An XML-based security architecture for integrating single sign-on and rule-based access control in mobile and ubiquitous web environments

Since mobile and Web applications are integrated, the number of services, a typical mobile user can now access, has greatly increased. With a variety of services, a user will be frequently asked to provide his security information to a system. This iterative request is one critical problem which can cause frequent transmission of user's security information. Another serious problem is how an administrator controls access request of internal users who were authenticated. In order to establish effective security scheme for integrated environments, Single Sign-On and access control also need to be integrated. In this paper, we propose an XML-based architecture integrating authentication and access control policy in integrated environment to be extended to ubiquitous environment. To provide flexibility, extensibility, and interoperability between environments to be integrated, we have implemented an architecture based on SAML and XACML, which are standardized specifications. By specifying security policies in XML schema and exchanging security information according to that schema, the proposed architecture offers the opportunities to build standardized schemes for authentication and authorization. Additionally, the proposed architecture makes it possible to establish a fine-grained access control scheme by specifying the XML element unit as a target to be protected.