An Implementation of the OAuth 2.0 for an Enterprise Service Bus Alysson de Sousa Ribeiro (B ) , Edna Dias Canedo, and S´ ergio Antˆ onio de Andrade Freitas Computer Science Department - Professional Masters in Applied Computing, University of Bras´ ılia - UnB, Bras´ ılia, DF 70910-900, Brazil {alyssonribeiro,ednacanedo,sergiofreitas}@unb.br http://cic.unb.br/ Abstract. The utilization of Service-Oriented Architecture (SOA) offers certain benefits, such as low coupling and interoperability. Con- sidering its benefits, SOA is being used for integration of systems and applications within organizations. In order to evaluate and to provide evolution of legacy systems, SOA is an option for the modernization of the legacy systems. Regarding authorization with SOA, the OAuth 2.0 protocol was implemented as part of the solution of the Enterprise Ser- vice Bus (ESB) that is be used as important step for modernization of legacy systems. This research presents a case of study of a systematic mapping regarding the authentication and authorization mechanisms in SOA applied to legacy systems maintained and that are in use by stu- dents and professionals at University of Bras´ ılia (UnB). Performance tests were carried out in the solution allowing to check the increase in the latency introduced by the Protocol and the average flow supported. Simulations were carried out with the objective to verify the behavior of the Protocol implemented when exposed to a replay attack. Keywords: Security · OAuth 2.0 · Authorization · SOA · ESB 1 Introduction The modernization of legacy systems - software that remains active but imple- mented with outdated technology and old criterias - is a topic seen increasing discussion in companies and institutions. The modernization process is expected to reduce the maintenance cost for legacy systems and increase the integration of business fluxes between the system [1]. However, it has some challenges, such as the integration between the systems that are being modernized and systems with update technologies. The need to modernize legacy systems started discussions in order to adopt solutions based on Service Oriented Architecture (SOA). In SOA an organization is able to create services and share them in order to interact in real time with other services within the institution or even other organizations, considering for c  Springer International Publishing AG, part of Springer Nature 2018 O. Gervasi et al. (Eds.): ICCSA 2018, LNCS 10960, pp. 469–484, 2018. https://doi.org/10.1007/978-3-319-95162-1_32