An adaptive authentication and authorization model for service-oriented enterprise computing

Abstract

Service-oriented enterprise computing is an integration architectural style aimed to expose and consume coarse-grained and fine-grained modularization of business functionalities as services that are being deployed in the loosely coupled organizational environment. The web service is the implementation technology of service-oriented architecture (SOA) where it is built on the existing networking and web interfacing standards as it has to use the web as a medium of communication and does not have any specialized in-built layer for security. The majority of the vendor security products in the market need specialized hardware/software components, eventually they break the standards and principles of service-oriented architecture. The traditional way of problem-solving is not effective for developing security solutions for service-oriented computing, as its boundaries keep expanding beyond a single organizational environment due to the advent of communication and business technologies such as the Internet of Things (IoT), hyper-personalization, and edge computing. Hence, it is a mandatory entity in this digital age of enterprise computing to have a specialized authentication and authorization solution exclusively for addressing the existing security gaps in SOA in an adaptive way-forward approach. In this paper, the security gaps in the existing Identity and Access Management (IDAM) solutions for service-oriented enterprise computing are analyzed, and a novel intelligent security engine which is packed with extended authentication and authorization solution model for service consumption is presented. The authentication and authorization security requirements are considered as cross-cutting concerns of SOA implementation and the solution is constructed as Aspect Oriented Programming (AOP) advices, which enables the solution can be attached as ‘plug & play’ component without changing the underlying source code of the service implementation. For Proof-of-Concept (PoC), the proposed authentication and authorization security model is tested in a large-scale service-oriented enterprise computing environment, and the results have been analyzed statistically. It is evident from the results that the proposed security model addresses security issues comparatively better than existing security solutions.