Levels of Assurance and Reauthentication in Federated Environments

  • Authors:

  • Manuel Sánchez;Óscar Cánovas;Gabriel López;Antonio F. Gómez-Skarmeta

  • Affiliations:

  • Department of Information and Communications Engineering, University of Murcia, Spain;Department of Computer Engineering, University of Murcia, Spain;Department of Information and Communications Engineering, University of Murcia, Spain;Department of Information and Communications Engineering, University of Murcia, Spain

  • Venue:
  • EuroPKI '08 Proceedings of the 5th European PKI workshop on Public Key Infrastructure: Theory and Practice
  • Year:
  • 2008

Quantified Score

Hi-index 0.00

Visualization

Abstract

This paper presents a generic proposal for improving existing IdM systems, by enabling service providers to determine whether the SSO credentials presented by a user satisfy some minimum requirements. For example, a service provider may require the users to have been authenticated using a method labelled with a particular level of assurance or a credential issued by a specific identity provider. Thus, a user initially authenticated by a username and password might not access a service that requires a stronger mechanism, such as public key certificates. Similarly, the access to some critical service may be restricted to users belonging to a specific organization. The main contribution of this paper is a generic infrastructure that defines the mechanisms to enforce access control policies based on levels of assurance and multiple identities, and it also provides the means to find and redirect the users to the appropriate authentication service when reauthentication is required.