Advertisement

Exploiting Proxy-Based Federated Identity Management in Wireless Roaming Access

  • Diana Berbecaru
  • Antonio Lioy
  • Marco Domenico Aime
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6863)

Abstract

Federated Identity Management technologies are exploited for user authentication in a number of network services but their usage may conflict with security restrictions imposed in a specific domain. We considered a specific case (roaming wireless access for guests) and extended the Stork SAML-based identity federation to cope with this problem by adding dynamic data, called meta-attributes, to be used for authorization even before the user authentication is completed. This concept may be easily extended to other data needed for trust verification and complex authorization decisions in a federated environment.

Keywords

Service Provider Smart Card User Authentication User Attribute Authentication Response 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Maler, E., Reed, D.: The Venn of Identity: Options and Issues in Federated Identity Management. IEEE Security & Privacy, 16–23 ( March/April 2008)Google Scholar
  2. 2.
    Makoto, H.: Federation proxy for cross domain identity federation. In: Proc. of ACM DIM 2009, pp. 53–62 (2009)Google Scholar
  3. 3.
    Bonatti, P., Samarati, P.: Regulating service access and information release on the web. In: ACM CCS 2000, pp. 130–145 (November 2000)Google Scholar
  4. 4.
    Yuan, E., Tong, J.: Attribute Based Access Control (ABAC) for Web Services. In: Proc. of ICWS 2005, pp. 561–569 (July 2005)Google Scholar
  5. 5.
    Cantor, S. (ed.): Shibboleth architecture - Protocols and Profiles (September 2005), http://shibboleth.internet2.edu
  6. 6.
    Secure Identity Across Borders Linked (STORK) project - Towards pan-European recognition of electronic IDs (eIDs) (2008-2011), http://www.eid-stork.eu
  7. 7.
    Berbecaru, D., Jorquera, E., Alcalde-Moraño, J., Portela, R., Bauer, W., Zwattendorfer, B., Eichholz, J., Schneider, T.: Software architecture design. STORK Deliverable D5.8.2a (October 2010), https://www.eid-stork.eu/
  8. 8.
    OASIS: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard (March 2005)Google Scholar
  9. 9.
    Alcalde-Moraño, J., Hernández-Ardieta, J.L., Johnston, A., Martinez, D., Zwattendorfer, B., Stern, M., Heppe, J.: Interface specification. STORK Deliverable D5.8.2b (October 2010), https://www.eid-stork.eu/
  10. 10.
    OASIS: Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard (March 2005)Google Scholar
  11. 11.
    Stone-Gross, B., Sigal, D., Cohn, R., Morse, J., Almeroth, K., Kruegel, C.: VeriKey: A dynamic certificate verification system for public key exchanges. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 44–63. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    OASIS: Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard (March 2005)Google Scholar
  13. 13.
    OASIS: Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard (March 2005)Google Scholar
  14. 14.
    OASIS: SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0. OASIS Committee Specification (August 2010)Google Scholar
  15. 15.
    Gajek, S., Liao, L., Schwenk, J.: Stronger TLS bindings for SAML assertions and SAML artifacts. In: Proc. of ACM SWS 2008, pp. 11–19 (October 2008)Google Scholar
  16. 16.
    Trusted Computing Group, https://www.trustedcomputinggroup.org
  17. 17.
    Manulis, M., Leroy, D., Koeune, F., Bonaventure, O., Quisquater, J.-J.: Authenticated Wireless Roaming via Tunnels: Making Mobile Guests Feel at Home. In: Proc. of ASIACCS 2009, pp. 92–103 (2009)Google Scholar
  18. 18.
  19. 19.
    Linden, M., Viitanen, V.: Roaming Network Access Using Shibboleth. In: TERENA Networking Conference 2004, pp. 1–1 (2004)Google Scholar
  20. 20.

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Diana Berbecaru
    • 1
  • Antonio Lioy
    • 1
  • Marco Domenico Aime
    • 1
  1. 1.Dip. di Automatica e InformaticaPolitecnico di TorinoTorinoItaly

Personalised recommendations