Abstract
We propose a novel scheme to provide interoperability between two of the most widely discussed identity management systems, namely CardSpace and OpenID. In this scheme, CardSpace users are able to obtain an assertion token from an OpenID-enabled identity provider, the contents of which can be processed by a CardSpace-enabled relying party. The scheme, based on a browser extension, is transparent to OpenID providers and to the CardSpace identity selector, and only requires minor changes to the operation of the CardSpace relying party.
This author is sponsored by the Diwan of Royal Court, Sultanate of Oman.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
During card creation, a card ID and master key are created and stored.
- 2.
The protocol operates slightly differently depending on whether the RP uses HTTP or HTTPS. This is because, if HTTPS is used, the selector will encrypt the RSTR using the site’s public key, and the browser extension does not have access to the corresponding private key. Hence, it will not know whether to trigger the integration protocol, and will be unable to obtain the user’s OpenID identifier; such issues do not occur if HTTP is used since the selector will not encrypt the RSTR.
- 3.
This will indicate the RP-requested attributes which are to be asserted by the OP.
- 4.
The RP will receive the OP-issued token unchanged (embedded in the URL); however it is assumed that the RP will ignore it because of its inability to process the token.
- 5.
Observe that this (unsigned) SAML token will contain the user attributes as asserted by the OP and the digitally-signed SIIP-issued RSTR (which contains the PPID).
- 6.
In HTTP mode the OP address is retrieved from the IDcard as entered by the user.
References
Mercuri, M.: Beginning Information Cards and CardSpace: From Novice to Professional. Apress, New York (2007)
Recordon, D., Fitzpatrick, B.: OpenID Authentication 1.1. http://openid.net/specs/openid-authentication-1_1.html (2006)
OpenID Community: OpenID Authentication 2.0—Final. http://openid.net/specs/openid-authentication-2_0.html (2007)
Al-Sinani, H.S., Alrodhan, W.A., Mitchell, C.J.: CardSpace-Liberty integration for CardSpace users. In: Klingenstein, K., Ellison, C.M. (eds.) Proceedings of the 9th Symposium on Identity and Trust on the Internet, (IDtrust’10), Gaithersburg, Maryland, USA, 13–15 April 2010, pp. 12–25. ACM, New York, NY, (2010)
Kim, S.H. et al.: OpenID Authentication Method Using Identity Selector. Patent Application Publication, United States, Publication Number US 2009/0249078 A1 (2009)
Al-Sinani, H.S., Mitchell, C.J.: CardSpace-OpenID integration for cardspace users. Technical Report: RHUL–MA–2011–12, Department of Mathematics, Royal Holloway, University of London (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag London Limited
About this paper
Cite this paper
Al-Sinani, H.S., Mitchell, C.J. (2011). Client-Based CardSpace-OpenID Interoperation. In: Gelenbe, E., Lent, R., Sakellari, G. (eds) Computer and Information Sciences II. Springer, London. https://doi.org/10.1007/978-1-4471-2155-8_49
Download citation
DOI: https://doi.org/10.1007/978-1-4471-2155-8_49
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-4471-2154-1
Online ISBN: 978-1-4471-2155-8
eBook Packages: EngineeringEngineering (R0)