Research And Implementation Of Security Strategy In Open Source Framework TUSCANY

SOA (Service–Oriented Architecture) has become preferred solution forinformation technology integration in many companies. Deriving fromcomponent-based programming model, Service Component Architecture (SCA) isused to construct SOA applications and solutions. However, several characteristics,such as loosely coupled, heterogeneous, reuse, dynamic and open, have challengedSCA’s security concerns. When a company integrates various internal systems withexternal systems to construct SOA application, service requesters sometimes have tocross system boundaries to access service providers. To effectively dominate thesecurity accessing mechanism crossing system or domain, we need to implementcrossing-domain authentication and authorization for service request. There is not agood solution to do this in traditional way, so this paper brings a discussion of accesscontrol in service-oriented environment in a new way.Based on studying of the International Organization’s OASIS SCA PolicyFramework specification and Tuscany SCA Java open source framework, thereference implementation of SCA specifications, we design and implement SCAsecurity access control to extend the security policy mechanism against the lack ofimplementation of authorization and security identity in the Tuscany SCA Java1.6.1.By analyzing the deficiencies of Tuscany SCA Java access control, we implementedfunctions of the authority, security, identity function by extending the mechanism ofTuscany. We also designed and implemented a role-management service to aidAuthorized functions. These functions and services decouple access control frombusiness. It provides a useful reference for company to set up access controlmechanism in a simple and efficient way; it is also useful for constructing SOAapplications with Tuscany.Last, this paper introduces Changsha Mobile Performance Appraisal System as acase to verify the implementation of Tuscany SCA Java-based access controltechnology. This paper describes two modules of this system: departmentmanagement module and staff’s tasks applying module, including requirementsanalysis, design and implementation of these modules. We Successfully appliedpolicy-based access control functions in these modules.