Improving web services security models

Abstract EN

Web services are considered one of the main technologies which emerged in recent years, they provide an application integration technology that allows business applications to communicate and cooperate over the Internet.

Web services encouraged existent architectures to adopt as one of the most important technologies; Portals, providing content aggregation from various web services sources for providing useful information to users.

The distributed sources of web services aggregated into users' pages provide a component model architecture, which allows the plugging of components in infrastructure, which are referred to as portlets.

This paper defines effective models for securing portlet contents by defining an access control list for each portlet, which will looks into the access control of web services, and authentication of web services consumers.

In addition, this paper introduces a design for trusted authority that will be responsible for fair contract exchange between portlet producers and consumer; thus, defining a single sign-on model, which is responsible for authenticating remote portlets requests.