Adaptive security architectural model for protecting identity federation in service oriented computing

Abstract

With the tremendous growth of Internet and its related technologies, the Service Oriented Architecture (SOA) became a dominant paradigm shift for enterprise computing. In SOA, business functionalities are offered by many different Service Providers as services. In order to get served by different service providers, the client has to authenticate with those service providers at multiple times. Single Sign On (SSO) mechanism provides the client to login only one time so that access to different services is made possible without needing to re-authenticate. Here, the identity of the logged-in client is federated among the enterprise computing nodes. This is one of the simplest forms of federated identity. The goal of identity federation is to benefit ease of use, flexibility, productivity and reduced cost of the authentication process, but trust and security is a major concern in this situation. Major threats on federated identity management are due to identity misuse, identity theft, and trust deficit between identity providers and services providers. As of now, the Security Assertion Markup Language (SAML), Open Authorization (OAuth) and OpenID are the three important federated identity management standards in the industry. However, none of them is equipped by itself to provide comprehensive security protection for identity federation even within a single enterprise computing environment. In fact, these federated solutions result in additional security vulnerabilities due to their openness of identity federation. The security threats are becoming severe when federated identity is spanned into the inter-organizational and intra-organizational computing environment. This paper analyses the vulnerabilities and security gaps in the existing federated identity solutions. To overcome these gaps, an adaptive security architectural model is proposed for identity federation at inter and intra-organizational level using public key infrastructure that adheres to the SOA security standards and specifications. The proposed architecture is implemented and tested in a large-scale federated identity enterprise computing environment with security-centric financial data to acquire the desired results. A cross-sectional comparative analysis is done between existing and proposed solutions to validate the improvement in the protection of identity federation environment.