Abstract
An access control model called Zero Trust Architecture (ZTA) has attracted attention. ZTA uses information of users and devices, called context, to verify access requests. Zero Trust Federation (ZTF) has been proposed as a framework for extending an idea of identity federation to support ZTA. ZTF defines CAP as the entity that collects context and provides it to each organization (Relying Party; RP) that needs context for verification based on ZTA. For precise verification, CAPs need to collect context from various data sources. However, ZTF did not provide a method for collecting context from data sources other than RP. In this research, as a general model for collecting context in ZTF, we propose a method of linking identifiers between the data source and CAP. This method provides a way to collect context from some of such data sources in ZTF. Then, we implemented our method using RADIUS and MDM as data sources and confirmed that their contexts could be collected and used.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
IEEE standard for local and metropolitan area networks-port-based network access control. IEEE STD 802.1X-2020 (Revision of IEEE STD 802.1X-2010 Incorporating IEEE STD 802.1Xbx-2014 and IEEE Std 802.1Xck-2018), pp. 1–289 (2020). https://doi.org/10.1109/IEEESTD.2020.9018454
Hatakeyama, K., Kotani, D., Okabe, Y.: Zero trust federation: sharing context under user control towards zero trust in identity federation. In: 2021 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops), pp. 514–519 (2021). https://doi.org/10.1109/PerComWorkshops51409.2021.9431116
Kindervag, J., et al.: Build Security Into Your Network’s DNA: The Zero Trust Network Architecture, vol. 27. Forrester Research Inc. (2010)
Maciej Machulak, J.R.: Federated authorization for user-managed access (UMA) 2.0, Januray 2018. https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-federated-authz-2.0.html. Accessed 1 Feb 2022
OASIS Security Services TC: Security assertion markup language (SAML) v2.0 technical overview, March 2008. https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf
OpenID Foundation: Final: OpenID connect core 1.0 incorporating errata set 1, November 2014 https://openid.net/specs/openid-connect-core-1_0.html. Accessed 27 Jan 2022
Rose, S., Borchert, O., Mitchell, S., Connelly, S.: Zero trust architecture. NIST SP 800-207, September 2019. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207-draft.pdf
Simon, D., Hurst, R., Aboba, D.B.D.: The EAP-TLS Authentication Protocol. RFC 5216, March 2008. https://doi.org/10.17487/RFC5216, https://www.rfc-editor.org/info/rfc5216
Tulshibagwale, A.: Re-thinking federated identity with the continuous access evaluation protocol, February 2019. https://cloud.google.com/blog/products/identity-security/re-thinking-federated-identity-with-the-continuous-access-evaluation-protocol
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 Springer Nature Switzerland AG
About this paper
Cite this paper
Hirai, M., Kotani, D., Okabe, Y. (2023). Linking Contexts from Distinct Data Sources in Zero Trust Federation. In: Saracino, A., Mori, P. (eds) Emerging Technologies for Authorization and Authentication. ETAA 2022. Lecture Notes in Computer Science, vol 13782. Springer, Cham. https://doi.org/10.1007/978-3-031-25467-3_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-25467-3_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-25466-6
Online ISBN: 978-3-031-25467-3
eBook Packages: Computer ScienceComputer Science (R0)