Web Single Sign-On Authentication using SAML

Companies have increasingly turned to application service providers (ASPs) or Software as a Service (SaaS) vendors to offer specialized web-based services that will cut costs and provide specific and focused applications to users. The complexity of designing, installing, configuring, deploying, and supporting the system with internal resources can be eliminated with this type of methodology, providing great benefit to organizations. However, these models can present an authentication problem for corporations with a large number of external service providers. This paper describes the implementation of Security Assertion Markup Language (SAML) and its capabilities to provide secure single sign-on (SSO) solutions for externally hosted applications

SDN Architecture and Southbound APIs for IPv6 Segment Routing Enabled Wide Area Networks

The SRv6 architecture (Segment Routing based on IPv6 data plane) is a promising solution to support services like Traffic Engineering, Service Function Chaining and Virtual Private Networks in IPv6 backbones and datacenters. The SRv6 architecture has interesting scalability properties as it reduces the amount of state information that needs to be configured in the nodes to support the network services. In this paper, we describe the advantages of complementing the SRv6 technology with an SDN based approach in backbone networks. We discuss the architecture of a SRv6 enabled network based on Linux nodes. In addition, we present the design and implementation of the Southbound API between the SDN controller and the SRv6 device. We have defined a data-model and four different implementations of the API, respectively based on gRPC, REST, NETCONF and remote Command Line Interface (CLI). Since it is important to support both the development and testing aspects we have realized an Intent based emulation system to build realistic and reproducible experiments. This collection of tools automate most of the configuration aspects relieving the experimenter from a significant effort. Finally, we have realized an evaluation of some performance aspects of our architecture and of the different variants of the Southbound APIs and we have analyzed the effects of the configuration updates in the SRv6 enabled nodes

Enterprise Resource Bus and Views in Restful Web Services

Over the past few years RESTful Web Services (WSs) have gained immense popularity over the Web Service stack (WS*) to provide WS solutions. The WSs implemented using REST are lightweight and ideally suited for consumption for devices with limited processing capabilities like mobiles and tablets due to its dependence on HTTP. This enables the system architects to leverage the well-known capabilities of HTTP to develop their systems rapidly. However, this introduces the challenges of compromised security and unmanageable systems. This research presents a novel middleware architecture called Enterprise Resource Bus for Resource Oriented systems to tackle the issues of security, access control and resource management. The middleware architecture put forward in this research is focused on remedying these issues by abstracting the logic of access control and security to the concept of view resources to be managed in the middleware. This research draws inspiration from the middleware architecture implemented in SOA called Enterprise Service Bus. Since, the implementation of ERB is inspired from ESB we have emulated some functionalities of ESB and translated them to resource oriented architecture. In addition, this research also introduces the idea of views on resources inspired from the concept of virtual relations in relational databases to provide customized view resources based on user privilege/ role in the system to control access. The middleware architecture was tested for its overhead, scalability and security features as opposed to a REST Web Service without a middleware. It can be concluded from the evaluation results that with a small overhead a secure and highly manageable REST Web Services are achievable

Orchestration of smart objects with MQTT for the Internet of Things

Internet is becoming a crucial network on the evolution of humanity. Many companies make available several web services to interact with, permitting users and developers to create custom applications. Meanwhile, devices permit users to remain connected everywhere and anytime. Not only smartphones, tablets and PCs but also washing machines and cars. In this thesis, we will describe a platform which permits the creation of composite services (aka mashups) that combine web services and devicesope