LDAPRoam: A Generic Solution for Both Web-Based and Non-Web-Based Federate Access

  • Qi Feng
  • Wei PengEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11783)


Identity federation technology has been widely used in recent years. But the solution for federate access is totally different between the Web-Based and Non-Web-Based scenarios. Furthermore, it is highly limited for lack of support from Non-Web-Based scenarios now. This paper proposes a generic federate access solution based on LDAP roaming, which can provide reliable identity roaming in any internet service. To service providers, our solution is transparent and looks like a LDAP. The paper first presents the difficulties in realizing LDAP roaming and discusses offers solutions to the implementation of LDAP roaming. Then it evaluates the easy integration and usability of LDAP roaming. Finally it compares the Generic Solution with the existing federal access solution.


Identity federation Non-Web-Based LDAP SAML Eduroam 


  1. 1.
    Torres, J., Nogueira, M., Pujolle, G.: A survey on identity management for the future network. IEEE Commun. Surv. Tutor. 15(2), 787–802 (2013)CrossRefGoogle Scholar
  2. 2.
    Cantor, S., Kemp, J., Philpott, R., Eve, M.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) v2.0, OASIS Standard, March 2005Google Scholar
  3. 3.
    Wierenga, K., et al.: Deliverable DJ5.1.4: Inter-NREN Roaming Architecture. Description and Development Items, GN2 JRA5. GEANT2, September 2006Google Scholar
  4. 4.
    Ylonen, T., Lonvick, C.: The Secure Shell (SSH) protocol architecture, IETF RFC 4251, January 2006Google Scholar
  5. 5.
    Sermersheim, J.: Lightweight Directory Access Protocol (LDAP): The Protocol, IETF RFC 4511, June 2006Google Scholar
  6. 6.
    Hardt, D.: The OAuth 2.0 Authorization Framework, IETF RFC 6749, October 2012Google Scholar
  7. 7.
    OpenID Connect Core 1.0 incorporating errata set 1. Accessed 08 Nov 2014
  8. 8.
    ECP-Shibboleth Concepts. Accessed 05 Apr 2016
  9. 9.
    Rigney, C.: RADIUS Accounting, IETF RFC 2866, June 2000Google Scholar
  10. 10.
    Application Bridging for Federated Access Beyond Web (ABFAB) IETF Working Group. Accessed 30 Sept 2016
  11. 11.
    Linn, J.: Generic Security Service Application Program Interface Version 2, Update 1, IETF RFC 2743, January 2000Google Scholar
  12. 12.
    Pereniguez, F., Marin-Lopez, R., Kambourakis, G., et al.: PrivaKERB: a user privacy framework for Kerberos. Comput. Secur. 30(6/7), 446–463 (2011)CrossRefGoogle Scholar
  13. 13.
    Köhler, J., Simon, M., Nussbaumer, M., Hartenstein, H.: Federating HPC access via SAML: towards a plug-and-play solution. In: Kunkel, J.M., Ludwig, T., Meuer, H.W. (eds.) ISC 2013. LNCS, vol. 7905, pp. 462–473. Springer, Heidelberg (2013). Scholar
  14. 14.
    Perez-Mendez, A., Pereniguez-Garcia, F., Marin-Lopez, R., et al.: Identity federations beyond the web: a survey. IEEE Commun. Surv. Tutor. 16(4), 2125–2141 (2014)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2019

Authors and Affiliations

  1. 1.East China Normal UniversityShanghaiChina

Personalised recommendations