Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
Prudent Engineering Practice for Cryptographic Protocols
IEEE Transactions on Software Engineering
Risks of the passport single signon protocol
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
Design and implementation of the idemix anonymous credential system
Proceedings of the 9th ACM conference on Computer and communications security
Privacy in browser-based attribute exchange
Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
Robustness Principles for Public Key Protocols
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Security Analysis of the SAML Single Sign-on Browser/Artifact Profile
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Analysis of Liberty Single-Sign-on with Enabled Clients
IEEE Internet Computing
Enterprise Security Architecture Using IBM Tivoli Security Solutions
Enterprise Security Architecture Using IBM Tivoli Security Solutions
PeerAccess: a logic for distributed authorization
Proceedings of the 12th ACM conference on Computer and communications security
Proving a WS-federation passive requestor profile with a browser model
Proceedings of the 2005 workshop on Secure web services
Verified implementations of the information card federated identity-management protocol
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Notarized federated ID management and authentication
Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
Proceedings of the 6th ACM workshop on Formal methods in security engineering
Privacy-aware identity management for client-side mashup applications
Proceedings of the 5th ACM workshop on Digital identity management
Design of lock-keeper federated authentication gateway
ICACT'09 Proceedings of the 11th international conference on Advanced Communication Technology - Volume 2
Simplified privacy controls for aggregated services: suspend and resume of personal data
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Notarized federated identity management for web services
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Privacy with delegation of rights by identity management
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Enhancing consumer privacy in the liberty alliance identity federation and web services frameworks
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
FedCohesion: federated identity management in the marche region
EGOVIS'12/EDEM'12 Proceedings of the 2012 Joint international conference on Electronic Government and the Information Systems Perspective and Electronic Democracy, and Proceedings of the 2012 Joint international conference on Advancing Democracy, Government and Governance
| Hi-index | 0.00 |
For authentication, one answer to the workshop question “where have all the protocols gone?” is “into federated identity management”. At least this is what many influential industrial players are currently striving for. The best-known examples are Microsoft Passport, the Liberty Alliance's proposals, and WS-Federation. While there have been many political discussions about Passport, in particular its privacy, and some technical studies of operational risks, there is almost no public literature about the actual protocols and their security. We start with an overview of the driving factors in this space, the security properties desirable and achievable under the given design constraints, and the protocols proposed so far. We present a new protocol, BBAE, with better privacy and scalability, i.e., absence of single points of control, than prior proposals. We also discuss particular difficulties of rigorously treating a protocol that can be a profile in current standardization efforts.