Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Communication Systems

SecureComm 2018: Security and Privacy in Communication Networks pp 81–101Cite as

A Multi-protocol Authentication Shibboleth Framework and Implementation for Identity Federation

  • Conference paper
  • First Online:

Abstract

One of the challenges for Single Sign-On (SSO) is the multiprotocol federation in identity management. Even though projects such as Shibboleth provide good identity management framework, they usually support single protocol such as Security Assertion Markup Language (SAML). With the movement of increasing service collaboration in the cloud, identity federation needs to be extended to cover multiple identity protocol standards. In this paper, we propose an online distributed multi-protocol identity management framework Sh-IDaaS (Shibboleth-based Identity-as-a-Service) which could discover multiple user identity services in the Shibboleth environment. The framework enables federation of various identity services by binding different identity providers to a special discovery service, even if they support different identity protocols. Based on the Shibboleth framework, we describe the detailed design and implementation of our pluggable Sh-IDaaS architecture. Analysis of interoperability and performance of our Sh-IDaaS framework prototype is also provided to justify its feasibility and practicability.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. OpenSSO. https://opensso.dev.java.net/

  2. The Shibboleth Project 2007. http://shibboleth.net/

  3. OASIS Security Assertion Markup Language (SAML) V2.0, April 2005. http://www.oasis-open.org/

  4. The Liberty Alliance Project. http://www.projectliberty.org/

  5. Nanda, A.: Identity selector interoperability profile V1.0. Microsoft Corporation (2007)

    Google Scholar 

  6. OpenID Specifications, OpenID Foundation (2007). http://openid.net/developers/specs/

  7. Blaze, M., Kannan, S., Lee, I., Sokolsky, O., Keromytis, A., Lee, W.: Dynamic trust management. IEEE Comput. 42(2), 44–52 (2009)

    Article  Google Scholar 

  8. Cantor, S. (ed.): Shibboleth Architecture. Protocols and Profiles, 10 September (2005). https://wiki.shibboleth.net/confluence/download/attachments/2162702/internet2-mace-shibboleth-archprotocols-200509.pdf

  9. Grimm, C., Groeper, R.: Trust issues in Shibboleth-enabled federated grid authentication and authorization infrastructures supporting multiple grid middleware. In: Proceedings of the 3rd IEEE International Conference on e-Science and Grid Computing, pp. 569–576 (2007)

    Google Scholar 

  10. Ragouzis, N., et al.: Security Assertion Markup Language (SAML) V2.0 Technical Overview. OASIS Committee Draft, Document ID sstc-saml-tech-overview-2.0-cd-02, March (2008). http://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf

  11. Lewis, K.D., Lewis, J.E.: Web single sign-on authentication using SAML. Int. J. Comput. Sci., 2 (2009)

    Google Scholar 

  12. Reed, D., Chasen, L., Tan, W.: OpenID identity discovery with XRI and XRDS. In: Proceedings of the 7th Symposium on Identity and Trust on the Internet, pp. 19–25 (2008)

    Google Scholar 

  13. Recordon, D., Reed, D.: OpenID 2.0: a platform for user centric identity management. In: Proceedings of the 2nd ACM Workshop on Digital Identity Management, pp. 11–16 (2006)

    Google Scholar 

  14. Rieger, S.: User-centric identity management in heterogeneous federations. In: Proceedings of the 4th International Conference on Internet and Web Applications and Services, pp. 527–532 (2009)

    Google Scholar 

  15. Barton, T., et al.: Identity federation and attribute-based authorization through the globus toolkit, Shibboleth, GridShib, and MyProxy. In: Proceedings of the 5th Annual PKI R&D Workshop (2006)

    Google Scholar 

  16. Widdowson, R., Cantor, S. (ed.): Identity Provider Discovery Service Protocol and Profile. 27 March (2008). http://www.oasis-open.org/committees/download.php/28049/ sstc-saml-idpdiscovery-cs-01.pdf

  17. RFC 2109: HTTP State Management Mechanism, http://www.ietf.org/rfc/rfc2109.txt

  18. Hodges, J.: Technical Comparison: OpenID and SAML, Draft 6. 17 January (2008). http://identitymeme.org/doc/draft-hodges-saml-openid-compare-06.html

  19. Kim, S.H., Jin, S.H., Lim, H.J.: A concept of interoperable authentication framework for dynamic relationship in identity management. In: Proceedings of the 12th International Conference on Advanced Communication Technology, pp. 1635–1639 (2010)

    Google Scholar 

  20. Nenadic, A., Zhan, N., Chin, J., Goble, C.: FAME: adding multilevel authentication to shibboleth. In: Proceedings of IEEE Conference on e-Science and Grid Computing, p. 157 (2006)

    Google Scholar 

  21. Hiroyuki, S., Takeshi, N.: Federated authentication in a hierarchy of IdPs by using shibboleth. In: Proceedings of the 11th IEEE/IPSJ International Symposium on Applications and the Internet, pp. 327–332 (2011)

    Google Scholar 

  22. Almenárez, F., Arias, P., Marín, A., Díaz, D.: Towards dynamic trust establishment for identity federation. In: Proceedings of the Euro American Conference on Telematics and Information Systems: New Opportunities to increase Digital Citizenship, Article No. 25 (2009)

    Google Scholar 

  23. Madsen, P.: Proxy Assurance Between OpenID & SAML (2009). http://kantarainitiative.org/confluence/download/attachments/3408008/ntt-madsen-rsa/concordia.pdf

  24. Hatakeyama, M., Shima, S.: Privilege federation between different user profiles for service federation. In: Proceedings of the 4th ACM Workshop on Digital Identity Management, pp. 41–50 (2008)

    Google Scholar 

  25. Hatakeyama, M.: Federation proxy for cross domain identity federation. In: Proceedings of the 5th ACM Workshop on Digital Identity Management, pp. 53–62 (2009)

    Google Scholar 

  26. Takaaki, K., Hiroaki, S., Noritoshi, D., Ken, M.: Design and implementation of web forward proxy with shibboleth authentication. In: Proceedings of the 11th IEEE/IPSJ International Symposium on Applications and the Internet, pp. 321–326 (2011)

    Google Scholar 

  27. OAuth. http://oauth.net/

  28. Higgins. http://wiki.eclipse.org/Higgins_2.0/

  29. OpenID Authentication 2.0 Final, 5 December (2007). http://openid.net/specs/openid-authentication2_0.html

  30. SWITCH AAI ArpViewer, http://www.switch.ch/aai/support/tools/arpviewer.html

  31. OpenID.Net, http://openid.net/developers/libraries/

  32. SimpleSAMLphp. http://SimpleSAMLphp.org/

  33. Drupal. http://drupal.org/

Download references

Author information

Authors and Affiliations

  1. Tsinghua University, Beijing, China

    Mengyi Li

  2. Data61, CSIRO, Canberra, Australia

    Chi-Hung Chi

  3. Ryerson University, Toronto, Canada

    Chen Ding

  4. University of New South Wales, Kensington, Australia

    Raymond Wong

  5. IntelShare Initiative, Melbourne, Australia

    Zhong She

Authors
  1. Mengyi Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chi-Hung Chi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chen Ding
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Raymond Wong
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zhong She
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chi-Hung Chi .

Editor information

Editors and Affiliations

  1. Klaus Advanced Computing Building, Georgia Institute of Technology, Atlanta, GA, USA

    Raheem Beyah

  2. Singapore Management University, Singapore, Singapore

    Bing Chang

  3. School of Information Systems, Singapore Management University, Singapore, Singapore

    Yingjiu Li

  4. Pennsylvania State University, University Park, PA, USA

    Sencun Zhu

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, M., Chi, CH., Ding, C., Wong, R., She, Z. (2018). A Multi-protocol Authentication Shibboleth Framework and Implementation for Identity Federation. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds) Security and Privacy in Communication Networks. SecureComm 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 255. Springer, Cham. https://doi.org/10.1007/978-3-030-01704-0_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-01704-0_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-01703-3

  • Online ISBN: 978-3-030-01704-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation