A Universal Client-Based Identity Management Tool

  • Haitham S. Al-Sinani
  • Chris J. Mitchell
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7163)

Abstract

A wide variety of identity management systems have been introduced to improve the security and usability of user authentication; however, password-based authentication remains the dominant technology despite its well known shortcomings. In this paper we describe a client-based identity management tool we call IDSpace, designed to address this problem by providing a single user interface and user experience for user authentication, whilst supporting a range of existing identity management technologies. The goal is to simplify the use of the wide range of existing technologies, helping to encourage their use, whilst imposing no additional burden on existing service providers and identity providers. Operation of IDSpace with certain existing systems is described.

Keywords

User Agent Identity Provider Digital Identity Identity Selector User Platform 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Herley, C., van Oorschot, P.C., Patrick, A.S.: Passwords: If We’re So Smart, Why Are We Still Using Them? In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 230–237. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Adams, C., Lloyd, S.: Understanding PKI: Concepts, Standards, and Deployment Considerations, 2nd edn. Addison-Wesley (2002)Google Scholar
  3. 3.
    Alrodhan, W.: Privacy and Practicality of Identity Management Systems: Academic Overview. VDM Verlag Dr. Müller GmbH, Germany (2011)Google Scholar
  4. 4.
    Bertino, E., Takahashi, K.: Identity Management: Concepts, Technologies, and Systems. Artech House Publishers, Norwood (2011)Google Scholar
  5. 5.
    Williamson, G., Yip, D., Sharoni, I., Spaulding, K.: Identity Management: A Primer. MC Press, Big Sandy (2009)Google Scholar
  6. 6.
    Windley, P.J.: Digital Identity. O’Reilly Media, Sebastopol (2005)Google Scholar
  7. 7.
    Recordon, D., Rae, L., Messina, C.: OpenID: The Definitive Guide. O’Reilly Media, Sebastopol (2010)Google Scholar
  8. 8.
    Surhone, L.M., Timpledon, M.T., Marseken, S.F. (eds.): OpenID: Authentication, Login, Service, Digital Identity, Password, User, Software System, List of OpenID Providers, Yadis, Shared Secret. Betascript Publishing (2010)Google Scholar
  9. 9.
    Surhone, L.M., Timpledon, M.T., Marsaken, S.F.: Security Assertion Markup Language: Security Domain, Single Sign-on, Identity Management, Access Control, OASIS, Liberty Alliance, SAML 1.1, SAML 2.0. Betascript Publishing (2010)Google Scholar
  10. 10.
    Internet2: Shibboleth Architecture — Technical Overview (2005)Google Scholar
  11. 11.
    Internet2: Shibboleth Architecture — Protocols and Profiles (2005)Google Scholar
  12. 12.
    Bertocci, V., Serack, G., Baker, C.: Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities. Addison-Wesley, Reading (2008)Google Scholar
  13. 13.
    Mercuri, M.: Beginning Information Cards and CardSpace: From Novice to Professional. Apress, New York (2007)CrossRefGoogle Scholar
  14. 14.
    IETF: Internet draft-ietf-oauth-v2-20: The OAuth 2.0 Authorization Protocol (2011)Google Scholar
  15. 15.
    Leach, J.: Improving user security behaviour. Computers & Security 22, 685–692 (2003)CrossRefGoogle Scholar
  16. 16.
    OASIS: Identity Metasystem Interoperability Version 1.0, IMI 1.0 (2009)Google Scholar
  17. 17.
    Liberty Alliance Project: Liberty ID-FF protocols and schema specification (2005)Google Scholar
  18. 18.
    Crowley, M.: Pro Internet Explorer 8 & 9 Development: Developing Powerful Applications For The Next Generation Of IE. Apress, New York (2010)Google Scholar
  19. 19.
    Gallery, E.: An overview of trusted computing technology. In: Mitchell, C.J. (ed.) Trusted Computing, pp. 29–114. IEE Press, London (2005)CrossRefGoogle Scholar
  20. 20.
    Liberty Alliance Project: Liberty ID-FF bindings and profiles specification (2004)Google Scholar
  21. 21.
    W3C: W3C Recommendation: SOAP Version 1.2 Part 1: Messaging Framework (2007)Google Scholar
  22. 22.
    Al-Sinani, H.S., Mitchell, C.J.: Implementing PassCard — a CardSpace-based password manager. Technical Report RHUL-MA-2010-15, Department of Mathematics, Royal Holloway, University of London (2010)Google Scholar
  23. 23.
    Al-Sinani, H.S., Mitchell, C.J.: Using CardSpace as a Password Manager. In: de Leeuw, E., Fischer-Hübner, S., Fritsch, L. (eds.) IDMAN 2010. IFIP AICT, vol. 343, pp. 18–30. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  24. 24.
    Al-Sinani, H.S.: Browser extension-based interoperation between OAuth and information card-based systems. Technical Report RHUL-MA-2011-15, Department of Mathematics, Royal Holloway, University of London (2011)Google Scholar
  25. 25.
    Al-Sinani, H.S., Mitchell, C.J.: Client-based CardSpace-Shibboleth interoperation. Technical Report RHUL-MA-2011-13, Department of Mathematics, Royal Holloway, University of London (2011)Google Scholar
  26. 26.
    Al-Sinani, H.S., Mitchell, C.J.: Client-based CardSpace-OpenID interoperation. In: Gelenbe, E., Lent, R., Sakellari, G. (eds.) Proceedings of ISCIS 2011 — the 26th International Symposium on Computer and Information Sciences, September 26-28. LNEE, pp. 387–394. Springer, London (2011), Full version available at: http://www.ma.rhul.ac.uk/techreports/2011/RHUL-MA-2011-12.pdf Google Scholar
  27. 27.
    Brands, S.A.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)Google Scholar
  28. 28.
    Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: Atluri, V. (ed.) Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, Washington, DC, USA, November 18-22, pp. 21–30. ACM, New York (2002)CrossRefGoogle Scholar
  29. 29.
    Al-Sinani, H.S., Alrodhan, W.A., Mitchell, C.J.: CardSpace-Liberty integration for CardSpace users. In: Klingenstein, K., Ellison, C.M. (eds.) Proceedings of the 9th Symposium on Identity and Trust on the Internet, IDtrust 2010, Gaithersburg, Maryland, USA, April 13-15, pp. 12–25. ACM, New York (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Haitham S. Al-Sinani
    • 1
  • Chris J. Mitchell
    • 1
  1. 1.Information Security GroupRoyal Holloway, University of LondonEghamUK

Personalised recommendations