Mobile agent technology and Web service technology compensate each other and play very important roles in e-service applications. The mechanism of Web services technology naturally provides a platform for deploying mobile agent technology. Therefore, the integration of the mobile agent technology and Web Service technology has been actively investigated in recent years. On the other hand, the security issues of the integration system have not drawn much attention. In this paper, we present a new security architecture for the integration of mobile agent and the Web services technology. This architecture provides a new authentication scheme for Web service provider to verify the mobile agent owner's identity by employing an identity-based signature protocol without using the username/password pair, which is infeasible for mobile agent. We also propose a new Web services and mobile agent system confidentiality protocol, which provides an alternative method to current security mechanisms without using certification authorities (CA) based public key infrastructure. With this scheme, it can simplify the key management and reduce the computation load particularly for group-oriented web services. In addition, this scheme also inherently has the non-repudiation property.
Copyright 2007 IEEE. Reprinted from Proceedings of the 2007 IEEE international conference on service-oriented computing and applications (SOCA 2007). This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of Macquarie University’s products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to email@example.com. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.