8 research outputs found
Federated identity architecture of the european eID system
Federated identity management is a method that facilitates management of identity processes and policies among the collaborating entities without a centralized control. Nowadays, there are many federated identity solutions, however, most of them covers different aspects of the identification problem, solving in some cases specific problems. Thus, none of these initiatives has consolidated as a unique solution and surely it will remain like that in a near future. To assist users choosing a possible solution, we analyze different federated identify approaches, showing main features, and making a comparative study among them. The former problem is even worst when multiple organizations or countries already have legacy eID systems, as it is the case of Europe. In this paper, we also present the European eID solution, a purely federated identity system that aims to serve almost 500 million people and that could be extended in midterm also to eID companies. The system is now being deployed at the EU level and we present the basic architecture and evaluate its performance and scalability, showing that the solution is feasible from the point of view of performance while keeping security constrains in mind. The results show a good performance of the solution in local, organizational, and remote environments
Integrating an AAA-based federation mechanism for OpenStack - The CLASSe view
Identity federations enable users, service providers, and identity providers from different organizations to exchange authentication and authorization information in a secure way. In this paper, we present a novel identity federation architecture for cloud services based on the integration of a cloud identity management service with an authentication, authorization, and accounting infrastructure. Specifically, we analyse how this type of authentication, authorization, and accounting–based federation can be smoothly integrated into OpenStack, the leading open source cloud software solution, using the Internet Engineering Task Force (IETF) Application Bridging for Federated Access Beyond web specification for authentication and authorization. We provide details of the implementation undertaken in GÉANT's CLASSe project and show its validation in a real testbed
An approach for integrating kerberized non web-based services with web-based identity federations
Many identity federations are designed to be used with web browsers. This paper proposes an approach for integrating non web-based applications with web-based identity federations using Kerberos protocol. We evaluate this approach by making NFS server available for users of SAML-based identity federation of Baden-Württemberg state of Germany. We make use of LDAP-Facade software for federating non web-based services. We have modified the web-interface component of LDAP-Facade to enable the registration with kerberized services. Our approach can be used without modifications on the client side. Copyright © 2015 SCITEPRESS - Science and Technology Publications. All rights reserved
Käyttäjien välinen henkilöllisyyden todentaminen nykyaikaisissa kommunikaatio- ja yhteistyöympäristöissä
This thesis describes a method for person-to-person identification on Google Wave networks.
The method can also be used for strong authentication on the Wave network.
The solution is based on using a trusted third party.
The users must first authenticate themselves to a trusted third party and then prove to it that they control a said Wave user account.
After these steps, the trusted third party is then able to identify the users participating in a Wave discussion and report the identification results to the other participants.
The users can request the trusted third party to reauthenticate a user if needed.
The thesis describes also a federated model for person-to-person identification on the Wave network using multiple trusted third parties.
The method described can be generalized to any communication networks where the origin of messages can be reliably traced on a domain name level.
A proof-of-concept of the identification model was developed and it was used to evaluate the applicability of the model in the real world.Diplomityössä kuvataan menetelmä käyttäjien väliseen henkilöllisyyden todentamiseen Google Wave-verkossa.
Kuvattua menetelmää voidaan käyttää myös henkilöiden vahvaan tunnistamiseen Wave-verkossa.
Ratkaisu perustuu luotetun kolmannen tahon käyttöön.
Käyttäjien tulee ensin tunnistautua luotetulle kolmannelle taholle ja sen jälkeen osoittaa luotetulle taholle omaavansa tietyn Wave-käyttäjätunnuksen.
Tämän jälkeen luotettu kolmas taho voi tunnistaa käyttäjät Wave-verkossa ns.
Wave-robotin avulla ja kertoa tunnistamisen tulokset muille osallistujille.
Tarvittaessa käyttäjät voivat pyytää robotin avulla luotettua tahoa uudelleentunnistamaan käyttäjät.
Työssä esitetään myös malli henkilöiden väliseen tunnistamiseen useamman luotetun tahon avulla.
Menetelmä on yleistettävissä käytettäväksi sellaisissa keskusteluverkoissa, joissa voidaan luotettavasti tunnistaa, miltä verkon palvelimelta kommunikaatio on tapahtunut.
Työssä toteutettiin tekninen kokeilu kehitetystä todennusmenetelmästä ja arvioitiin menetelmän soveltuvuutta käytäntöön
Token Based Authentication and Authorization with Zero-Knowledge Proofs for Enhancing Web API Security and Privacy
This design science study showcases an innovative artifact that utilizes Zero-Knowledge Proofs for API Authentication and Authorization. A comprehensive examination of existing literature and technology is conducted to evaluate the effectiveness of this alternative approach. The study reveals that existing APIs are using slower techniques that don’t scale, can’t take advantage of newer hardware, and have been unable to adequately address current security issues. In contrast, the novel technique presented in this study performs better, is more resilient in privacy sensitive and security settings, and is easy to implement and deploy. Additionally, this study identifies potential avenues for further research that could help advance the field of Web API development in terms of security, privacy, and simplicity
Hypermedia-based Web Services as System Integrators
As we move more closely to the practical concept of the Internet of Things and, our reliance
on public and private APIs increases, web services and their related topics have become
utterly crucial to the informatics community. However, the question about which style of web
services would best solve a particular problem, can raise signi cant and multifarious debates.
There can be found two implementation styles that highlight themselves: the RPC-oriented
style represented by the SOAP protocol’s implementations and the hypermedia style, which is
represented by the REST architectural style’s implementations.
As we search examples of already established web services, we can nd a handful of robust
and reliable public and private SOAP APIs, nevertheless, it seems that RESTful services are
gaining popularity in the enterprise community. For the current generation of developers that
work on informatics solutions, REST seems to represent a fundamental and straightforward
alternative and even, a more deep-rooted approach than SOAP. But are they comparable? Do
both approaches have each speci c best suitable scenarios? Such study is brie y carried out
in the present document’s chapters, starting with the respective background study, following
an analysis of the hypermedia approach and an instantiation of its architecture, in a particular
case study applied in a BPM context.Devido ao facto de estarmos cada vez mais próximos do conceito prático de Internet of
Things, assim como da nossa dependência em APIs públicas e privadas estar a aumentar,
o tópico de web services e outros tópicos relacionados tornam-se bastante cruciais para a
comunidade dedicada à área informática.
Pode-se encontrar dois tipos principais de estilos de implementação que se destacam: o estilo
orientado a RPC, cujo conceito é representado pelas implementações do protocolo SOAP e o
estilo hypermedia representado pelas implementações do estilo arquitetural REST.
Ao procurarmos exemplos de web services estabelecidos no mercado, é possível nos depararmos
com várias APIs SOAP públicas e privadas classi cadas como robustas e áveis. No
entanto, aparentemente, os serviços cujas implementações são orientadas ao estilo arquitetural
REST, estão a ganhar popularidade na comunidade empresarial. Para a geração atual de
developers que trabalham em soluções informáticas, REST aparenta ser uma alternativa mais
essencial, direta e até sólida que SOAP. Mas será que são comparáveis? Será que cada abordagem
tem o seu cenário de melhor enquadramento? O estudo presente neste documento tenta
responder a este tipo de questões, começando com um estudo do background correspondente,
seguido de uma analise da abordagem hypermedia e uma instanciação da sua arquitetura, num
caso de estudo aplicado num contexto BPM