A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Provably secure session key distribution: the three party case
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Risks of the passport single signon protocol
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
Using encryption for authentication in large networks of computers
Communications of the ACM
Privacy in browser-based attribute exchange
Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
Validating a Web service security abstraction by typing
Proceedings of the 2002 ACM workshop on XML security
A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Security Analysis of the SAML Single Sign-on Browser/Artifact Profile
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
A semantics for web services authentication
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Analysis of Liberty Single-Sign-on with Enabled Clients
IEEE Internet Computing
Proving a WS-federation passive requestor profile with a browser model
Proceedings of the 2005 workshop on Secure web services
Secure sessions for Web services
ACM Transactions on Information and System Security (TISSEC)
Identity Federation for VoIP systems
Journal of Computer Security - Digital Identity Management (DIM 2007)
Browser model for security analysis of browser-based protocols
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Hi-index | 0.01 |
Currently, influential industrial players are in the process of realizing identity federation, in particular the authentication of browser users across administrative domains. WS-Federation is a joint protocol framework for Web Services clients and browser clients. While browser-based federation protocols, including Microsoft Passport, OASIS SAML, and Liberty besides WS-Federation, are already widely deployed, their security is still unproven and has been challenged by several analyses. One reason is a lack of cryptographically precise protocol definitions, which impedes explicit design for security as well as proofs. Another reason is that the security properties depend on the browser and even on the browser user. We rigorously formalize a strict instantiation of the current WS-Federation Passive Requestor Interop profile and make explicit assumptions for its general use. On this basis, we prove that the protocol provides authenticity and secure channel establishment in a realistic trust scenario. This constitutes the first positive security result for a browser-based identity federation protocol.