Géant-TrustBroker: Dynamic, Scalable Management of SAML-Based Inter-federation Authentication and Authorization Infrastructures

Pöhn, Daniela; Metzger, Stefan; Hommel, Wolfgang

doi:10.1007/978-3-642-55415-5_25

Cited by 4 publications

(5 citation statements)

References 1 publication

(1 reference statement)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other approaches focus on federation as a service, which utilizes cloud infrastructure. The framework AIDF by Zouari and Hamdi [88] makes use of a trust broker, like in [58]…”

Section: Federated Identity Management As a Servicementioning

confidence: 99%

See 1 more Smart Citation

An overview of limitations and approaches in identity management

Pöhn

Hommel

2020

Proceedings of the 15th International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

Identity and access management (I&AM) is the umbrella term for managing users and their permissions. It is required for users to access different services. These services can either be provided from their home organization, like a company or university, or from external service providers, e. g., cooperation partners. I&AM provides the management of identifiers with the attributes, credentials, roles, and permissions the user has. Today, the requirements have evolved from simply accessing individual web services in the internet or at a company to the majority of all IT services from different service providers with various accounts. Several identity management models have been created with different approaches within.In order to adjust to heterogeneous environments, use cases, and the evolution of identity management, this paper extends known requirements for identity management. Existing models and approaches for identity management are mapped to the derived requirements. Based on the mapping, advantages, disadvantages, and gaps are identified. Current approaches suffer, as an example, from trustworthiness and liability issues. Interoperability issues are even more inherent as the approaches partly develop apart, forming an heterogeneous environment. The results from this analysis emphasize the need for one holistic identity management framework.

show abstract

“…Other approaches focus on federation as a service, which utilizes cloud infrastructure. The framework AIDF by Zouari and Hamdi [88] makes use of a trust broker, like in [58]…”

Section: Federated Identity Management As a Servicementioning

confidence: 99%

“…Furthermore, the division into trusted, semi-trusted, and untrusted is rather coarsegrained [REQ6], and a further database per entity is needed [REQ11]. Another approach is called TrustBroker by Pöhn et al[58], which is based on SAML, though the generic concepts can be applied to FIM[REQ3]. There are also other federation approaches.…”

mentioning

confidence: 99%

An overview of limitations and approaches in identity management

Pöhn

Hommel

2020

Proceedings of the 15th International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…These characteristics are very important for the interoperability between security technologies of different administrative domains to be accomplished. According to [151,178,179], the first step toward achieving interoperability is the adoption of SAML. However, XML-based SAML is not a lightweight standard and has a high computational cost for IoT resource-constrained devices [176].…”

Section: Federated Identity Management Systemmentioning

confidence: 99%

The computer for the 21st century: present security & privacy challenges

Oliveira

Pereira

Misoczki

et al. 2018

J Internet Serv Appl

View full text Add to dashboard Cite

Decades went by since Mark Weiser published his influential work on the computer of the 21st century. Over the years, some of the UbiComp features presented in that paper have been gradually adopted by industry players in the technology market. While this technological evolution resulted in many benefits to our society, it has also posed, along the way, countless challenges that we have yet to surpass. In this paper, we address major challenges from areas that most afflict the UbiComp revolution: 1. Software Protection: weakly typed languages, polyglot software, and networked embedded systems. 2. Long-term Security: recent advances in cryptanalysis and quantum attacks. 3. Cryptography Engineering: lightweight cryptosystems and their secure implementation. 4. Resilience: issues related to service availability and the paramount role of resilience. 5. Identity Management: requirements to identity management with invisibility. 6. Privacy Implications: sensitivity data identification and regulation. 7. Forensics: trustworthy evidence from the synergy of digital and physical world. We point out directions towards the solutions of those problems and claim that if we get all this right, we will turn the science fiction of UbiComp into science fact.

show abstract

“…Since more and more services are offered on-demand, the practical problem and relevant question is, if the SAML metadata, required to make use of FIM, can be exchanged securely on-demand. This article adds security considerations and a risk management based on a template to the GÉANT-TrustBroker approach (Pöhn et al, 2014). The new approach, initiated by the eduGAIN operators (GÉANT project), needs to be as secure as FIM with SAML can be, even though new components and workflows are introduced.…”

Section: Introductionmentioning

confidence: 99%

“…By that, if IDP and SP technically do not know each other, the TTP triggers the metadata exchange on-demand. This approach is also described in (Pöhn et al, 2014), where the state of the art, basic concepts, workflows, and database design were explained. As only the necessary metadata is exchanged, this significantly improves the scalability of the metadata exchange, while at the same time avoids performance bottlenecks.…”

Section: Introductionmentioning

confidence: 99%

Risk Management for Dynamic Metadata Exchange via a Trusted Third Party

Pöhn

2016

Proceedings of the 2nd International Conference on Information Systems Security and Privacy

Self Cite

View full text Add to dashboard Cite

Inter-organizational access to IT services based on the predominant standard of Federated Identity Management (FIM), the Security Assertion Markup Language (SAML), suffers from scalability issues related to metadata exchange. In order to overcome these issues, an approach for automated metadata exchange between Identity Provider (IDP) and Service Provider (SP) via a Trusted Third Party (TTP) is presented in this article. Based on the architecture, risk management with threats and counter measures is applied by using a risk management template. Special emphasis is put on the secure design of the automated metadata exchange.

show abstract

Géant-TrustBroker: Dynamic, Scalable Management of SAML-Based Inter-federation Authentication and Authorization Infrastructures

Cited by 4 publications

References 1 publication

An overview of limitations and approaches in identity management

An overview of limitations and approaches in identity management

The computer for the 21st century: present security & privacy challenges

Risk Management for Dynamic Metadata Exchange via a Trusted Third Party

Contact Info

Product

Resources

About