Advanced Search
CS Search Google Search
Subscribers, please login

Published Articles >> Table of Contents >> Abstract

Seventh IEEE International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC'04)   pp. 227-234
Multi-Party Authentication for Web Services: Protocols, Implementation and Evaluation
Dacheng Zhang, University of Leeds
Jie Xu, University of Leeds
Full Article Text: Download PDF of full textBuy this articleGet full text from IEEE Xplore

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ISORC.2004.1300354
Send link to a friend

Abstract
The Web service technology allows the dynamic composition of a workflow (or a business flow) by composing a set of existing Web services scattered across the Internet. While a given Web service may have multiple service instances taking part in several workflows simultaneously, a workflow often involves a set of service instances that belong to different Web services. In order to establish trust relationships amongst service instances, new security protocols are urgently needed. Hada and Maruyabma [3] presented a session-oriented, multi-party authentication protocol to resolve this problem. Within a session their protocol provides a commonly shared session secret for all the service instances, thereby distinguishing the instances from those of other sessions. However, individual instances cannot be distinguished and identified using the session secret. This leads to vulnerable session management and poor threat containment. In this paper we present a new protocol design for multi-party authentication in which each service instance of a given session is provided with a unique identifier. The Coordinated Atomic Action scheme is exploited for achieving an improved level of threat containment. We evaluate the scalability of our design by means of both experiments and an analytical model. The result shows that time consumed by the authentication process increases linearly with an increase in the number of session participants.
Additional Information
Index Terms- Authentication, fault tolerance, Internet computing, key exchange, security, Web services

Citation:  Dacheng Zhang, Jie Xu, "Multi-Party Authentication for Web Services: Protocols, Implementation and Evaluation," isorc, pp. 227-234,  Seventh IEEE International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC'04),  2004

Similar Articles

Abstract Contents
Abstract
Index Terms
Citation

Download Citation
Ascii Text
BibTex
RefWorks
Procite/RefMan/Endnote




Free access to

  • Abstracts
  • Selected PDFs

Electronic subscribers login to:

  • Access HTML/PDFs of full text articles

Subscription information

Get a Web account

PDFs require Adobe Acrobat Reader.

Peer Review Notice

Give us Feedback