Mobile Agent and Web Service Integration Security Architecture

Abstract

Mobile agent technology and Web service technology compensate each other and play very important roles in e-service applications. The mechanism of Web services technology naturally provides a platform for deploying mobile agent technology. Therefore, the integration of the mobile agent technology and Web Service technology has been actively investigated in recent years. On the other hand, the security issues of the integration system have not drawn much attention. In this paper, we present a new security architecture for the integration of mobile agent and the Web services technology. This architecture provides a new authentication scheme for Web service provider to verify the mobile agent owner's identity by employing an identity-based signature protocol without using the username/password pair, which is infeasible for mobile agent. We also propose a new Web services and mobile agent system confidentiality protocol, which provides an alternative method to current security mechanisms without using certification authorities (CA) based public key infrastructure. With this scheme, it can simplify the key management and reduce the computation load particularly for group-oriented web services. In addition, this scheme also inherently has the non-repudiation property.