An infrastructure for service authentication and authorization revocation in a dynamic aggregation of networks

Abstract

[Abstract]: When a user requests a service from a server (SA), SA will authenticate the user based on some stored authentication information. If the information is stored on another server or network which is not accessible to SA or not in a compatible form of that required by SA, the identity of the user cannot be established. Without a global authentication service, authentication of users from another autonomous network is a major security issue in service sharing. In this paper, we extended Network Service Sharing Infrastructure (NSSI) by which many networks are linked together for service sharing. Within NSSI, individual networks authenticate and grant authorizations independent of each other by using their own authentication information repository (AIR). NSSI enables authentication and authorization results to be relayed to other linked networks to access a shared services while individual networks still maintain their own authentication scheme or authentication requirements. NSSI facilitates dynamic aggregation of networks for service sharing with minimum administrative overhead.