Abstract
Federated Identity Management technologies are exploited for user authentication in a number of network services but their usage may conflict with security restrictions imposed in a specific domain. We considered a specific case (roaming wireless access for guests) and extended the Stork SAML-based identity federation to cope with this problem by adding dynamic data, called meta-attributes, to be used for authorization even before the user authentication is completed. This concept may be easily extended to other data needed for trust verification and complex authorization decisions in a federated environment.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Maler, E., Reed, D.: The Venn of Identity: Options and Issues in Federated Identity Management. IEEE Security & Privacy, 16–23 ( March/April 2008)
Makoto, H.: Federation proxy for cross domain identity federation. In: Proc. of ACM DIM 2009, pp. 53–62 (2009)
Bonatti, P., Samarati, P.: Regulating service access and information release on the web. In: ACM CCS 2000, pp. 130–145 (November 2000)
Yuan, E., Tong, J.: Attribute Based Access Control (ABAC) for Web Services. In: Proc. of ICWS 2005, pp. 561–569 (July 2005)
Cantor, S. (ed.): Shibboleth architecture - Protocols and Profiles (September 2005), http://shibboleth.internet2.edu
Secure Identity Across Borders Linked (STORK) project - Towards pan-European recognition of electronic IDs (eIDs) (2008-2011), http://www.eid-stork.eu
Berbecaru, D., Jorquera, E., Alcalde-Moraño, J., Portela, R., Bauer, W., Zwattendorfer, B., Eichholz, J., Schneider, T.: Software architecture design. STORK Deliverable D5.8.2a (October 2010), https://www.eid-stork.eu/
OASIS: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard (March 2005)
Alcalde-Moraño, J., Hernández-Ardieta, J.L., Johnston, A., Martinez, D., Zwattendorfer, B., Stern, M., Heppe, J.: Interface specification. STORK Deliverable D5.8.2b (October 2010), https://www.eid-stork.eu/
OASIS: Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard (March 2005)
Stone-Gross, B., Sigal, D., Cohn, R., Morse, J., Almeroth, K., Kruegel, C.: VeriKey: A dynamic certificate verification system for public key exchanges. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 44–63. Springer, Heidelberg (2008)
OASIS: Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard (March 2005)
OASIS: Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard (March 2005)
OASIS: SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0. OASIS Committee Specification (August 2010)
Gajek, S., Liao, L., Schwenk, J.: Stronger TLS bindings for SAML assertions and SAML artifacts. In: Proc. of ACM SWS 2008, pp. 11–19 (October 2008)
Trusted Computing Group, https://www.trustedcomputinggroup.org
Manulis, M., Leroy, D., Koeune, F., Bonaventure, O., Quisquater, J.-J.: Authenticated Wireless Roaming via Tunnels: Making Mobile Guests Feel at Home. In: Proc. of ASIACCS 2009, pp. 92–103 (2009)
Eduroam: http://www.eduroam.org
Linden, M., Viitanen, V.: Roaming Network Access Using Shibboleth. In: TERENA Networking Conference 2004, pp. 1–1 (2004)
OpenSAML libraries, https://spaces.internet2.edu/display/OpenSAML/Home
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Berbecaru, D., Lioy, A., Aime, M.D. (2011). Exploiting Proxy-Based Federated Identity Management in Wireless Roaming Access. In: Furnell, S., Lambrinoudakis, C., Pernul, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2011. Lecture Notes in Computer Science, vol 6863. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22890-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-22890-2_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22889-6
Online ISBN: 978-3-642-22890-2
eBook Packages: Computer ScienceComputer Science (R0)