A Quantitative Analysis into the Economics of Correcting Software Bugs - Computational Intelligence in Security for Information Systems

Information Technology Reference

In-Depth Information

Fig. 1. Proposed m-government model

Web Service endpoint implementation on the platform's side that implements a

complete set of security features. Well processed requests with all security

features positively verified, the Web Service platform's application proceeds to

other application parts of the proposed SOA-Based platform, including the

governmental Legacy system for issuing actual governmental certificates

requested. In fact, the proposed platform could change completely the application

platform of some governmental organization or could serve as the Web Service

„add-on“ to the existing Legacy system implementation. In the latter case, the

Legacy system will not be touched and only a corresponding Web Service

interface should be developped in order to interconnect the proposed SOA-Based

platform and the Legacy governmental system.

External entities, such as: PKI server with XKMS server as a front end, STS,

UDDI and TSA.

Functions of the proposed external entities are following:

STS server - is responsible for strong user authentication and authorization

based on PKI X.509v3 electronic certificate issued to users and other entities in

the proposed model. Communication between STS server and the user's JAVA

mobile application is SOAP-based and secured by using WS-Security features.

After the succesful user authentication and authorization, the STS server issues

a SAML token to the user which will be subsequently used for the user

authentication and authorization to the Web Service of the proposed m-

government platform. The SAML token is signed by the STS server and could

consist of the user role for platform's user authentication and authorization.

•

UDDI server - is a platform-independent, XML based registry for businesses

worldwide to list themselves on the Internet. In this paper, UDDI server is used

to store information about SWEB-enabled municipal organizations including

WSDLs and URLs defining a way to access these SWEB platforms.

PKI server - is responsible for issuing PKI X.509v3 electronic certificates for

all users/entities in the proposed m-governmental model (users, civil servants,

administrators, servers, platforms, etc.). Since some certificate processing

Search WWH ::

Custom Search

Home