A PERMIS-based authorization solution between portlets and back-end web services
View/ Open
Date
2006Author
Barahona, Sofia Brenes
Fox, Geoffrey
Huffman, Kianosh
McMullen, Donald
Pierce, Marlon
Yin, Hao
Metadata
Show full item recordAbstract
A portal is a Web-based application that acts
as an entry point to distributed resources.
Individual portlets in a portal can be used to
integrate information from a variety of back-end
Web services. However, when Web services are
deployed, they are available to unintended clients
not related to the portal so a general solution for
authorizing access to them is needed that is
integrated with the portal’s own authentication
and authorization mechanisms. This paper
investigates the feasibility of an implementation of
a general purpose solution for authorization
between portlets and their back end Web services
based on Privilege and Role Management
Infrastructure Standards (PERMIS) which uses
Web services security standards such as WSSecurity
and SAML. This solution is also
appropriate for authorization across
organizational boundaries supporting the
inclusion of service resources to a portal which
are contributed by many different organizations. A
motivating example of instrument sharing based
on the CIMA remote instrument access protocol is
presented.
The following license files are associated with this item: