Design of lock-keeper federated authentication gateway

Authors:
Feng Cheng;Christoph Meinel
Affiliations:
Hasso Plattner Institute, University of Potsdam, Potsdam, Germany;Hasso Plattner Institute, University of Potsdam, Potsdam, Germany
Venue:
ICACT'09 Proceedings of the 11th international conference on Advanced Communication Technology - Volume 2
Year:
2009

Citing 8
Cited 0

A pump for rapid, reliable, secure communication

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Understanding SOA with Web Services (Independent Technology Guides)

Understanding SOA with Web Services (Independent Technology Guides)
Understanding windows cardspace: an introduction to the concepts and challenges of digital identities

Understanding windows cardspace: an introduction to the concepts and challenges of digital identities
A taxonomy of single sign-on systems

ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Deployment of virtual machines in lock-keeper

WISA'06 Proceedings of the 7th international conference on Information security applications: PartI
Strong authentication over lock-keeper

SOFSEM'08 Proceedings of the 34th conference on Current trends in theory and practice of computer science
Federated identity-management protocols

Proceedings of the 11th international conference on Security Protocols
A secure web services providing framework based on lock-keeper

APNOMS'07 Proceedings of the 10th Asia-Pacific conference on Network Operations and Management Symposium: managing next generation networks and services

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes a new federated authentication platform based on the Lock-Keeper system, which is a simple implementation of the high level security concept, "Physical Separation". An integrated federated authentication gateway is realized within the Lock-Keeper components and deployed on the border between different security domains, which enables users to use their own digital identities for accessing services provided by external collaborating partners. User identities, credentials and all kinds of security tokens required by the authentication can be handled well by being physically isolated with outside. All the direct network connections to the target security domain are disabled by the Lock-Keeper's inherent sluice principle as well as normal electronic transactions and businesses can still be performed through the corresponding Lock-Keeper application modules. A number of known standards related to Web Service security are implemented and can be reliably enforced in the isolated environment of the proposed framework.