International Conference on Information and Knowledge Technology

فارسی

Home / یازدهمین کنفرانس بین المللی فناوری اطلاعات و دانش

An ESB-based Architecture for Authentication as a Service Through Enterprise Application Integration

Authors :

Masoumeh Hashemi¹ Mehdi Sakhaei-nia² Morteza Yousef Sanati³

1- دانشگاه بوعلی سینا 2- دانشگاه بوعلی سینا 3- دانشگاه بوعلی سینا

Keywords :

Authentication as a Service, Enterprise Service Bus, Event-Driven Architecture, Enterprise

Abstract :

AUTHaaS is a solution for various problems in an enterprise involving different software systems, each of which have a different authentication mechanism. Multiple usernames/passwords for a user, different security vulnerabilities for each software, and possible changes to the authentication mechanism are some of these problems. The solutions proposed for AUTHaaS are based on SOA. As communication in SOA is synchronous, the authentication process can confront problems if the authentication service is delayed for any reason. It is the purpose of this paper to answer these problems. In this paper, a security architecture is proposed for AUTHaaS through enterprise application integration. The core of the integration solution is the ESB technology. Proposed ESB-based architecture allows the user to authenticate only once for using different systems. Once the user is successfully authenticated for an application, other applications receive events through the ESB that indicate the user has successfully authenticated. So they do not need to be authenticated again by the authentication service for further access. The results show that after the 500th request, i.e. the second request of each user, the response time is reduced by50% and the number of visits to the authentication server for subsequent requests of users will bezero.