Security concept for distributed service execution environments
This paper presents a concept to securely execute services on a distributed execution environment. The execution environment (SSEE), offers interfaces in terms of Web Services (WS). Using these WS interfaces a service developer can securely transfer service containers to SSEE or exchange other data with the SSEE, for example for the purpose of monitoring. The WS interfaces employ WS-Security to enable confidentiality and integrity of transfer as well as authenticity of interacting subjects. The SSEE is suited for providing services in a service-oriented architecture (SOA). The SSEE also allows executing multi-parted services. Thereby, each service might be executed on multiple, distributed nodes. The communication across distributed nodes is secured by IPsec tunnels established between the distributed nodes of SSEE. Certificates are deployed to each node for authenticating the IPsec peers.