The development of the service-oriented middleware "SicAri Platform" as provided here has been initiated by Jan Peters (Fraunhofer Institute for Computer Graphics Research IGD, Department of Security Technology, Germany) in the context of a research project (see Credits).
Together with partners from other research institutes and universities, the platform architecture has been specified with the goal to provide a Java-based service middleware with intrinsic security features.
Bootstrapping of a local SicAri platform is done by means of an interactive command "Shell" which is comparable to a LINUX/UNIX bash and is able to parse shell scripts. The shell further provides a view on the "Environment", a hierarchical namespace comparable with a file system. Instead of files, Java objects can be published within respectively retracted from this environment as services. Access to these services is granted or denied by means of a "Security Context" which enforces role-based access control policies specified in XACML.
On top of the SicAri kernel, consisting of the Shell, the Environment, and the Security Contexts for acting users, the SicAri platform provides Web Services based communication and service discovery to allow distributed platform instances to co-operate within a common SicAri infrastructure.
The SicAri platform extends Java's Authentication and Authorization Service (JAAS) to support password-, softtoken-, and smartcard-based authentication schemes in the context of the distributed multi-user environment. A policy service based on Sun's XACML implementation enforces access control policies within an extended security manager. Web Services security protocols are used to transport security tokens together with Web Services requests from one platform to another, to support Single-Sign-On (SSO).
Furthermore, services for identity management, key management, an internal Web server, etc. are provided. Concluding here, the SicAri platform can be used as basis to experiment with current security mechanisms and protocols in service-oriented architectures, especially in research environments.
More details about the SicAri platform can be found within the specification documents.