Abstract
Authentication is the process of determining whether someone or something is, in fact, who or what they are declared to be. The authentication process uses credentials (claims) containing authentication information within one of many possible authentication protocols to establish the identities of the parties that wish to collaborate. Claims are representations that are provided by a trusted entity and can be verified and validated. Of the many authentication protocols, including self-attestation, username/password and presentation of credentials, only the latter can be treated as claims. This is a key aspect of our enterprise solution, in that all active entities (persons, machines, and services) are credentialed and the authentication is bi-lateral, that is, each entity makes a claim to the other entity in every communication session initiated. This paper describes authentication that uses the TLS protocols primarily since these are the dominant protocols above the transport layer on the Internet. Initial user authentication may be upgraded to multi-factor as discussed in the text. Other higher layer protocols, such as WS-Security, WS-Federation and WS-Trust, that use a Public Key Infrastructure credential for authentication, integrate via middleware. This authentication is claims based and is a part of an enterprise level security solution that has been piloted and is undergoing operational standup.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
W.R. Simpson, C. Chandersekaran, in WCE 2013: Claims-Based Authentication for a Web-Based Enterprise. Proceedings World Congress on Engineering, London, July 2013. Lecture Notes in Engineering and Computer Science (3–5 July 2013), pp. 524–529
Public Key Cryptography Standard, PKCS #1 v2.1: RSA Cryptography Standard, RSA Laboratories, 14 June 2002
FIPS PUB 140, Security Requirements for Cryptographic Modules. National Institute of Standards, Gaithersburg, Maryland, 25 May 2001
Internet Engineering Task Force (IETF) Standards. RFC 2459: “Internet X.509 Public Key Infrastructure Certificate and CRL Profile”, January 1999
Standard for Naming Active Entities on DoD IT Networks, Version 3.5 (or current), 23 September 2010
Internet Engineering Task Force (IETF) Standards. RFC 4120: The Kerberos Network Authentication Service V5), updated by RFC 4537 and 5021
S. Cantor et al. Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005
C. Chandersekaran, W.R. Simpson, in IMETI2010: A SAML Framework for Delegation, Attribution and Least Privilege. The 3rd International Multi-Conference on Engineering and Technological Innovation, Orlando, FL, July 2010, vol. 2, pp. 303–308
W.R. Simpson, C. Chandersekaran, in IMETI2010: Use Case Based Access Control. The 3rd International Multi-Conference on Engineering and Technological Innovation, Orlando, FL, July 2010,vol. 2, pp. 297–302
FPKI-Prof Federal PKI X.509 Certificate and CRL Extensions Profile, Version 6, 12 October 2005
Internet Engineering Task Force (IETF) Standards. RFC 5246: “The Transport Layer Security (TLS) Protocol Version 1.2”, August 2008
Internet Engineering Task Force (IETF) Standards. STD 66 (RFC3986) Uniform Resource Identifier (URI): Generic Syntax, T. Berners-Lee, R. Fielding, L. Masinter, January 2005
C. Chandersekaran, W.R. Simpson, in WCE 2012: Claims-Based Enterprise-Wide Access Control. Proceedings World Congress on Engineering 2012, 30 June–July 2012, London. Lecture Notes in Engineering and Computer Science, pp. 524–529
N. Ragouzis et al., Security Assertion Markup Language (SAML) V2.0 Technical Overview. OASIS Committee Draft, March 2008
P. Madsen et al., SAML V2.0 Executive Overview. OASIS Committee Draft, Apr 2005
P. Mishra et al. Conformance Requirements for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005
S. Cantor et al. Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005
S. Cantor et al. Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005
S. Cantor et al. Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005
F. Hirsch et al. Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005
J. Hodges et al. Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005
WS-ReliableMessaging Specification 1.2. http://docs.oasis-open.org/ws-rx/wsrm/200702 OASIS, 2 February 2009
WS-SecureConversation Specification 1.4. http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512 OASIS, February 2009
W.R. Simpson, C. Chandersekaran, in IMETI2009: Information Sharing and Federation. The 2nd International Multi-Conference on Engineering and Technological Innovation, Orlando, FL, July 2009, vol. 1, pp. 300–305
W.R. Simpson, C. Chandersekaran, A. Trice, in IMET 2008: Cross-Domain Solutions in an Era of Information Sharing. The 1st International Multi-Conference on Engineering and Technological Innovation, Orlando, FL, June 2008, vol. 1, pp. 313–318
C. Chandersekaran, W.R. Simpson, in W3C: The Case for Bi-lateral End-to-End Strong Authentication. World Wide Web Consortium Workshop on Security Models for Device APIs, London, December 2008, pp. 4
C. Chandersekaran, W.R. Simpson, in CCSIT-2011: A Model for Delegation Based on Authentication and Authorization. The First International Conference on Computer Science and Information Technology. Lecture Notes in Computer Science (Springer, Heildleberg, 2011), 20 pp
W.R. Simpson, C. Chandersekaran, in CCT2011: An Agent Based Monitoring System for Web Services. The 16th International Command and Control Research and Technology Symposium, Orlando, FL, April 2011, vol. 2, pp. 84–89
W.R. Simpson, C. Chandersekaran, An agent-based web-services monitoring system. Int. J. Comput. Technol. Appl. 2(9), 675–685 (2011)
W.R. Simpson, C. Chandersekaran, R. Wagner, in WCECS 2011: High Assurance Challenges for Cloud Computing. Proceedings of World Congress on Engineering and Computer Science 2011, San Francisco, October 2011. Lecture Notes in Engineering and Computer Science, pp. 61–66
W.R. Simpson, C. Chandersekaran, in WCE 2012: Assured Content Delivery in the Enterprise. Proceedings World Congress on Engineering 2012, 30 June–July 2012, London. Lecture Notes in Engineering and Computer Science, pp. 555–560
C. Chandersekaran, W.R. Simpson, in Co-Existence of High Assurance and Cloud-Based Computing. Book Chapter, IAENG Transactions on Engineering Technologies—Special Edition of the World Congress on Engineering and Computer Science 2011. Lecture Notes in Electrical Engineering 170. DOI: 10.1007/978-94-007-4786-9, ISBN: 978-94-007-4785-2, May 2012, Chap. 16 (Springer Science+Business Media, Dordrecht 2012) 14 pp
W.R. Simpson, C. Chandersekaran, in WCECS2012: Enterprise High Assurance Scale-up. Proceedings World Congress on Engineering and Computer Science 2012, 24–26 October 2012, San Francisco, USA. Lecture Notes in Engineering and Computer Science, pp. 54–59
C. Chandersekaran, W.R. Simpson, A uniform claims-based access control for the enterprise. Int. J. Sci. Comput. 6(2), 1–23 (2012). ISSN: 0973-578X
C. Chandersekaran, W.R. Simpson, in WCECS2013: Cryptography for a High-Assurance Web-Based Enterprise. Proceedings World Congress on Engineering and Computer Science 2013, San Francisco, USA. Lecture Notes in Engineering and Computer Science, pp. 23–28
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media Dordrecht
About this paper
Cite this paper
Simpson, W.R., Chandersekaran, C. (2014). Claims-Based Authentication for an Enterprise that Uses Web Services. In: Yang, GC., Ao, SI., Gelman, L. (eds) Transactions on Engineering Technologies. Springer, Dordrecht. https://doi.org/10.1007/978-94-017-8832-8_45
Download citation
DOI: https://doi.org/10.1007/978-94-017-8832-8_45
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-017-8831-1
Online ISBN: 978-94-017-8832-8
eBook Packages: EngineeringEngineering (R0)