Abstract
Security Assertion Markup Language, which is an XML-based framework, has been developed to describe and exchange authorization and authentication information between on-line business partners. One of the major applications is used to achieve single sign-on through different cloud services. SAML has provided the basic assertion of security that allows the user to surf hybrid clouds of the enterprise. The identify provider, which in charge of the management of the user information, can help users access these services effortlessly. However, the user anonymity of SSO from different identify providers is still an open issue even in SAML 2.0. In this study, we propose a SSO architecture for hybrid cloud to achieve identity federation cross-IdP using SAML, which provide the user an enterprise-crossed, services-integrated, backward compatible, and anonymity-maintained environment.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Bhatti, R., Bertino, E., Ghafoor, A.: An integrated approach to federated identity and privilege management in open systems. Communications of the ACM 50, 81–87 (2007)
Lockhart, H., Mishra, B.: Security Assertion Markup Language (SAML) 2.0 Technical Overview (2005)
Recordon, D., Reed, D.: OpenID 2.0: a platform for user-centric identity management. Discovery, 11–16 (2006)
Bhargavan, K., Fournet, C., Gordon, A.D., Swamy, N.: Verified implementations of the information card federated identity-management protocol. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2008, pp. 123–135 (2008)
Maler, E., Reed, D.: The Venn of Identity: Options and Issues in Federated Identity Management. IEEE Security & Privacy Magazine 6, 16–23 (2008)
Fugkeaw, S., Manpanpanich, P., Juntapremjitt, S.: A Robust Single Sign-On Model Based on Multi-Agent System and PKI. In: Sixth International Conference on Networking (ICN 2007), pp. 4–9 (2007)
Akiyama, T., Teranishi, Y., Okamura, S., Sakane, E., Hasegawa, G., Baba, K., Nakano, H., Shimojo, S.: A Report of Campus-Wide IT Authentication Platform System Development in Osaka University. In: 2007 International Symposium on Applications and the Internet Workshops, p. 35. IEEE (2007)
Shen, J., Zhu, C.: Design and Implementation of Single Sign-on Using Yale-CAS. Computer Technology and Development (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yang, TI., Koong, CS., Tseng, CC. (2014). A Cross-IdP Single Sign-On Method in SAML-Based Architecture. In: Park, J., Stojmenovic, I., Choi, M., Xhafa, F. (eds) Future Information Technology. Lecture Notes in Electrical Engineering, vol 276. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40861-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-40861-8_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40860-1
Online ISBN: 978-3-642-40861-8
eBook Packages: EngineeringEngineering (R0)