Abstract
With the integration of mobile and Web applications, the number of services a typical mobile user accesses has grown multi-fold and this forces users to manage multiple user names and passwords daily. The same situation will be extended to ubiquitous service environments. Recently, OMA suggests a new architecture for implementing the Web Services standard for mobile environments, and SAML is recommended for user authentication and authorization on mobile Web Services. SAML is an XML based single sign-on standard, which enables the exchange of authentication, authorization, and profile information between different entities. This provides interoperability between different security services in the distributed environments including mobile and ubiquitous service environments. In this paper, we propose a single sign-on architecture in which a mobile user offers his credential information to the wired service network for obtaining user authentication and accesses to another domain using this authentication, based on the SAML standard. And we verify this architecture by checking the security messages between entities based on a messaging scenario.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
http://www.eastandard.net/financialstandard/commentary/comm01.htm
He, Q., Khosla, P., Su, Z.: A Practical Study on Security of Agent-Based Ubiquitous Computing. In: Falcone, R., Barber, S.K., Korba, L., Singh, M.P. (eds.) AAMAS 2002. LNCS (LNAI), vol. 2631, Springer, Heidelberg (2003)
Volchkov, A.: Revisiting single sign-on: a pragmatic approach in a new context. IT Professional 3(1), 39–45 (2001)
Parker, T.A.: Single sign-on systems-the technologies and the products. In: European Convention on Security and Detection, May 16-18, pp. 151–155 (1995)
Pfitzmann, B.: Privacy in Enterprise Identity Federation - Policies for Liberty Single Signon. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 189–204. Springer, Heidelberg (2003)
OMA (Open Mobile Alliance) Web Services Enabler (OWSER): Core Specifications Draft Version 1.0, http://member.openmobilealliance.org/ftp/public_documents/mws/Permanent_documents/
Pilioura, T., Tsalgatidou, A., Hadjiefthymiades, S.: Scenarios of using Web Services in MCommerce. ACM SIGecom Exchanges 3(4), 28–36 (2003)
Pfitzmann, B., Waidner, B.: Token-based web Single Signon with Enabled Clients. IBM Research Report RZ 3458 (#93844) (November 2002)
Pfitzmann, B., Waidner, B.: Token-based web Single Signon with Enabled Clients. IBM Research Report RZ 3458 (#93844) (November 2002)
Semar, V.: Single Sign-On Using Cookies for Web applications. In: Proceedings. IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 1999), pp. 158–163 (1999)
Bindings and Profiles for the OASIS Security Assertion Markup Language (SAML) V1.1, http://www.oasis-open.org/committees/security/
WAPWhite_Paper1.pdf, http://www.wapforum.org/what/WAPWhite_Paper1.pdf
Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1, http://www.oasis-open.org/committees/security/
Jeong, J., Shin, D., Shin, D., Moon, K.: Java-Based Single Sign-On Library Supporting SAML (Security Markup Language) for Distributed Web Services. In: Yu, J.X., Lin, X., Lu, H., Zhang, Y. (eds.) APWeb 2004. LNCS, vol. 3007, Springer, Heidelberg (2004)
Godik, S., Moses, T.: eXtensible Access Control Markup Language (XACML) Version 1.0 OASIS Standard (2003), http://www.oasis-open.org/committees/download.php/3164/os-xacml-specification-1.1%20draft%204.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jeong, J., Shin, D., Shin, D., Oh, HM. (2004). A Study on the XML-Based Single Sign-On System Supporting Mobile and Ubiquitous Service Environments. In: Yang, L.T., Guo, M., Gao, G.R., Jha, N.K. (eds) Embedded and Ubiquitous Computing. EUC 2004. Lecture Notes in Computer Science, vol 3207. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30121-9_86
Download citation
DOI: https://doi.org/10.1007/978-3-540-30121-9_86
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22906-3
Online ISBN: 978-3-540-30121-9
eBook Packages: Springer Book Archive