar la confiabilidad (cifrado) e integridad (firma) de los mensajes en los servicios Web. En este artiÌculo se presenta un esquema de seguridad para servicios Web basado en OpenSAML que garantiza la transmisioÌn segura de los mensajes SOAP.SOAP es un protocolo de comunicacioÌn basado en XML para el intercambio de informacioÌn entre aplicaciones en un entorno distribuido. SOAP no cuenta con mecanismos propios de seguridad para la transmisioÌn segura de sus mensajes. De manera que no cifra la informacioÌn y estaÌ viaja en claro por la red. Para suplir esta carencia, SOAP hace uso del estaÌndar WS-Security implementando el XMLSignature y XMLEncryptation para garantizar la confiabilidad (cifrado) e integridad (firma) de los mensajes en los servicios Web. En este artiÌculo se presenta un esquema de seguridad para servicios Web basado en OpenSAML que garantiza la transmisioÌn segura de los mensajes SOAP
Recommended from our members
Authentication and privacy in mobile web services
This thesis looks at the issue of authentication and privacy in mobile Web services. The work in this thesis builds on GSM and UMTS security framework to develop security protocols for mobile Web services environment. The thesis initially highlights some core principles of designing security protocols in such environment. The next two chapters look at the core technologies and building blocks in Web services systems and the core security features in mobile networks mainly GSM and UMTS. Registration and authentication were identified as security issues in federated systems. Proposed solutions were developed utilizing XML security mechanisms with SIM card security in GSM environment to address these issues. Also a novel system was proposed in which it is possible for a mobile user to securely authenticate and have full anonymity as far as the service providers are concerned; however it is possible for a trusted authority to reveal the identity of the user if he or she is suspected of illegal activities. The next section analyze in detail the Generic Authentication Architecture from 3GPP. Combining SAML with the Generic Authentication Architecture, we propose a novel "generic mobile Web service platform" for M-Commerce. Various solutions have been proposed to address privacy concern in distributed networks; the Platform for Privacy Preferences is one of the popular proposal, though it has many desirable features, it is not easy to enforce it. We argue that this limitation can be managed in federated system such as the Liberty Alliance framework. In the final chapter we make the case for using timestamp based authentication protocol
in mobile Web service on the ground of efficiency gain
WS-GUARD: enhancing UDDI Registries with on-line testing capabilities
Abstract
This thesis investigates the Service Oriented Architecture and in particular the runtime discovery of Web services through the development of an empowered UDDI registry called WS-GUARD (Guaranteeing Uddi Audition at Registration and Discovery).
We start by presenting the Audition framework, a specially conceived framework that applies the idea of testing during the Web service registration in the UDDI registry and then we study the practical implications of its implementation focusing on the most advanced Web service technologies.
This thesis aims at modifying and extending the registration protocol of Web services into UDDI registries in order to introduce a testing phase before actual service publishing: only those services that pass the audition are admitted in the registry and become publicly available at runtime.
A complete prototype implementation of WS-GUARD is described and analysed.
Riassunto analitico
La tesi ha investigato l'ambito Service Oriented Architecture e in particolare il run-time discovery di Web service attraverso la realizzazione di un registro UDDI potenziato, denominato WS-GUARD (Guaranteeing Uddi Audition at Registration and Discovery). Principale obiettivo del lavoro Ăš stato la modifica dei protocolli di registrazione del registro UDDI. Tale modifica Ăš stata rivolta all'introduzione di una fase di testing preventiva alla tradizionale fase di registrazione. Ammettendo alla registrazione soltanto quei servizi che superino la fase di verifica si intende fornire maggiori garanzie sulla qualitĂ dei servizi che saranno resi dinamicamente reperibili (discovered) a tempo di esecuzione. La tesi discute le modifiche proposte e ne fornisce un'implementazione reale
Evaluation of frameworks for creating end-to-end mobile services with OMA MMS as a use case
Masteroppgave i informasjons- og kommunikasjonsteknologi 2005 - HĂžgskolen i Agder, GrimstadSeveral frameworks are available in 3GPP networks to create mobile services, such as the
Open Service Access (OSA) Application Programming Interface (API) and the native
Session Initiation Protocol (SIP). Each of these frameworks has their own advantages
and disadvantages. Therefore it is important for a service to use a framework which suits
its own requirements as best as possible.
In this thesis we have defined a use case, TMMS Service. This use case has been designed
for four frameworks selected, which are: GPRS, IMS, OSA API and OSA Parlay X Web
Services. We have then evaluated the design of these services against a set of evaluation
criteria. The evaluation criteria cover security, usability, modifiability, reliability,
interoperability and billability.
Our evaluation has proved that none of the frameworks are superior in all areas. The
best framework overall is IMS which provides a lot of end-to-end features and is also
very extensible. One of the biggest disadvantages with IMS is the current lack of a
specific set of documentation for application developers
A service-oriented Grid environment with on-demand QoS support
Grid Computing entstand aus der Vision fĂŒr eine neuartige Recheninfrastruktur, welche darauf abzielt, RechenkapazitĂ€t so einfach wie ElektrizitĂ€t im Stromnetz (power grid) verfĂŒgbar zu machen. Der entsprechende Zugriff auf global verteilte Rechenressourcen versetzt Forscher rund um den Globus in die Lage, neuartige Herausforderungen aus Wissenschaft und Technik in beispiellosem AusmaĂ in Angriff zu nehmen.
Die rasanten Entwicklungen im Grid Computing begĂŒnstigten auch Standardisierungsprozesse in Richtung Harmonisierung durch Service-orientierte Architekturen und die Anwendung kommerzieller Web Services Technologien. In diesem Kontext ist auch die Sicherung von QualitĂ€t bzw. entsprechende Vereinbarungen ĂŒber die QualitĂ€t eines Services (QoS) wichtig, da diese vor allem fĂŒr komplexe Anwendungen aus sensitiven Bereichen, wie der Medizin, unumgĂ€nglich sind.
Diese Dissertation versucht zur Entwicklung im Grid Computing beizutragen, indem eine Grid Umgebung mit UnterstĂŒtzung fĂŒr QoS vorgestellt wird. Die vorgeschlagene Grid Umgebung beinhaltet eine sichere Service-orientierte Infrastruktur, welche auf Web Services Technologien basiert, sowie bedarfsorientiert und automatisiert HPC Anwendungen als Grid Services bereitstellen kann.
Die Grid Umgebung zielt auf eine kommerzielle Nutzung ab und unterstĂŒtzt ein durch den Benutzer initiiertes, fallweises und dynamisches Verhandeln von ServicevertrĂ€gen (SLAs). Das Design der QoS UnterstĂŒtzung ist generisch, jedoch berĂŒcksichtigt die Implementierung besonders die Anforderungen von rechenintensiven und zeitkritischen parallelen Anwendungen, bzw. Garantien fšur deren AusfĂŒhrungszeit und Preis. Daher ist die QoS UnterstĂŒtzung auf Reservierung, anwendungsspezifische AbschĂ€tzung und Preisfestsetzung von Ressourcen angewiesen. Eine entsprechende Evaluation demonstriert die Möglichkeiten und das rationale Verhalten der QoS Infrastruktur.
Die Grid Infrastruktur und insbesondere die QoS UnterstĂŒtzung wurde in Forschungs- und Entwicklungsprojekten der EU eingesetzt, welche verschiedene Anwendungen aus dem medizinischen und bio-medizinischen Bereich als Services zur VerfĂŒgung stellen. Die EU Projekte GEMSS und Aneurist befassen sich mit fortschrittlichen HPC Anwendungen und global verteilten Daten aus dem Gesundheitsbereich, welche durch Virtualisierungstechniken als Services angeboten werden. Die Benutzung von Gridtechnologie als Basistechnologie im Gesundheitswesen ermöglicht Forschern und Ărzten die Nutzung von Grid Services in deren Arbeitsumfeld, welche letzten Endes zu einer Verbesserung der medizinischen Versorgung fĂŒhrt.Grid computing emerged as a vision for a new computing infrastructure that aims to make computing resources available as easily as electric power through the power grid. Enabling seamless access to globally distributed IT resources allows dispersed users to tackle large-scale problems in science and engineering in unprecedented ways.
The rapid development of Grid computing also encouraged standardization, which led to the adoption of a service-oriented paradigm and an increasing use of commercial Web services technologies. Along these lines, service-level agreements and Quality of Service are essential characteristics of the Grid and specifically mandatory for Grid-enabling complex applications from certain domains such as the health sector.
This PhD thesis aims to contribute to the development of Grid technologies by proposing a Grid environment with support for Quality of Service. The proposed environment comprises a secure service-oriented Grid infrastructure based on standard Web services technologies which enables the on-demand provision of native HPC applications as Grid services in an automated way and subject to user-defined QoS constraints.
The Grid environment adopts a business-oriented approach and supports a client-driven dynamic negotiation of service-level agreements on a case-by-case basis. Although the design of the QoS support is generic, the implementation emphasizes the specific requirements of compute-intensive and time-critical parallel applications, which necessitate on-demand QoS guarantees such as execution time limits and price constraints. Therefore, the QoS infrastructure relies on advance resource reservation, application-specific resource capacity estimation, and resource pricing. An experimental evaluation demonstrates the capabilities and rational behavior of the QoS infrastructure.
The presented Grid infrastructure and in particular the QoS support has been successfully applied and demonstrated in EU projects for various applications from the medical and bio-medical domains. The EU projects GEMSS and Aneurist are concerned with advanced e-health applications and globally distributed data sources, which are virtualized by Grid services. Using Grid technology as enabling technology in the health domain allows medical practitioners and researchers to utilize Grid services in their clinical environment which ultimately results in improved healthcare
Security in Distributed, Grid, Mobile, and Pervasive Computing
This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security
A message-level security approach for RESTful services
In the past ten years Web Services have positioned themselves to be one of the leading
distributed technologies. The technology, supported by major IT companies, offers
specifications to many challenges in a distributed environment like strong interface and
message contacts, service discovery, reliable message exchange and advanced security
mechanisms. On the other hand, all these specifications have made Web Services very
complex and the industry is struggling to implement those in a standardized manner.
REST based services, also known as RESTful services, are based on pure HTTP and
have risen as competitors to Web Services, mainly because of their simplicity. Now they are
being adopted by the majority of the big industry corporations including Microsoft, Yahoo
and Google, who have deprecated or passed on Web Services in favor of RESTful services.
However, RESTful services have been criticized for lacking functionality offered by Web
Services, especially message-level security. Since security is an important functionality which
may tip the scale in a negative direction for REST based services, this thesis proposes a
prototype solution for message-level security for RESTful services. The solution is for the
most part technical and utilizes well-known, cross-platform mechanisms which are composed
together while a smaller part of the solution discusses a non-technical approach regarding the
token distribution. During the development of the prototype, much of the focus was to adapt
the solution according to the REST principals and guidelines, such are multi-format support
(XML or JSON) and light-weight, human readable messages
- âŠ