Role-Based Access Control Models
Computer
Access control mechanisms for inter-organizational workflow
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Role-based access control on the web
ACM Transactions on Information and System Security (TISSEC)
IEEE Internet Computing
RBAC on the Web by Secure Cookies
Proceedings of the IFIP WG 11.3 Thirteenth International Conference on Database Security: Research Advances in Database and Information Systems Security
A Secure Workflow System for Dynamic Collaboration
IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
A composite rbac approach for large, complex organizations
Proceedings of the ninth ACM symposium on Access control models and technologies
Analysis of the SSL 3.0 protocol
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Hi-index | 0.00 |
The concept of federated identity management is increasingly coming to use in order to bring Service Providers closer to customers. Users are being provided an enriched experience while carrying out business on the Web at reduced overhead and improved customer service. The idea of maintaining a single profile and gaining access to multiple services has been accepted well by the customers. However, the benefits of breaking through just one set of credentials to gain access to multiple services has made the concept of Federated Identity Management of high interest to malicious users. In this paper, we analyze the structure of a generic Federated Identity Management System and explore the .NET Passport framework in depth. We explore the current security mechanisms adopted by the .NET Passport and identify potential security weaknesses. We then propose our new approaches to enhance the security services in .NET Passport by using Secure Cookies. Our approaches are transparent to and compatible with the current .NET Passport server. Finally, we prove the feasibility by implementing our ideas in a real system.