On Cryptographically Strong Bindings of SAML Assertions to Transport Layer Security

On Cryptographically Strong Bindings of SAML Assertions to Transport Layer Security

Florian Kohlar, Jörg Schwenk, Meiko Jensen, Sebastian Gajek
Copyright: © 2011 |Volume: 3 |Issue: 4 |Pages: 16
ISSN: 1937-9412|EISSN: 1937-9404|EISBN13: 9781613508466|DOI: 10.4018/jmcmc.2011100102
Cite Article Cite Article

MLA

Kohlar, Florian, et al. "On Cryptographically Strong Bindings of SAML Assertions to Transport Layer Security." IJMCMC vol.3, no.4 2011: pp.20-35. http://doi.org/10.4018/jmcmc.2011100102

APA

Kohlar, F., Schwenk, J., Jensen, M., & Gajek, S. (2011). On Cryptographically Strong Bindings of SAML Assertions to Transport Layer Security. International Journal of Mobile Computing and Multimedia Communications (IJMCMC), 3(4), 20-35. http://doi.org/10.4018/jmcmc.2011100102

Chicago

Kohlar, Florian, et al. "On Cryptographically Strong Bindings of SAML Assertions to Transport Layer Security," International Journal of Mobile Computing and Multimedia Communications (IJMCMC) 3, no.4: 20-35. http://doi.org/10.4018/jmcmc.2011100102

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

In recent research, two approaches to protect SAML based Federated Identity Management (FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to strengthen the Same Origin Policy of the browser by taking into account the security guarantees TLS gives. This work presents a third approach which is of further interest beyond IDM protocols, especially for mobile devices relying heavily on the security offered by web technologies. By binding the SAML assertion to cryptographically derived values of the TLS session that has been agreed upon between client and the service provider, this approach provides anonymity of the (mobile) browser while allowing Relying Party and Identity Provider to detect the presence of a man-in-the-middle attack.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.