Improving Web Services Security Models

Sawsan Abu-Taleb and Hossam Mustafa
Al-Balqa' Applied University, Jordan

Abstract: Web services are considered one of the main technologies which emerged in recent years, they provide an application ‎integration technology that allows business applications to communicate and cooperate over the Internet. Web services ‎encouraged existent architectures to adopt as one of the most important technologies; Portals, providing content aggregation ‎from various web services sources for providing useful information to users. The distributed sources of web services ‎aggregated into users' pages provide a component model architecture, which allows the plugging of components in ‎infrastructure, which are referred to as portlets. This paper defines effective models for securing portlet contents by defining ‎an access control list for each portlet, which will looks into the access control of web services, and authentication of web ‎services consumers. In addition, this paper introduces a design for trusted authority that will be responsible for fair contract ‎exchange between portlet producers and consumer; thus, defining a single sign-on model, which is responsible for ‎authenticating remote portlets requests.‎