Using XACML for Privacy Control in SAML-Based Identity Federations

نویسنده

Wolfgang Hommel

چکیده

With Federated Identity Management (FIM) protocols, service providers can request user attributes, such as the billing address, from the user’s identity provider. Access to this information is managed using so-called Attribute Release Policies (ARPs). In this paper, we first analyze various shortcomings of existing ARP implementations; then, we demonstrate that the eXtensible Access Control Markup Language (XACML) is very suitable for the task. We present an architecture for the integration of XACML ARPs into SAML-based identity providers and specify the policy evaluation workflows. We also introduce our implementation and its integration into the Shibboleth architecture.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

An Architecture for Privacy-Aware Inter-domain Identity Management

The management of service oriented architectures demands an efficient control of service users and their authorizations. Similar to structured cabling in LANs, Identity & Access Management systems have proven to be important components of organizations’ IT infrastructures. Yet, due to new management challenges such as virtual organizations, on-demand computing and the integration of third party...

متن کامل

Token-Based Payment in Dynamic SAML-Based Federations

The newly developed approach on token-based payments introduces an integration of payments with current schemes for Identity Federations based on SAML. This new design utilizes an established federation infrastructure as well as its protocols. Only relevant mechanisms to support the payment on the federation infrastructure level are

متن کامل

Secure Federated Authentication and Authorisation to GRID Portal Applications using SAML and XACML

Internationally, the need for federated Identity & Access Management continues to grow, as it allows users to get Single Sign-On access to external resources (a.k.a. Service Providers) using their home account and some attributes that are being released securely by their home organization (a.k.a. Identity Providers). In other words, it solves the problem of service providers needing to create a...

متن کامل

Dynamic Identity Federation Using Security Assertion Markup Language (SAML)

Security Assertion Markup Language (SAML, in short) is one of the most widely used technologies to enable Identity Federation among organisations from different trust domains. Despite its several advantages, one of the key disadvantages of SAML is the mechanism by which an identity federation is established. This mechanism lacks flexibility to create a federation in a dynamic fashion to enable ...

متن کامل

Privacy-enhancing Access Control Mechanism in Distributed Online Social Network

Dramatic growth in the number of subscribers in Online Social Networks (OSNs), such as Facebook, MySpace, Orkut, etc. shows their increasing popularity among people from different ages and sectors. However, currently, the users need to put complete trust on OSN service providers, to protect their sensitive information because of centralized access control at the providers. Taking advantage of t...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2005

Using XACML for Privacy Control in SAML-Based Identity Federations

نویسنده

چکیده

منابع مشابه

An Architecture for Privacy-Aware Inter-domain Identity Management

Token-Based Payment in Dynamic SAML-Based Federations

Secure Federated Authentication and Authorisation to GRID Portal Applications using SAML and XACML

Dynamic Identity Federation Using Security Assertion Markup Language (SAML)

Privacy-enhancing Access Control Mechanism in Distributed Online Social Network

عنوان ژورنال:

اشتراک گذاری