Using quantified trust levels to describe authentication requirements in federated identity management

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2008, Pages 71-79

  Thomas, Ivonne ^a   Menzel, Michael ^a   Meinel, Christoph ^a  

^a UNIVERSITY OF POTSDAM   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL DECISIONS; AUTHENTICATION INFORMATION; AUTHENTICATION METHODS; BUSINESS INTEGRATION; DIFFERENT SERVICES; FEDERATED IDENTITY; IDENTITY INFORMATION; IDENTITY-BASED; OUT-OF-CONTROL; SEAMLESS INTEGRATION; SECURITY ASSERTION; SECURITY RISKS; SERVICE PROVIDER; TRUST DOMAIN; TRUST LEVEL; TRUST RELATIONSHIP; TWO FACTOR AUTHENTICATION;

INFORMATION SERVICES; MATHEMATICAL MODELS; PROCESS CONTROL; RISK PERCEPTION; SECURITY SYSTEMS; SERVICE ORIENTED ARCHITECTURE (SOA); WEB SERVICES;

AUTHENTICATION;

EID: 70349237750     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1456492.1456504     Document Type: Conference Paper

References (33)

1. Web Services Federation Language. http://www-128.ibm.com/developerworks/ library/specification/wsfed/.
2. Australian Government Authentication Framework for Individuals. http://www.agimo.gov.au/infrastructure/authentication/, 2008.
3. E-government in New Zealand. http://www.e.govt.nz, 2008.
4. J. Burnes and W.Chang. An intrinsic assessment and comparison of biometric systems through wavelet analysis. Systems, Man and Cybernetics, 2003. IEEE International Conference on, Jan 2003.
5. e-Authentication Initiative, US. E-Authentication Guidance for Federal Agencies. http://www.whitehouse.gov/omb/memoranda/fy04/m04-04.pdf.
6. ENISA. The ENISA project page. http://www.enisa.europa.eu/, 2008.
7. European Commission - Directorate General Enterprise. Interchange of Data between Administrations (IDA). http://ec.europa.eu/idabc/en/document/3532/5585.
8. J. Galbally-Herrero and J. Fierrez-Aguilar. On the vulnerability of fingerprint verification systems to fake fingerprints attacks. Carnahan Conferences Security Technology, Jan 2006.
9. E. Gehringer. Choosing passwords: security and human factors. Technology and Society, Jan 2002.
10. J. Haller and C. Wolter. Trust Indicator Integration into SLAs for Virtual Organisations. In Proceedings of eChallenges 2007 Conference, 2007.
11. IDABC. Interoperable Delivery of European eGovernment Services to public Administrations, Businesses and Citizens. http://europa.eu.int/idabc/.
12. J. Jeff, Y. Alan, B. Ross, and A. Alasdair. The Memorability and Security of Passwords: Some Empirical Results. Technical Report No. 500, Computer Laboratory, University of Cambridge, Jan 2000.
13. A. Josang, J. Fabre, B. Hay, J. Dalziel, and S. Pope. Trust requirements in identity management. In ACSW Frontiers '05: Proceedings of the 2005 Australasian workshop on Grid computing and e-research, pages 99-108, Darlinghurst, Australia, Australia, 2005. Australian Computer Society, Inc.
14. H. Kim, J. Oh, and J. Choi. Security Analysis of RFID Authentication for Pervasive Systems using Model Checking. Proceedings of the 30th Annual International Computer Software and Applications Conference, Jan 2006.
15. A. Kong, D. Zhang, and M. Kamel. Analysis of Brute-Force Break-Ins of a Palmprint Authentication System. IEEE Transactions on Systems, Man and Cybernetics, Jan 2006.
16. A. Kong, D. Zhang, and M. Kamel. Three measures for secure palmprint identification. Pattern Recognition, Jan 2008.
17. KWINT Project. A safer internet for all. http://www.ecp.nl/downloads/id= 43/download.html, 2007.
18. M. Menzel, I. Thomas, C. Wolter, and C. Meinel. SOA Security - Secure Cross-Organizational Service Composition. In Proceedings of the Stuttgarter Softwaretechnik Forum 2007 (SSF 2007), pages 41 - 53, Stuttgart, Germany, 2007. Fraunhofer IRB-Verlag. ISBN 978-3-8167-7493-8.
19. D. Nali and J. Thorpe. Analyzing User Choice in Graphical Passwords. scs.carleton.ca.
20. National Institute of Standards and Technology (NIST). Fingerprint Vendor Technology Evaluation (FpVTE) 2003.
21. National Institute of Standards and Technology (NIST). Electronic Authentication Guideline, 2007.
22. X. Ni and J. Luo. A Trust Aware Access Control in Service Oriented Grid Environment. Sixth International Conference on Grid and Cooperative Computing, pages 417-422, 2007.
23. OASIS. Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Committee Draft 01, August 2004.
24. OASIS. Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard Specification, March 2005.
25. OASIS. Authentication Context for the OASIS Security Assertion Markup Language (SAML) V2.02 . OASIS Standard Specification, March 2005.
26. Office of the e-Envoy, UK. Registration and Authentication - e-Government Strategy Framework Policy and Guidelines. http://www.cabinetoffice.gov.uk/csia/ documents/pdf/RegAndAuthentn0209v3.pdf, 2002.
27. S. Prabhakar, S. Pankanti, and A. Jain. Biometric recognition: security and privacy concerns. Security and Privacy Magazine, Jan 2003.
28. Realuser. The PassFaces Authentication. http://www.realuser.com/.
29. L. Rila and C. Mitchell. Security analysis of smartcard to card reader communications for biometric. citeseer.ist.psu.edu, Jan 2002.
30. R. Sampath and D. Goel. RATING: Rigorous Assessment of Trust in Identity Management. RES 2006. The First International Conference on Availability, Reliability and Security, 2006.
31. J. Tourzan and Koga, Y. et al. Liberty ID-WSF Web Services Framework Overview, Version: 2.0, 2006. non-normative specification.
32. Z. Wu and A. C. Weaver. Requirements of federated trust management for service-oriented architectures. International Journal of Information Security, Jan 2007.
33. M. Zviran and W. Haga. Password security: an empirical study. Journal of Management Information Systems, Jan 1999.