Trust Negotiation in Identity Management

Bhargav-Spantzel, Abhilasha; Squicciarini, Anna; Bertino, Elisa

doi:10.1109/msp.2007.46

Cited by 54 publications

(19 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Authentication with a trusted third-party, using either OpenID or OAuth, decreases cognitive load, but the third-party must be trusted [75]. The thirdparty may also become a single point of failure since all authentication takes place at the provider [76].…”

Section: Protocol Problemsmentioning

confidence: 99%

Web Authentication using Third-Parties in Untrusted Environments

Vapen

2016

Linköping Studies in Science and Technology. Dissertations

View full text Add to dashboard Cite

With the increasing personalization of the Web, many websites allow users to create their own personal accounts. This has resulted in Web users often having many accounts on different websites, to which they need to authenticate in order to gain access. Unfortunately, there are several security problems connected to the use and re-use of passwords, the most prevalent authentication method currently in use, including eavesdropping and replay attacks.Several alternative methods have been proposed to address these shortcomings, including the use of hardware authentication devices. However, these more secure authentication methods are often not adapted for mobile Web users who use different devices in different places and in untrusted environments, such as public Wi-Fi networks, to access their accounts.We have designed a method for comparing, evaluating and designing authentication solutions suitable for mobile users and untrusted environments. Our method leverages the fact that mobile users often bring their own cell phones, and also takes into account different levels of security adapted for different services on the Web.Another important trend in the authentication landscape is that an increasing number of websites use third-party authentication. This is a solution where users have an account on a single system, the identity provider, and this one account can then be used with multiple other websites. In addition to requiring fewer passwords, these services can also in some cases implement authentication with higher security than passwords can provide.How websites select their third-party identity providers has privacy and security implications for end users. To better understand the security and privacy risks with these services, we present a data collection methodology that we have used to identify and capture third-party authentication usage on the Web. We have also characterized the third-party authentication landscape based on our collected data, outlining which types of third-parties are used by which types of sites, and how usage differs across the world. Using a combination of large-scale crawling, longitudinal manual testing, and in-depth login tests, our characterization and analysis has also allowed us to discover interesting structural properties of the landscape, differences in the cross-site relationships, and how the use of third-party authentication is changing over time.Finally, we have also outlined what information is shared between websites in third-party authentication, defined risk classes based on shared data, and profiled privacy leakage risks associated with websites and their identity providers sharing data with each other. Our findings show how websites can strengthen the privacy of their users based on how these websites select and combine their third-parties and the data they allow to be shared. Populärvetenskaplig sammanfattningAllt fler människor tillbringar stora delar av sina liv på Internet för att arbeta, uträtta myndighetsärenden, sköta sin ekonomi och umgås med vänner...

show abstract

Section: Protocol Problemsmentioning

confidence: 99%

Web Authentication using Third-Parties in Untrusted Environments

Vapen

2016

Linköping Studies in Science and Technology. Dissertations

View full text Add to dashboard Cite

show abstract

“…Yet, it is still assumed both the end user and service provider to have a pre-established trust relationship with the Key Distribution Center (KDC) [24] presents a reputation-based trust management method that uses a single Trusted Third Party (TTP) for aggregating the IdP vote and transmitting the result to the SPs. This approach could have scalability problems since it requires to pre-configure relationships with the TTPs, a process that grows in complexity when a high number of entities exist in the system [25] and [26] propose integrating trust negotiation into IdM systems [25] includes bilateral credential disclosure techniques between SPs and between users and SPs in federated IdM, called FAMTN (Federated Attribute Management and Trust Negotiation), while [26] proposes negotiation based on matching of release policies into InfoCards, called identity meta-system. These approaches are mainly focused on flexible access control but do not deal with the establishment of dynamic trust relationships between providers.…”

Section: Outcomes Under "Nice" Conditionsmentioning

confidence: 99%

To Federate or Not To Federate: A Reputation-Based Mechanism to Dynamize Cooperation in Identity Management

Arias-Cabarcos

Almenárez

Mármol³

et al. 2013

Wireless Pers Commun

View full text Add to dashboard Cite

Identity Management systems cannot be centralized anymore. Nowadays, users have multiple accounts, profiles and personal data distributed throughout the web and hosted by different providers. However, the online world is currently divided into identity silos forcing users to deal with repetitive authentication and registration processes and hindering a faster development of large scale e-business. Federation has been proposed as a technology to bridge different trust domains, allowing user identity information to be shared in order to improve usability. But further research is required to shift from the current static model, where manual bilateral agreements must be pre-configured to enable cooperation between unknown parties, to a more dynamic one, where trust relationships are established on demand in a fully automated fashion. This paper presents IdMRep, the first completely decentralized reputation-based mechanism which makes dynamic federation a reality. Initial experiments demonstrate its accuracy as well as an assumable overhead in scenarios with and without malicious nodes.

show abstract

“…A typical identity management has any of the three types of trust relationship between the service provider (SP) and identity provider (IdP) -pairwise, brokered and community trust models [41,42]. In network virtualization, SeP or InP may play a role as IdP and SP.…”

Section: Authentication and Trust Managementmentioning

confidence: 99%

Towards full network virtualization in horizontal IaaS federation: security issues

Nimkar

Ghosh

2013

Journal of Cloud Computing: Advances, Systems and Applications

View full text Add to dashboard Cite

Horizontal IaaS federation exploits datacenter for federation of IaaS provider by supplying virtual nodes (e.g. virtual machines, virtual switches, and virtual routers) and virtual links. Today's datacenters for cloud computing do not supply full network virtualization in terms of user-level network management and user-agreed network topology. The datacenters lack the basic security services required for the collocation of tenants' virtual networks. The network virtualization research projects from academia and industry support full network virtualization but lack the basic security services required for the collocation of tenants' virtual networks. This paper investigates the security issues in four areas namely, (a) monolithic IaaS cloud, (b) network virtualization research projects, (c) datacenter network virtualization and (d) virtual resources to incorporate full network virtualization environment in horizontal IaaS federation. Further, it presents the security related qualitative comparisons of datacenters, network virtualization research projects and virtual resources to incorporate full network virtualization in horizontal IaaS federation.

show abstract

Trust Negotiation in Identity Management

Cited by 54 publications

References 2 publications

Web Authentication using Third-Parties in Untrusted Environments

Web Authentication using Third-Parties in Untrusted Environments

To Federate or Not To Federate: A Reputation-Based Mechanism to Dynamize Cooperation in Identity Management

Towards full network virtualization in horizontal IaaS federation: security issues

Contact Info

Product

Resources

About