Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Claims-Based Authentication for an Enterprise that Uses Web Services

  • Conference paper
  • First Online:
Transactions on Engineering Technologies

  • 1500 Accesses

Abstract

Authentication is the process of determining whether someone or something is, in fact, who or what they are declared to be. The authentication process uses credentials (claims) containing authentication information within one of many possible authentication protocols to establish the identities of the parties that wish to collaborate. Claims are representations that are provided by a trusted entity and can be verified and validated. Of the many authentication protocols, including self-attestation, username/password and presentation of credentials, only the latter can be treated as claims. This is a key aspect of our enterprise solution, in that all active entities (persons, machines, and services) are credentialed and the authentication is bi-lateral, that is, each entity makes a claim to the other entity in every communication session initiated. This paper describes authentication that uses the TLS protocols primarily since these are the dominant protocols above the transport layer on the Internet. Initial user authentication may be upgraded to multi-factor as discussed in the text. Other higher layer protocols, such as WS-Security, WS-Federation and WS-Trust, that use a Public Key Infrastructure credential for authentication, integrate via middleware. This authentication is claims based and is a part of an enterprise level security solution that has been piloted and is undergoing operational standup.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. W.R. Simpson, C. Chandersekaran, in WCE 2013: Claims-Based Authentication for a Web-Based Enterprise. Proceedings World Congress on Engineering, London, July 2013. Lecture Notes in Engineering and Computer Science (3–5 July 2013), pp. 524–529

    Google Scholar 

  2. Public Key Cryptography Standard, PKCS #1 v2.1: RSA Cryptography Standard, RSA Laboratories, 14 June 2002

    Google Scholar 

  3. FIPS PUB 140, Security Requirements for Cryptographic Modules. National Institute of Standards, Gaithersburg, Maryland, 25 May 2001

    Google Scholar 

  4. Internet Engineering Task Force (IETF) Standards. RFC 2459: “Internet X.509 Public Key Infrastructure Certificate and CRL Profile”, January 1999

    Google Scholar 

  5. Standard for Naming Active Entities on DoD IT Networks, Version 3.5 (or current), 23 September 2010

    Google Scholar 

  6. Internet Engineering Task Force (IETF) Standards. RFC 4120: The Kerberos Network Authentication Service V5), updated by RFC 4537 and 5021

    Google Scholar 

  7. S. Cantor et al. Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005

    Google Scholar 

  8. C. Chandersekaran, W.R. Simpson, in IMETI2010: A SAML Framework for Delegation, Attribution and Least Privilege. The 3rd International Multi-Conference on Engineering and Technological Innovation, Orlando, FL, July 2010, vol. 2, pp. 303–308

    Google Scholar 

  9. W.R. Simpson, C. Chandersekaran, in IMETI2010: Use Case Based Access Control. The 3rd International Multi-Conference on Engineering and Technological Innovation, Orlando, FL, July 2010,vol. 2, pp. 297–302

    Google Scholar 

  10. FPKI-Prof Federal PKI X.509 Certificate and CRL Extensions Profile, Version 6, 12 October 2005

    Google Scholar 

  11. Internet Engineering Task Force (IETF) Standards. RFC 5246: “The Transport Layer Security (TLS) Protocol Version 1.2”, August 2008

    Google Scholar 

  12. Internet Engineering Task Force (IETF) Standards. STD 66 (RFC3986) Uniform Resource Identifier (URI): Generic Syntax, T. Berners-Lee, R. Fielding, L. Masinter, January 2005

    Google Scholar 

  13. C. Chandersekaran, W.R. Simpson, in WCE 2012: Claims-Based Enterprise-Wide Access Control. Proceedings World Congress on Engineering 2012, 30 June–July 2012, London. Lecture Notes in Engineering and Computer Science, pp. 524–529

    Google Scholar 

  14. N. Ragouzis et al., Security Assertion Markup Language (SAML) V2.0 Technical Overview. OASIS Committee Draft, March 2008

    Google Scholar 

  15. P. Madsen et al., SAML V2.0 Executive Overview. OASIS Committee Draft, Apr 2005

    Google Scholar 

  16. P. Mishra et al. Conformance Requirements for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005

    Google Scholar 

  17. S. Cantor et al. Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005

    Google Scholar 

  18. S. Cantor et al. Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005

    Google Scholar 

  19. S. Cantor et al. Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005

    Google Scholar 

  20. F. Hirsch et al. Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005

    Google Scholar 

  21. J. Hodges et al. Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005

    Google Scholar 

  22. WS-ReliableMessaging Specification 1.2. http://docs.oasis-open.org/ws-rx/wsrm/200702 OASIS, 2 February 2009

  23. WS-SecureConversation Specification 1.4. http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512 OASIS, February 2009

  24. W.R. Simpson, C. Chandersekaran, in IMETI2009: Information Sharing and Federation. The 2nd International Multi-Conference on Engineering and Technological Innovation, Orlando, FL, July 2009, vol. 1, pp. 300–305

    Google Scholar 

  25. W.R. Simpson, C. Chandersekaran, A. Trice, in IMET 2008: Cross-Domain Solutions in an Era of Information Sharing. The 1st International Multi-Conference on Engineering and Technological Innovation, Orlando, FL, June 2008, vol. 1, pp. 313–318

    Google Scholar 

  26. C. Chandersekaran, W.R. Simpson, in W3C: The Case for Bi-lateral End-to-End Strong Authentication. World Wide Web Consortium Workshop on Security Models for Device APIs, London, December 2008, pp. 4

    Google Scholar 

  27. C. Chandersekaran, W.R. Simpson, in CCSIT-2011: A Model for Delegation Based on Authentication and Authorization. The First International Conference on Computer Science and Information Technology. Lecture Notes in Computer Science (Springer, Heildleberg, 2011), 20 pp

    Google Scholar 

  28. W.R. Simpson, C. Chandersekaran, in CCT2011: An Agent Based Monitoring System for Web Services. The 16th International Command and Control Research and Technology Symposium, Orlando, FL, April 2011, vol. 2, pp. 84–89

    Google Scholar 

  29. W.R. Simpson, C. Chandersekaran, An agent-based web-services monitoring system. Int. J. Comput. Technol. Appl. 2(9), 675–685 (2011)

    Google Scholar 

  30. W.R. Simpson, C. Chandersekaran, R. Wagner, in WCECS 2011: High Assurance Challenges for Cloud Computing. Proceedings of World Congress on Engineering and Computer Science 2011, San Francisco, October 2011. Lecture Notes in Engineering and Computer Science, pp. 61–66

    Google Scholar 

  31. W.R. Simpson, C. Chandersekaran, in WCE 2012: Assured Content Delivery in the Enterprise. Proceedings World Congress on Engineering 2012, 30 June–July 2012, London. Lecture Notes in Engineering and Computer Science, pp. 555–560

    Google Scholar 

  32. C. Chandersekaran, W.R. Simpson, in Co-Existence of High Assurance and Cloud-Based Computing. Book Chapter, IAENG Transactions on Engineering Technologies—Special Edition of the World Congress on Engineering and Computer Science 2011. Lecture Notes in Electrical Engineering 170. DOI: 10.1007/978-94-007-4786-9, ISBN: 978-94-007-4785-2, May 2012, Chap. 16 (Springer Science+Business Media, Dordrecht 2012) 14 pp

  33. W.R. Simpson, C. Chandersekaran, in WCECS2012: Enterprise High Assurance Scale-up. Proceedings World Congress on Engineering and Computer Science 2012, 24–26 October 2012, San Francisco, USA. Lecture Notes in Engineering and Computer Science, pp. 54–59

    Google Scholar 

  34. C. Chandersekaran, W.R. Simpson, A uniform claims-based access control for the enterprise. Int. J. Sci. Comput. 6(2), 1–23 (2012). ISSN: 0973-578X

    Google Scholar 

  35. C. Chandersekaran, W.R. Simpson, in WCECS2013: Cryptography for a High-Assurance Web-Based Enterprise. Proceedings World Congress on Engineering and Computer Science 2013, San Francisco, USA. Lecture Notes in Engineering and Computer Science, pp. 23–28

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Defense Analyses, 4850 Mark Center Drive, Alexandria, VA, 22311, USA

    William R. Simpson & Coimbatore Chandersekaran

Authors
  1. William R. Simpson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Coimbatore Chandersekaran
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to William R. Simpson .

Editor information

Editors and Affiliations

  1. Department of Multimedia Engineering, College of Engineering, Mokpo National University, Mokpo, Jeonnam, Korea, Republic of (South Korea)

    Gi-Chul Yang

  2. Unit 1, 1/F IAENG Secretariat, International Association of Engine, Hong Kong, Hong Kong SAR

    Sio-Iong Ao

  3. Department of Applied Mathematics and Computing, Cranfield University, Cranfield, Bedfordshire, United Kingdom

    Len Gelman

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer Science+Business Media Dordrecht

About this paper

Cite this paper

Simpson, W.R., Chandersekaran, C. (2014). Claims-Based Authentication for an Enterprise that Uses Web Services. In: Yang, GC., Ao, SI., Gelman, L. (eds) Transactions on Engineering Technologies. Springer, Dordrecht. https://doi.org/10.1007/978-94-017-8832-8_45

Download citation

  • DOI: https://doi.org/10.1007/978-94-017-8832-8_45

  • Published:

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-94-017-8831-1

  • Online ISBN: 978-94-017-8832-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation