Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us Track your research
Search
Cart
Book cover

IFIP Annual Conference on Data and Applications Security and Privacy

DBSec 2006: Data and Applications Security XX pp 133–147Cite as

  1. Home
  2. Data and Applications Security XX
  3. Conference paper
Notarized Federated Identity Management for Web Services

Notarized Federated Identity Management for Web Services

  • Michael T. Goodrich18,
  • Roberto Tamassia19 &
  • Danfeng Yao19 
  • Conference paper

  • 683 Accesses

  • 3 Citations

Part of the Lecture Notes in Computer Science book series (LNISA,volume 4127)

Abstract

We propose a notarized federated identity management model that supports efficient user authentication when providers are unknown to each other. Our model introduces a notary service, owned by a trusted third-party, to dynamically notarize assertions generated by identity providers. An additional feature of our model is the avoidance of direct communications between identity providers and service providers, which provides improved privacy protection for users. We present an efficient implementation of our notarized federated identity management model based on the Secure Transaction Management System (STMS). We also give a practical solution for mitigating aspects of the identity theft problem and discuss its use in our notarized federated identity management model. The unique feature of our cryptographic solution is that it enables one to proactively prevent the leaking of secret identity information.

This work was supported in part by the National Science Foundation under grants IIS–0324846, CCF–0311510 and CNS–0303577, and by IAM Technology, Inc. The work of the first author was done primarily as a consultant to Brown University.

Chapter PDF

Download to read the full chapter text

References

  1. Anagnostopoulos, A., Goodrich, M.T., Tamassia, R.: Persistent authenticated dictionaries and their applications. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 379–393. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  2. Bhargav-Spantzel, A., Squicciarini, A.C., Bertino, E.: Establishing and protecting digital identity in federation systems. In: Proceedings of the 2005 ACM Workshop on Digital Identity Management, pp. 11–19 (November 2005)

    Google Scholar 

  3. Bonatti, P.A., Samarati, P.: A uniform framework for regulating service access and information release on the web. Journal of Computer Security 10(3), 241–272 (2002)

    CrossRef  Google Scholar 

  4. Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  5. Camenisch, J., Lysyanskaya, A.: Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  6. Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), pp. 21–30 (2002)

    Google Scholar 

  7. Cantor, S., Hirsch, F., Kemp, J., Philpott, R., Maler, E., Hughes, J., Hodges, J., Mishra, P., Moreh, J.: Security Assertion Markup Language (SAML) V2.0. Version 2.0. OASIS Standards

    Google Scholar 

  8. Cantor, S., Kemp, J.: Liberty ID-FF Protocols amd Schema Specification. Version 1.2. Liberty Alliance Project, http://www.projectliberty.org/specs/

  9. Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Communications of the ACM 28(10), 1030–1044 (1985)

    CrossRef  Google Scholar 

  10. Cyber Security Industry Alliance. Internet security national survey, No. 2 (December 2005), https://www.csialliance.org/StateofCyberSecurity2006/

  11. Goodrich, M.T., Tamassia, R., Schwerin, A.: Implementation of an authenticated dictionary with skip lists and commutative hashing. In: Proc. 2001 DARPA Information Survivability Conference and Exposition, vol. 2, pp. 68–82 (2001)

    Google Scholar 

  12. Goodrich, M.T., Tamassia, R., Yao, D.: Accredited DomainKeys: a service architecture for improved email validation. In: Proceedings of the Conference on Email and Anti-Spam (CEAS 2005) (July 2005)

    Google Scholar 

  13. Goodrich, M.T., Tamassia, R., Yao, D.: Notarized federated identity management for web services, Brown University Technical Report (April 2006), http://www.cs.brown.edu/cgc/stms/

  14. Liberty Alliance Project, http://www.projectliberty.org

  15. Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems (Extended abstract). In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758. Springer, Heidelberg (2000)

    CrossRef  Google Scholar 

  16. Madsen, P., Koga, Y., Takahashi, K.: Federated identity management for protecting users from ID theft. In: Proceedings of the 2005 ACM Workshop on Digital Identity Management, pp. 77–83 (November 2005)

    Google Scholar 

  17. Martel, C., Nuckolls, G., Devanbu, P., Gertz, M., Kwong, A., Stubblebine, S.G.: A general model for authenticated data structures. Algorithmica 39(1), 21–41 (2004)

    CrossRef  MathSciNet  MATH  Google Scholar 

  18. Naor, M., Nissim, K.: Certificate revocation and certificate update. In: Proceedings of the 7th USENIX Security Symposium, pp. 217–228 (1998)

    Google Scholar 

  19. Pfitzmann, B., Waidner, M.: Federated identity-management protocols. In: Security Protocols Workshop, pp. 153–174 (2003)

    Google Scholar 

  20. Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)

    CrossRef  Google Scholar 

  21. Tamassia, R.: Authenticated data structures. In: Di Battista, G., Zwick, U. (eds.) ESA 2003. LNCS, vol. 2832, pp. 2–5. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  22. Tamassia, R., Triandopoulos, N.: Computational bounds on hierarchical data processing with applications to information security. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 153–165. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  23. van Oorschot, P., Stubblebine, S.: Countering identity theft through digital uniqueness, location cross-checking, and funneling. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 31–43. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  24. Web Services Federation Language (WS-Federation) (2003), ftp://www6.software.ibm.com/software/developer/library/ws-fed.pdf

  25. Yao, D., Fazio, N., Dodis, Y., Lysyanskaya, A.: ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS), pp. 354–363. ACM Press, New York (2004)

    Google Scholar 

  26. Yao, D., Tamassia, R.: Cascaded authorization with anonymous-signer aggregate signatures. In: Proceedings of the Seventh Annual IEEE Systems, Man and Cybernetics Information Assurance Workshop (IAW 2006) (June 2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of California, Irvine, CA, 92697, USA

    Michael T. Goodrich

  2. Department of Computer Science, Brown University, Providence, RI, 02912, USA

    Roberto Tamassia & Danfeng Yao

Authors
  1. Michael T. Goodrich
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Roberto Tamassia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Danfeng Yao
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Italy

    Ernesto Damiani

  2. The Logistics Institute, Northeastern University, Shenyang, China

    Peng Liu

Rights and permissions

Reprints and Permissions

Copyright information

© 2006 IFIP International Federation for Information Processing

About this paper

Cite this paper

Goodrich, M.T., Tamassia, R., Yao, D. (2006). Notarized Federated Identity Management for Web Services. In: Damiani, E., Liu, P. (eds) Data and Applications Security XX. DBSec 2006. Lecture Notes in Computer Science, vol 4127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11805588_10

Download citation

  • .RIS
  • .ENW
  • .BIB

  • DOI: https://doi.org/10.1007/11805588_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-36796-3

  • Online ISBN: 978-3-540-36799-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Publish with us

Policies and ethics

search

Navigation

  • Find a journal
  • Publish with us
  • Track your research

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support
  • Cancel contracts here

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature