Abstract
OpenID is an open, decentralized and URL-based standard for Single Sign-On (SSO) on the Internet. In addition, the new electronic identity card (“Neuer Personalausweis”, nPA) will be introduced in Germany in November 2010. This work shows the problems associated with OpenID and addresses possible solutions. There is also a discussion on how to improve the OpenID protocol by the combination of the nPA respectively the Restricted Identification (RI) with an OpenID identity. The concept of an OpenID provider with nPA support will be presented together with its precondition. The added value created by the combination of the two technologies nPA and OpenID in different directions is discussed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Recordon, David; Reed, Drummond: OpenID 2.0: a platform for user-centric identity management. In: DIM ‘06: Proceedings of the second ACM workshop on Digital identity management. ACM, 2006, p. 11-16.
Recordon, David; Reed, Drummond: OpenID Authentication 2.0 - Final. http://openid.net/specs/openid-authentication-2_0.html, 2007.
Margraf, Marian: Der elektronische Identitätsnachweis des zukünftigen Personalausweises. SITSmartCard Workshop 2009, Darmstadt, 2009.
BSI: Advanced Security Mechanisms for Machine Readable Travel Documents; Extended Access Control (EAC), Password Authenticated Connection Establishment (PACE), and Restricted Identification (RI); Version 2.03. Technische Richtlinie TR-03110, 2010.
Berners-Lee, T.; Fielding, R.; Masinter, L.: RFC 3986, Uniform Resource Identifier (URI): Generic Syntax. http://www.ietf.org/rfc/rfc3986.txt, 2005.
Reisen, Andreas: Die Architektur des elektronischen Personalausweises. 11. Deutscher IT-Sicherheitskongress des BSI, Bonn-Bad Godesberg, 2009.
Hardt, D.; Bufu, J.; Hoyt, J.: OpenID Attribute Exchange 1.0 – Final. http://openid.net/specs/openid-attribute-exchange-1_0.html, 2007.
Tsyrklevich, E.; Tsyrklevich, V.: Single Sign-On for the Internet: A Security Story. BlackHat USA, 2007.
BSI: Technische Richtlinie eID-Server; Version 1.3. Technische Richtlinie TR-03130, 2010.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Vieweg+Teubner Verlag | Springer Fachmedien Wiesbaden GmbH
About this chapter
Cite this chapter
Feld, S., Pohlmann, N. (2011). Security Analysis of OpenID, followed by a Reference Implementation of an nPA-based OpenID Provider. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2010 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9788-6_2
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9788-6_2
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-1438-8
Online ISBN: 978-3-8348-9788-6
eBook Packages: EngineeringEngineering (R0)