A portal is a Web-based application that acts as an entry point to distributed resources. Individual portlets in a portal can be used to integrate information from a variety of back-end Web services. However, when Web services are deployed, they are available to unintended clients not related to the portal so a general solution for authorizing access to them is needed that is integrated with the portal’s own authentication and authorization mechanisms. This paper investigates the feasibility of an implementation of a general purpose solution for authorization between portlets and their back end Web services based on Privilege and Role Management Infrastructure Standards (PERMIS) which uses Web services security standards such as WSSecurity and SAML. This solution is also appropriate for authorization across organizational boundaries supporting the inclusion of service resources to a portal which are contributed by many different organizations. A motivating example of instrument sharing based on the CIMA remote instrument access protocol is presented.
Department, Program, or Center
Computer Science (GCCIS)
Barahona, Sofia Brenes; Fox, Geoffrey; and Huffman, Kianosh, "A PERMIS-based authorization solution between portlets and back-end web services" (2006). Accessed from
RIT – Main Campus