Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security Protocols

Security Protocols 2003: Security Protocols pp 153–174Cite as

Federated Identity-Management Protocols

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3364))

Abstract

For authentication, one answer to the workshop question “where have all the protocols gone?” is “into federated identity management”. At least this is what many influential industrial players are currently striving for. The best-known examples are Microsoft Passport, the Liberty Alliance’s proposals, and WS-Federation. While there have been many political discussions about Passport, in particular its privacy, and some technical studies of operational risks, there is almost no public literature about the actual protocols and their security.

We start with an overview of the driving factors in this space, the security properties desirable and achievable under the given design constraints, and the protocols proposed so far. We present a new protocol, BBAE, with better privacy and scalability, i.e., absence of single points of control, than prior proposals. We also discuss particular difficulties of rigorously treating a protocol that can be a profile in current standardization efforts.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Needham, R.: Prudent Engineering Practice for Cryptographic Protocols. IEEE Transactions on Software Engineering 22/1, 6–15 (1996)

    Article  Google Scholar 

  2. Anderson, R., Needham, R.: Robustness principles for public key protocols. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 236–247. Springer, Heidelberg (1995)

    Google Scholar 

  3. Bohrer, K., Liu, X., Kesdogan, D., Schonberg, E., Singh, M., Spraragen, S.: Personal Information Management and Distribution. In: 4th Intern. Conf. on Electronic Commerce Research (ICECR-4), Dallas (2001)

    Google Scholar 

  4. Chaum, D.: Security without Identification: Transaction Systems to make Big Brother Obsolete. Communications of the ACM 28/10, 1030–1044 (1985)

    Article  Google Scholar 

  5. Camenisch, J., Van Herreweghen, E.: Design and Implementation of the Idemix Anonymous Credential System. In: 9th ACM Conference on Computer and Communications Security (CCS), pp. 21–30 (2002)

    Google Scholar 

  6. Groß, T.: Security Analysis of the SAML Single Sign-on Browser/Artifact Profile. In: 19th Annual Computer Security Applications Conference (ACSAC 2003). IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  7. IBM Consumer Wallet; White Paper, 1999 (first release 1997), http://www-3.ibm.com/software/webservers/commerce/payment/wallet.pdf

  8. IBM: Enterprise Security Architecture using IBM Tivoli Security Solutions (April 2002), http://www.redbooks.ibm.com/abstracts/sg246014.html

  9. Kormann, D.P., Rubin, A.D.: Risks of the Passport Single Signon Protocol. Computer Networks 33, 51–58 (2000)

    Article  Google Scholar 

  10. Liberty Alliance Project: Liberty Phase 2 Final Specifications (November 2003), http://www.projectliberty.org/specs/lap-phase2-final.zip (v1.0 July 2002)

  11. Microsoft Corporation: .NET Passport documentation, in particular Technical Overview, September 2001 and SDK 2.1 Documentation (started 1999), http://www.passport.com and, http://msdn.microsoft.com/downloads

  12. Passlogix: v-Go Single Signon; White Paper (2000), http://www.passlogix.com/media/pdfs/usable_security.pdf (first release 1999)

  13. Pfitzmann, B., Waidner, M.: BBAE – A General Protocol for Browser-based Attribute Exchange; IBM Research Report RZ 3455 (#93800) 09/09/02, http://www.zurich.ibm.com/security/publications/2002/

  14. Pfitzmann, B., Waidner, M.: Privacy in Browser-Based Attribute Exchange. In: ACM Workshop on Privacy in the Electronic Society (WPES) 2002, pp. 52–62. ACM Press, New York (2003)

    Google Scholar 

  15. Pfitzmann, B., Waidner, M.: Analysis of Liberty Single-Signon with Enabled Clients. IEEE Internet Computing 7(6), 38–44 (2003)

    Article  Google Scholar 

  16. Roboform: Free Web Form Filler and Password Manager (first release 1999), http://www.siber.com/roboform/

  17. Security Assertion Markup Language (SAML). OASIS Standard (November 2002), http://www.oasis-open.org/committees/security/docs/

  18. Shibboleth-Architecture Draft v05 (May 2002), http://middleware.internet2.edu/shibboleth/docs/draft-internet2-shibboleth-arch-v05.pdf (v01 in 2001)

  19. Slemko, M.: Microsoft Passport to Trouble. Rev. 1.18 (November 2001), http://alive.znep.com/~marcs/passport/

  20. BEA, IBM, Microsoft, RSA Security, VeriSign: WS-Federation: Passive Requestor Profile. Draft, Version 1.0 (July 2003), http://www-106.ibm.com/developerworks/webservices/

  21. HTTP Over TLS; Internet RFC 2818 (2000)

    Google Scholar 

  22. XML-Signature Syntax and Processing; W3C Recommendation (February 2002), http://www.w3.org/TR/xmldsig-core/

  23. Zeroknowledge: Freedom Personal Firewall (first release 1999), http://www.freedom.net/products/firewall/index.html

Download references

Author information

Authors and Affiliations

  1. IBM Zurich Research Lab,  

    Birgit Pfitzmann & Michael Waidner

Authors
  1. Birgit Pfitzmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Waidner
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Systems Group, Vrije Universiteit, Amsterdam, The Netherlands

    Bruno Crispo

  2. Georgia Institute of Technology, Atlanta, GA

    James A. Malcolm

  3. Microsoft Research, Cambridge, UK

    Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Pfitzmann, B., Waidner, M. (2005). Federated Identity-Management Protocols. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2003. Lecture Notes in Computer Science, vol 3364. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11542322_20

Download citation

  • DOI: https://doi.org/10.1007/11542322_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28389-8

  • Online ISBN: 978-3-540-31836-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation