Abstract
Authentication is basic functionality required by most services that provide access to protected resources or personalized content. In order to authenticate to services users maintain sets of credentials that they use to prove their identity. Credential delegation allows users to seamlessly access multiple services across the network. The concept manifested their utility in the scope of single domain authentication mechanisms. Therefore, emerging identity federations are expected to provide similar functions, too. Recently, various non web-based federation models have emerged, unfortunately they do not cover properly delegation of credentials. In this paper we introduce a mechanism utilizing digital certificates and PKI, which provides support for credential delegation in non web-based federations. The viability of the concept is demonstrated on integration of the mechanism with the Moonshot federation framework. However, the solution forms an independent middleware layer that can be used by several federation models.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
- Delegation Token
- Identity Provider
- Security Assertion Markup Language
- Successful Authentication
- Authentication Credential
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
eXtensible Access Control Markup Language (XACML) Version 3.0. (2013), http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html
Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetz, H.: Extensible Authentication Protocol (EAP). RFC 3748 (2004), http://www.ietf.org/rfc/rfc3748.txt
Cantor, S.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0 (2005), http://docs.oasis-open.org/security/saml/v2.0/saml-conformance-2.0-os.pdf, document ID saml-conformance-2.0-os
Cantor, S.: SAML V2.0 Enhanced Client or Proxy Profile Version 2.0 (Aug 2013), http://docs.oasis-open.org/security/saml/Post2.0/saml-ecp/v2.0/cs01/saml-ecp-v2.0-cs01.html
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (May 2008)
Hardt, D.: The OAuth 2.0 authorization framework. RFC 6749 (Oct 2012)
Howlett, J., Hartman, S.: Project Moonshot. Briefing paper for IETF 77, Anaheim (2010), http://www.painless-security.com/wp/wp-content/uploads/2010/03/moonshot-ietf-77-briefing-paper.pdf
Iannella, R., Guth, S., Pahler, D., Kasten, A.: ODRL V2.0 Core Model (2012), http://www.w3.org/community/odrl/two/model/
Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication Service (V5). RFC 4120 (Jul 2005)
Painless Security: Project Moonshot: Feasibility Analysis (2010), http://www.painless-security.com/wp/wp-content/uploads/2010/02/moonshot-feasibility-analysis.pdf
Rigney, C., Rubens, A., Simpson, W., Willens, S.: Remote Authentication Dial In User Service (RADIUS). RFC 2865 (2000), http://www.ietf.org/rfc/rfc2865.txt
Tuecke, S., Welch, V., Engert, D., Pearlman, L., Thompson, M.: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. RFC 3820 (Jun 2004)
Welch, V., Foster, I., Kesselman, C., Mulmo, O., Pearlman, L., Tuecke, S., Gawor, J., Meder, S., Siebenlist, F.: X.509 Proxy Certificates for Dynamic Delegation. In: Proceedings of the 3rd Annual PKI R&D Workshop (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kouřil, D., Poul, M., Procházka, M. (2015). Using PKI to Provide Credential Delegation in non Web-based Federations. In: Kim, K. (eds) Information Science and Applications. Lecture Notes in Electrical Engineering, vol 339. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-46578-3_62
Download citation
DOI: https://doi.org/10.1007/978-3-662-46578-3_62
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-46577-6
Online ISBN: 978-3-662-46578-3
eBook Packages: EngineeringEngineering (R0)