Biometric Recognition: Security and Privacy Concerns
IEEE Security and Privacy
Trust requirements in identity management
ACSW Frontiers '05 Proceedings of the 2005 Australasian workshop on Grid computing and e-research - Volume 44
RATING: Rigorous Assessment of Trust in Identity Management
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Security Analysis of RFID Authentication for Pervasive Systems using Model Checking
COMPSAC '06 Proceedings of the 30th Annual International Computer Software and Applications Conference - Volume 02
Password security: an empirical study
Journal of Management Information Systems
Requirements of federated trust management for service-oriented architectures
International Journal of Information Security
A Trust Aware Access Control in Service Oriented Grid Environment
GCC '07 Proceedings of the Sixth International Conference on Grid and Cooperative Computing
Three measures for secure palmprint identification
Pattern Recognition
Analysis of Brute-Force Break-Ins of a Palmprint Authentication System
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
An authentication trust metric for federated identity management systems
STM'10 Proceedings of the 6th international conference on Security and trust management
| Hi-index | 0.00 |
Service-oriented Architectures (SOA) facilitate the dynamic and seamless integration of services offered by different service providers which in addition can be located in different trust domains. Especially for business integration scenarios, Federated Identity Management emerged as a possibility to propagate identity information as security assertions across company borders in order to secure the interaction between different services. Although this approach guarantees scalability regarding the integration of identity-based services, it exposes a service provider to new security risks. These security risks result from the complex trust relationships within a federation. In a federation the authentication of a user is not necessarily performed within the service provider's domain, but can be performed in the user's local domain. Consequently, the service provider has to rely on authentication results received from a federation partner to enforce access control. This implies that the quality of the authentication process is out of control by the service provider and therefore becomes a factor which needs to be considered in the access control step. In order to guarantee a designated level of security, the quality of the authentication process should be part of the access control decision. To ease this process, we propose in this paper a method to rate authentication information by a level of trust which describes the strength of an authentication method. Additionally, in order to support the concept of a two-factor authentication, we also present a mathematical model to calculate the trust level when combining two authentication methods.