nach oben

Erschienen in:

2014 | OriginalPaper | Buchkapitel

3. Universal Identity Management Based on Delegation in SOA

verfasst von : Yang Zhang, Jun-Liang Chen

Erschienen in: Advanced Web Services

Verlag: Springer New York

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Relationship-focused and credential-focused identity management are both user-centric notions in Service-oriented architecture (SOA). For composite services, pure user-centric identity management is inefficient because each sub-service may authenticate and authorize users and users need to participate in every identity provisioning transaction. If the above two paradigms are unified into universal identity management, where identity information and privileges are delegatable, user-centricity will be more feasible in SOA. The credential-focused system is a good starting point for constructing a universal identity management system. However, how to implement a practical delegation scheme is still a challenge although some delegatable anonymous credential schemes have been theoretically constructed. This paper aims to propose a practical solution for universal identity management. For this, a pseudonym-based signature scheme is firstly designed, where pseudonyms are self-generated and unlinkable for realizing user privacy. Next, a proxy signature is presented with the pseudonyms as public keys where delegation can be achieved through certificate chains. Finally, the WS-Federation is extended to build a universal identity management solution.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel A Generic Framework for Testing the Web Services Transactions

Nächstes Kapitel The Roadmap of Trust and Trust Evaluation in Web Applications and Web Services

Cameron K (2005) Laws of identity http://www.identityblog.com. May 2005

PRIME Consortium. Privacy and Identity Management for Europe (PRIME). http://www.prime-project.eu

Identity-management. Liberty alliance project. http://www.projectliberty.org

Kaler C, Nadalin A (2003) Web services federation language.

Bhargav-Spantzel A, Camenisch J (2006) User Centricity: A Taxonomy and Open Issues. In: The Second ACM Workshop on Digital Identity Management - DIM, 493–527.

Chaum D (1985) Security without identification: transaction systems to make big brother obsolete. Communications of the ACM, 28(10): 1030–1044.

Chaum D, Evertse JH (1986) A secure and privacy-protecting protocol for transmitting personal information between organizations. Advances in Cryptology-CRYPTO’86, p 118–167.

Damgard IB (1988) Payment systems and credential mechanisms with provable security against abuse by individuals. Advances in Cryptology-CRYPTO’88, p 328–335

Chen LD (1995) Access with pseudonyms. Lecture Notes in Computer Science, 1029: 232–243

10.

Lysyanskaya A, Rivest R, Sahai A (1999) Pseudonym systems. In: Selected Areas in Cryptography, 6th Annual International, Workshop, SAC’99, p 184–199

11.

Camenisch J, Lysyanskaya A (2001) Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In: Pfitzmann B (ed) EUROCRYPT 2001, vol 2045 of LNCS, Springer Verlag, p 93–118

12.

Camenisch J, Lysyanskaya A (2002) A signature scheme with efficient protocols. In: SCN 2002, vol 2576 of LNCS, p 268–289

13.

Camenisch J, Lysyanskaya A (2004) Signature schemes and anonymous credentials from bilinear maps. In: CRYPTO 2004, vol 3152 of LNCS, p 56–72

14.

Belenkiy M, Chase M, Kohlweiss M (2008) Non-Interactive Anonymous Credentials. Theoretical Cryptography Conference (TCC) 2008. http:// eprint.iacr.org/2007/384.

15.

Chase M, Lysyanskaya A (2006) On signatures of knowledge. In: Dwork C (ed) CRYPTO 2006, vol 4117 of LNCS, p 78C96

16.

Belenkiy M, Camenisch J, Chase M, Kohlweiss M, Lysyanskaya A, Shacham H (2008) Delegatable Anonymous Credentials. http://eprint.iacr.org/2008/428.

17.

Camenisch J, Sommer D, Zimmermann R (2006) A General Certification Framework with Applica-tions to Privacy-Enhancing Certificate Infrastructures. IFIP International Federation for Information Processing, p 25–37

18.

Mambo M, Usuda K, Okamoto E (1996) Proxy signatures: Delegation of the power to sign mes-sages. IEICE Transaction on Fundamentals, vol. E79-A, no. 9, p 1338–1354.

19.

Kim S, Park S, Won D (1997) Proxy signatures revisited. Proceedings of ICICS97, LNCS 1334, Springer-Verlag, p 223–232

20.

Okamoto T, Tada M, Okamoto E (1999) Extended proxy signatures for smart card. Proceedings of Information Security Workshop99, LNCS 1729. Springer-Verlag, p 247–258

21.

Herranz J, Saez G (2004) Revisiting fully distributed proxy signature schemes. Proceedings of Indocrypt04, LNCS 3348. Springer-Verlag, p 356–370

22.

Fiat A, Shamir A (1986) How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko AM (ed) Proceedings of Crypto 1986, vol 263 of LNCS. Springer-Verlag, p 186–194

23.

Chaum D, van Heyst E (1991) Group signatures. In: Davies DW (ed) Proceedings of Eurocrypt 1991, vol 547 of LNCS. Springer-Verlag, p 257–265

24.

Bellare M, Micciancio D, Warinschi B (2003) Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions. Eurocrypt 03, LNCS 2656. Springer-Verlag, p 614–629

25.

Boneh D, Boyen X (2004) Short Signatures without Random Oracles. Eurocrypt04, LNCS 3027. Springer-Verlag, p 56–73

26.

Bellare M, Shi H, Zhang C (2005) Foundations of Group Signatures: The Case of Dynamic Groups. In: CT C RSA05, LNCS 3376. Springer-Verlag, p 136–153

27.

Delerablee C, Pointcheval D (2006) Dynamic Fully Anonymous Short Group Signatures. Progress in Cryptology - VIETCRYPT 2006, Hanoi, Vietnam, p 193–210

28.

Brickell E, Camenisch J, Chen LQ (2004) Direct anonymous attestation. Proceedings of the ACM Conference on Computer and Communications Security, Washington, DC, p 132–145

29.

Camenisch J (2006) Protecting (anonymous) credentials with the trusted computing groups trusted platform modules, vo1.2. In: Proceedings of the 21st IFIP International Information Security Confer-ence (SEC 2006)

30.

Boneh D, Franklin M (2001) Identity-based encryption from the Weil pairing. In Proc. of CRYPTO’01, vol 2139, p 213–229

31.

Barreto P, Kim H, Bynn B, Scott M (2002) Efficient algorithms for pairing-based cryptosystems. In Proc. CRYPTO’02, p 354–368

32.

Mitsunari S, Sakai R, Kasahara M (2002) A new traitor tracing. IEICE Trans. Vol. E85-A, No.2, p 481–484

33.

Hess F (2002) Efficient identity based signature schemes based on pairings. SAC 2002, LNCS 2595, p 310–324

34.

Zhang F, Kim K (2002) ID-based blind signature and ring signature from pairings. Advances in Cryptology-Asiacrypt 2002.

35.

Huang X, Mu Y, Susilo W, Zhang F, Chen X (2005) A short proxy scheme: efficient authentication in the ubiquitous world. In: EUC Workshops 2005, LNCS 3823, Berlin. Springer-Verlag, p 480–489

36.

MICROSOFT (2005) A technical reference for InfoCard v1.0 in Windows

37.

Higgins Trust Framework, 2006. http://www.eclipse.org/higgins/.

38.

Camenisch J, Herreweghen EV (2002) Design and implementation of the idemix anonymous cre-dential system. Proceedings of the 9th ACM Conference on Computer and Communications, Security, p 21–30

39.

Camenisch J, Gross T, Sommer D (2006) Enhancing Privacy of Federated Identity Management Protocols. Proceedings of the 5th ACM workshop on Privacy in Electronic Society, p 67–72

40.

IBM, Microsoft, Actional, BEA, Computer Associates, Layer 7, Oblix, Open Network, Ping Identity, Reactivity, and Verisign. Web Services Trust Language (WS-Trust). February 2005.

41.

Segev A, Toch E (2009) Context-Based Matching and Ranking of Web Services for Composition. IEEE Transactions on Service Computing, vol 2(3): 210–222

42.

OASIS (2005) Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005.

43.

Liberty Alliance Project (2003) Liberty ID-FF Protocols and Schema Specification. Version 1.2, November 2003. http://www.projectliberty.org/specs.

44.

Gomi H, Hatakeyama M, Hosono S, Fujita S (2005) A Delegation Framework for Federated Identity Management. Proceedings of the 2005 Workshop on Digital Identity Management, p 94–103

45.

Zhang Y, Chen JL (2011) A Delegation Solution for Universal Identity Management in SOA. IEEE Transactions on services computing, p 70–81

Titel: Universal Identity Management Based on Delegation in SOA
verfasst von: Yang Zhang
Jun-Liang Chen
Verlag: Springer New York
Buch: Advanced Web Services
Print ISBN: 978-1-4614-7534-7

Electronic ISBN: 978-1-4614-7535-4

Copyright-Jahr: 2014
DOI: https://doi.org/10.1007/978-1-4614-7535-4_3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"