Abstract
One way of achieving a more fine-grained access control is to link an authentication level of assurance (LoA) derived from a requester’s authentication instance to the authorisation decision made to the requester. To realise this vision, there is a need for designing a LoA derivation model that supports the use and quantification of multiple LoA-effecting attributes, and analyse their composite effect on a given authentication instance. This paper reports the design of such a model, namely a generic LoA derivation model (GEA- LoADM). GEA-LoADM takes into account of multiple authentication attributes along with their relationships, abstracts the composite effect by the multiple attributes into a generic value, authentication LoA, and provides algorithms for the run-time derivation of LoA. The algorithms are tailored to reflect the relationships among the attributes involved in an authentication instance. The model has a number of valuable properties, including flexibility and extensibility; it can be applied to different application contexts and support easy addition of new attributes and removal of obsolete ones.
Chapter PDF
Similar content being viewed by others
References
Australian e-Government & Information Management (cited October 10, 2008), http://www.finance.gov.au/e-government/index.html
Burr, W. E., et al.: Electronic Authentication Guideline. In: NIST Special Publication 800-63. NIST (cited October 15, 2008), http://csrc.nist.gov/publications/PubsSPs.html
Canadian e-authenticaiton (2004) (cited October 10, 2008), http://www.ic.gc.ca/epic/site/ecic-ceac.nsf/en/h_gv00090e.html
Creese, S., et al.: Authentication for Pervasive Computing. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 116–129. Springer, Heidelberg (2004)
Covington, J., et al.: Parameterized Authentication. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 276–292. Springer, Heidelberg (2004)
Japan, An overview of International Initiatives in the field of Electronic Authentication (2005) (cited October 10, 2008), http://www.japanpkiforum.jp/shiryou/e-auth_policy/overview_e-auth_v07.pdf
Johnson, H., et al.: A Decision System for Adequate Authentication, p. 185, doi:10.1109/ICNICONSMCL.2006.9
Josang, A., et al.: Legal Reasoning with Subjective Logic. Artificial Intelligence and Law 8(4), 289–315 (2000)
Nenadic, A., et al.: Fame: Adding Multi-Level Authentication to Shibboleth. In: IEEE Conference of E-Science and Grid Computing, Amsterdam, Holland, p. 157 (2006)
OMB Memorandum M-04-04, E-Authentication Guidance for Federal agencies. OMB (cited October 10, 2008), http://www.whitehouse.gov/OMB/memoranda/fy04/m04-04.pdf
Saaty, T.L.: Scaling method for priorities in hierarchical structures. Journal of Mathematical Psychology 15(3), 234–281 (1977)
Saaty, T.L.: How to make a decision: The analytic hierarchy process. European Journal of Operational Research IC/1990/48, 9–26 (1990)
SAML 2.0 Authentication Context specification. OASIS (cited October 10, 2008), http://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdf
Shibboleth Architecture technical overview (2005), http://shibboleth.internet2.edu/docs/draft-mace-shibboleth-tech-overview-latest.pdf
Zhang, N., Yao, L., et al.: doi: 10.1002/cpe.v19:9
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Yao, L., Zhang, N. (2009). A Generic Authentication LoA Derivation Model. In: Gritzalis, D., Lopez, J. (eds) Emerging Challenges for Security, Privacy and Trust. SEC 2009. IFIP Advances in Information and Communication Technology, vol 297. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01244-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-01244-0_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01243-3
Online ISBN: 978-3-642-01244-0
eBook Packages: Computer ScienceComputer Science (R0)