Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust, Privacy and Security in Digital Business

TrustBus 2011: Trust, Privacy and Security in Digital Business pp 13–23Cite as

Exploiting Proxy-Based Federated Identity Management in Wireless Roaming Access

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6863))

Abstract

Federated Identity Management technologies are exploited for user authentication in a number of network services but their usage may conflict with security restrictions imposed in a specific domain. We considered a specific case (roaming wireless access for guests) and extended the Stork SAML-based identity federation to cope with this problem by adding dynamic data, called meta-attributes, to be used for authorization even before the user authentication is completed. This concept may be easily extended to other data needed for trust verification and complex authorization decisions in a federated environment.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Maler, E., Reed, D.: The Venn of Identity: Options and Issues in Federated Identity Management. IEEE Security & Privacy, 16–23 ( March/April 2008)

    Google Scholar 

  2. Makoto, H.: Federation proxy for cross domain identity federation. In: Proc. of ACM DIM 2009, pp. 53–62 (2009)

    Google Scholar 

  3. Bonatti, P., Samarati, P.: Regulating service access and information release on the web. In: ACM CCS 2000, pp. 130–145 (November 2000)

    Google Scholar 

  4. Yuan, E., Tong, J.: Attribute Based Access Control (ABAC) for Web Services. In: Proc. of ICWS 2005, pp. 561–569 (July 2005)

    Google Scholar 

  5. Cantor, S. (ed.): Shibboleth architecture - Protocols and Profiles (September 2005), http://shibboleth.internet2.edu

  6. Secure Identity Across Borders Linked (STORK) project - Towards pan-European recognition of electronic IDs (eIDs) (2008-2011), http://www.eid-stork.eu

  7. Berbecaru, D., Jorquera, E., Alcalde-Moraño, J., Portela, R., Bauer, W., Zwattendorfer, B., Eichholz, J., Schneider, T.: Software architecture design. STORK Deliverable D5.8.2a (October 2010), https://www.eid-stork.eu/

  8. OASIS: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard (March 2005)

    Google Scholar 

  9. Alcalde-Moraño, J., Hernández-Ardieta, J.L., Johnston, A., Martinez, D., Zwattendorfer, B., Stern, M., Heppe, J.: Interface specification. STORK Deliverable D5.8.2b (October 2010), https://www.eid-stork.eu/

  10. OASIS: Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard (March 2005)

    Google Scholar 

  11. Stone-Gross, B., Sigal, D., Cohn, R., Morse, J., Almeroth, K., Kruegel, C.: VeriKey: A dynamic certificate verification system for public key exchanges. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 44–63. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  12. OASIS: Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard (March 2005)

    Google Scholar 

  13. OASIS: Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard (March 2005)

    Google Scholar 

  14. OASIS: SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0. OASIS Committee Specification (August 2010)

    Google Scholar 

  15. Gajek, S., Liao, L., Schwenk, J.: Stronger TLS bindings for SAML assertions and SAML artifacts. In: Proc. of ACM SWS 2008, pp. 11–19 (October 2008)

    Google Scholar 

  16. Trusted Computing Group, https://www.trustedcomputinggroup.org

  17. Manulis, M., Leroy, D., Koeune, F., Bonaventure, O., Quisquater, J.-J.: Authenticated Wireless Roaming via Tunnels: Making Mobile Guests Feel at Home. In: Proc. of ASIACCS 2009, pp. 92–103 (2009)

    Google Scholar 

  18. Eduroam: http://www.eduroam.org

  19. Linden, M., Viitanen, V.: Roaming Network Access Using Shibboleth. In: TERENA Networking Conference 2004, pp. 1–1 (2004)

    Google Scholar 

  20. OpenSAML libraries, https://spaces.internet2.edu/display/OpenSAML/Home

Download references

Author information

Authors and Affiliations

  1. Dip. di Automatica e Informatica, Politecnico di Torino, Corso Duca degli Abruzzi 24, 10129, Torino, Italy

    Diana Berbecaru, Antonio Lioy & Marco Domenico Aime

Authors
  1. Diana Berbecaru
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antonio Lioy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marco Domenico Aime
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computing, Communications and Electronics, University of Plymouth, PL4 8AA, Plymouth, UK

    Steven Furnell

  2. Department of Digital Systems, University of Piraeus, 18532, Piraeus, Greece

    Costas Lambrinoudakis

  3. Department of Management Information Systems, University of Regensburg, Universitätsstraße 31, 93053, Regensburg, Germany

    Günther Pernul

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Berbecaru, D., Lioy, A., Aime, M.D. (2011). Exploiting Proxy-Based Federated Identity Management in Wireless Roaming Access. In: Furnell, S., Lambrinoudakis, C., Pernul, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2011. Lecture Notes in Computer Science, vol 6863. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22890-2_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22890-2_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22889-6

  • Online ISBN: 978-3-642-22890-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation