Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Catuogno, Luigi; | Galdi, Clemente
Affiliations: Dipartimento di Informatica, Università degli Studi di Salerno, Fisciano, Italy. E-mail: luicat@dia.unisa.it | Dipartimento di Ingegneria Elettrica e Tecnologie dell'Informazione, Università degli Studi di Napoli “Federico II”, Napoli, Italy. E-mail: clemente.galdi@unina.it
Note: [] Corresponding author: Luigi Catuogno, Dipartimento di Informatica, Università degli Studi di Salerno, I-84084 Fisciano (SA), Italy. E-mail: luicat@dia.unisa.it
Abstract: User authentication schemes have been a key research topic in the field of data security for decades. Such schemes are evaluated according to at least two parameters: security and usability. Since a number of secure and usable authentication schemes are available, each institution can select the scheme that is considered to be most appropriate for its security policy. Such a per-site system selection has the following feature: each site has to authorize each user that tries to access its resources. In a world in which users mobility is growing, the feature we have just described forces a huge overhead; both from the site's viewpoint and the users' viewpoint, since each user needs to store different credentials for each site she accesses to. Federated authentication allows users to use their home authentication credentials for gaining access to other institutions services while moving among different institutions. Different federated authentication systems have been designed and implemented. Despite simplified users mobility, one key problem in this area is that, often, different authentication systems do not cooperate or provide a limited interoperability. In this paper we discuss the problem of achieving full interoperability among Federated Identity Management Systems and present, as proof-of-concept, a solution to allow full communication between two federated authentication systems, Shibboleth a de facto standard in this context, and PAPI (Point of Access to Providers of Information). Such a solution leverages an intermediate bridge which joins both federations and features protocols translation during cross-federation Authentication/Authorization (AA) sessions.
Keywords: Authentication, attribute based access control, federated identity management, Shibboleth, interoperability
DOI: 10.3233/JHS-140499
Journal: Journal of High Speed Networks, vol. 20, no. 4, pp. 209-221, 2014
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl