Network service sharing infrastructure: service authentication and authorization revocation

Abstract

[Abstract]: When a service server receives a request, the server will establish the identity and authorization of the user based on the information stored in authentication information repository (IDAR) before service is provided. The IDAR will determine who can have access to which service. A legitimate user must have her/his identity and authorization registered in the IDAR in advance. Users who registered in IDAR of another server or network cannot access services in another server or network. This prevents effective and efficient sharing of services. In this paper, we develop a Network Service Sharing Infrastructure (NSSI) by which many networks are linked together for service sharing. This \emph{ad hoc} network system can provide a wider range of services to users than any individual network. Within the \emph{ad hoc} network system, individual networks authenticate and grant authorizations independent of each other by using their own IDAR. NSSI enables authentication and authorization results to be relayed to other linked networks to access a shared services while individual networks still maintain their own authentication scheme or authentication requirements. This makes joining and leaving NSSI simple and involves minimum administrative overhead.