A distributed authentication model for composite Web services

Proliferation of Web services based applications, collaboration and interoperability between companies, extremely heterogeneous policies of security, and, more generally, reply attacks over Internet are major challenges in the design of security infrastructures for Web services. In this paper, we focus our study on authentication of composite Web services. Authentication is certainly at the heart of any secure system. Thus, we propose a distributed model of authentication based on the circle of trust concept for composite Web services. This model has several functionalities: First, it ensures authentication for arbitrary composite Web services over Internet. Second, it can process across and beyond domain authentication boundaries. Third, it takes over the conflicts of security policies using the concept of Web Single Sign On (SSO) and client's profile using ontologies. Furthermore, the proposed model is scalable and dynamic because it is designed in a fully distributed manner, there are no central points and it evolves over time. An implementation of a prototype and a simulation design demonstrate that a strong security can be achieved for both the client and the composite Web service through the combination of a dynamic and collaborative trust model with a number of enhancements: (i) a combined encryption technique, (ii) a distributed authority of certificates, and (iii) semantic annotations.