987 resultados para Security token service
Resumo:
A família de especificações WS-* define um modelo de segurança para web services, baseado nos conceitos de claim, security token e Security Token Service (STS). Neste modelo, a informação de segurança dos originadores de mensagens (identidade, privilégios, etc.) é representada através de conjuntos de claims, contidos dentro de security tokens. A emissão e obtenção destes security tokens, por parte dos originadores de mensagens, são realizadas através de protocolos legados ou através de serviços especiais, designados de Security Token Services, usando as operações e os protocolos definidos na especificação WS-Trust. O conceito de Security Token Service não é usado apenas no contexto dos web services. Propostas como o modelo dos Information Cards, aplicável no contexto de aplicações web, também utilizam este conceito. Os Security Token Services desempenham vários papéis, dependendo da informação presente no token emitido. São exemplos o papel de Identity Provider, quando os tokens emitidos contêm informação de identidade, ou o papel de Policy Decision Point, quando os tokens emitidos definem autorizações. Este documento descreve o projecto duma biblioteca software para a realização de Security Token Services, tal como definidos na norma WS-Trust, destinada à plataforma .NET 3.5. Propõem-se uma arquitectura flexível e extensível, de forma a suportar novas versões das normas e as diversas variantes que os Security Token Services possuem, nomeadamente: o tipo dos security token emitidos e das claims neles contidas, a inferência das claims e os métodos de autenticação das entidades requerentes. Apresentam-se aspectos de implementação desta arquitectura, nomeadamente a integração com a plataforma WCF, a sua extensibilidade e o suporte a modelos e sistemas externos à norma. Finalmente, descrevem-se as plataformas de teste implementadas para a validação da biblioteca realizada e os módulos de extensão da biblioteca para: suporte do modelo associado aos Information Cards, do modelo OpenID e para a integração com o Authorization Manager.
Resumo:
"B-224936"--P. 1.
Resumo:
Service-oriented wireless sensor networks (WSNs) are being paid more and more attention because service computing can hide complexity of WSNs and enables simple and transparent access to individual sensor nodes. Existing WSNs mainly use IEEE 802.15.4 as their communication specification, however, this protocol suite cannot support IP-based routing and service-oriented access because it only specifies a set of physical- and MAC-layer protocols. For inosculating WSNs with IP networks, IEEE proposed a 6LoWPAN (IPv6 over LoW Power wireless Area Networks) as the adaptation layer between IP and MAC layers. However, it is still a challenging task how to discover and manage sensor resources, guarantee the security of WSNs and route messages over resource-restricted sensor nodes. This paper is set to address such three key issues. Firstly, we propose a service-oriented WSN architectural model based on 6LoWPAN and design a lightweight service middleware SOWAM (service-oriented WSN architecture middleware), where each sensor node provides a collection of services and is managed by our SOWAM. Secondly, we develop a security mechanism for the authentication and secure connection among users and sensor nodes. Finally, we propose an energyaware mesh routing protocol (EAMR) for message transmission in a WSN with multiple mobile sinks, aiming at prolonging the lifetime of WSNs as long as possible. In our EAMR, sensor nodes with the residual energy lower than a threshold do not forward messages for other nodes until the threshold is leveled down. As a result, the energy consumption is evened over sensor nodes significantly. The experimental results demonstrate the feasibility of our service-oriented approach and lightweight middleware SOWAM, as well as the effectiveness of our routing algorithm EAMR.
Resumo:
Quality of service (QoS) can be a critical element for achieving the business goals of a service provider, for the acceptance of a service by the user, or for guaranteeing service characteristics in a composition of services, where a service is defined as either a software or a software-support (i.e., infrastructural) service which is available on any type of network or electronic channel. The goal of this article is to compare the approaches to QoS description in the literature, where several models and metamodels are included. consider a large spectrum of models and metamodels to describe service quality, ranging from ontological approaches to define quality measures, metrics, and dimensions, to metamodels enabling the specification of quality-based service requirements and capabilities as well as of SLAs (Service-Level Agreements) and SLA templates for service provisioning. Our survey is performed by inspecting the characteristics of the available approaches to reveal which are the consolidated ones and which are the ones specific to given aspects and to analyze where the need for further research and investigation lies. The approaches here illustrated have been selected based on a systematic review of conference proceedings and journals spanning various research areas in computer science and engineering, including: distributed, information, and telecommunication systems, networks and security, and service-oriented and grid computing.
Resumo:
Some issues have title: Publication; some issues have title: ISC.
Resumo:
"Organization of Soviet State security:" 3 folded sheets in pocket, v. 2.
Resumo:
The Portuguese Intelligence Services have their operational skills limited due to the grievances caused by the Dictatorship and, in particular, by its political police. With the help of historical elements, and by analyzing current legislation, we demonstrate that such grievances are today unjustified and misplaced, mainly taking into account the Risk Society’s multifaceted threats. Also part of our analysis is the impugnment of the Constitutional Court’s decision nº 413/2015, which pronounced unconstitutional the norm contained in Decree nº 426/XII, of the Republic’s Assembly, article nº 78, nº2, which intended to allow Intelligence Services access to the so-called “metadata”, as well as to tax and banking information. It is our understanding, and we demonstrate it in our dissertation, that should be allowed the access of, not only the above mentioned information, but also the means known as communications interception and undercover operations to the Intelligence Services, as long as properly supervised and inspected.
Resumo:
The present work offers a brief historical and evolutionary introduction to the legal basis of the Portuguese Republic Intelligence System (SIRP) which comprises two services – the Security Intelligence Service (SIS) and the Defence Strategic Intelligence Service (SIED) – and two entities responsible for its oversight – the Supervisory Body (CFSIRP) and the Data Monitoring Committee (CFD), also responsible for supervising the Military Intelligence and Security Centre (CISMIL) of the General Staff of the Armed Forces (EMGFA). The initial narrative subsequently leads us to a detailed analysis of the Portuguese Intelligence services' current model of monitoring, as well as of the legislator’s options, namely in the legal drafting field, used within the construction and definition of the legal structure that currently regulates the Portuguese Republic Intelligence System. For the purposes of this study we have broadly examined different models of the European Union, in particular those of Belgium, the Netherlands and Croatia. We have also transposed to the text the valuable contributions collected during the research phase, more precisely the replies to questionnaires and interviews conducted with certain individuals selected according to their knowledge and affinity with the subject of this study, including members and former members of the Supervisory Body and former directors of the three portuguese intelligence services. The present dissertation intends to contribute to the development of this subject, promoting critical analysis, within and beyond the academia, with the aim that some of its reflections might be useful towards the intelligence system’s future reform, particularly in what concerns intelligence services monitoring.
Resumo:
El interés de este Estudio de Caso es investigar la manera en que la Misión de Paz de la ONU en Sierra Leona (UNAMSIL) redireccionó el programa Desarme, Desmovilización y Reintegración (DDR) hacia los niños soldados durante el post-conflicto en el país. Se analiza cómo a través de la coordinación de diferentes Agencias y Organizaciones Internacionales con UNAMSIL, el Gobierno y la Sociedad Civil hace posible que se refuerce el rol de los Interim Care Centers (ICCs) en donde se enfrentaron las necesidades esenciales de los menores excombatientes para lograr un mejor proceso de su desmovilización y reintegración. Se explica de igual forma, las diferentes herramientas que sirven para llevar a cabo la resolución del conflicto y la reconstrucción de la paz, enfocándose en el peacekeeping, peacemaking y peacebuilding, como mecanismos que ayudaron a crear un espacio seguro para los niños exsoldados. Por último, se exponen los alcances y límites de los ICCs con respecto a la reintegración de los menores excombatientes
Resumo:
A Internet, apesar de sua grande popularização, é ainda uma incógnita sob o ponto de vista de seu alcance comercial e de suas implicações no estudo do Comportamento do Consumidor. Numerosos estudos estão sendo desenvolvidos, porém dentro de um contexto teórico clássico de Marketing, isto é, posicionando-a como um instrumento “midiático”. Diferentemente, este trabalho procura vê-la como um canal de marketing, analisando-a através da resposta de 726 usuários da Companhia de Processamento de Dados do Rio Grande do Sul – PROCERGS, provedor de acesso à Internet do Rio Grande do Sul. Foi possível identificar sete dimensões características do processo de compra na rede: 1) comodidade, 2) atendimento, 3) conteúdo informacional do site, 4) apresentação e interface da home page, 5) segurança, 6) taxa e tempo de entrega e 7) oferta de produtos. O estudo mostra que a oferta de produtos e a comodidade são os fatores que influenciam a decisão de compra, enquanto que a apresentação/interface da home page, a segurança e o atendimento são os fatores mais preponderantes na decisão de NÃO compra. Também são apresentadas as diferenças percebidas pelos usuários entre a compra realizada na Internet e a efetuada nos canais tradicionais. A avaliação da Internet como canal de compra é finalizada com a identificação dos atributos determinantes da compra pela rede.
Resumo:
Within the technological framework of Information and Communication Technologies (ICT), consumers are currently requesting multimedia services with simplicity of use, reliability, security and service availability through mobile and fixed access. Network operators are proposing the Next Generation Networks (NGN) to address the challenges of providing both services and network convergence. Apart from these considerations, there is a need to provide social and healthcare assistance services in order to support the progressive aging in the elderly population. In order to achieve this objective, the Ambient Assisted Living (AAL) initiative proposes ICT systems and services to promote autonomy and an independent life among the elderly. This paper describes the design and implementation of a group of services, called “service enablers”, which helps AAL applications to be supported in NGN. The presented enablers are identified to support the teleconsulting applications requirements in an NGN environment, involving the implementation of a virtual waiting room, a virtual whiteboard, a multimedia multiconference and a vital-signs monitoring presence status. A use case is defined and implemented to evaluate the developed enablers' performance.
Resumo:
"June 21, 2006."
Resumo:
Recently a new human authentication scheme called PAS (predicate-based authentication service) was proposed, which does not require the assistance of any supplementary device. The main security claim of PAS is to resist passive adversaries who can observe the whole authentication session between the human user and the remote server. In this paper we show that PAS is insecure against both brute force attack and a probabilistic attack. In particular, we show that its security against brute force attack was strongly overestimated. Furthermore, we introduce a probabilistic attack, which can break part of the password even with a very small number of observed authentication sessions. Although the proposed attack cannot completely break the password, it can downgrade the PAS system to a much weaker system similar to common OTP (one-time password) systems.
Resumo:
Software-as-a-service (SaaS) is a type of software service delivery model which encompasses a broad range of business opportunities and challenges. Users and service providers are reluctant to integrate their business into SaaS due to its security concerns while at the same time they are attracted by its benefits. This article highlights SaaS utility and applicability in different environments like cloud computing, mobile cloud computing, software defined networking and Internet of things. It then embarks on the analysis of SaaS security challenges spanning across data security, application security and SaaS deployment security. A detailed review of the existing mainstream solutions to tackle the respective security issues mapping into different SaaS security challenges is presented. Finally, possible solutions or techniques which can be applied in tandem are presented for a secure SaaS platform.
