FAME: Adding Multi-Level Authentication to Shibboleth
E-SCIENCE '06 Proceedings of the Second IEEE International Conference on e-Science and Grid Computing
Use of XACML Policies for a Network Access Control Service
Proceedings of the 2005 conference on Applied Public Key Infrastructure: 4th International Workshop: IWAP 2005
Bootstrapping a global SSO from network access control mechanisms
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
Hi-index | 0.00 |
This paper presents a generic proposal for improving existing IdM systems, by enabling service providers to determine whether the SSO credentials presented by a user satisfy some minimum requirements. For example, a service provider may require the users to have been authenticated using a method labelled with a particular level of assurance or a credential issued by a specific identity provider. Thus, a user initially authenticated by a username and password might not access a service that requires a stronger mechanism, such as public key certificates. Similarly, the access to some critical service may be restricted to users belonging to a specific organization. The main contribution of this paper is a generic infrastructure that defines the mechanisms to enforce access control policies based on levels of assurance and multiple identities, and it also provides the means to find and redirect the users to the appropriate authentication service when reauthentication is required.