Risk Management for Dynamic Metadata Exchange via a Trusted Third Party

Daniela Pöhn

Abstract

Inter-organizational access to IT services based on the predominant standard of Federated Identity Management (FIM), the Security Assertion Markup Language (SAML), suffers from scalability issues related to metadata exchange. In order to overcome these issues, an approach for automated metadata exchange between Identity Provider (IDP) and Service Provider (SP) via a Trusted Third Party (TTP) is presented in this article. Based on the architecture, risk management with threats and counter measures is applied by using a risk management template. Special emphasis is put on the secure design of the automated metadata exchange.

References

  1. Cantor, S., Kemp, J., Philpott, R., and Maler, E. (2005a). Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. Technical report, OASIS.
  2. Cantor, S., Moreh, J., Philpott, R., and Maler, E. (2005b). Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0. Technical report, OASIS.
  3. DFN-AAI (2015). DFN-AAI - Authentication and authorization infrastructure. https://www.aai.dfn.de/en/ [accessed: 2015-11-30].
  4. Ferdous, M. S. and Poet, R. (2013). Dynamic identity federation using security assertion markup language (saml). In Policies and Research in Identity Management, pages 131-146. Springer Berlin Heidelberg.
  5. G ÓANT (2015). edugain membership status. https://technical.edugain.org/status.php [accessed: 2015-11-30].
  6. Hardt, D. (2012). The OAuth 2.0 Authorization Framework. Rfc6749, IETF.
  7. Hommel, W., Metzger, S., and Steinke, M. (2015). Information Security Risk Management in Higher Education Institutions: From Processes to Operationalization. In Proceedings of the 21th congress of the European University Information Systems Organisation, pages 190-201. EUNIS.
  8. InCommon (2015). About InCommon. http://www.incommonfederation.org/about.html [accessed: 2015-11-30].
  9. Jiang, J., Duan, H., Lin, T., Qin, F., and Hong, Z. (2011). A federated identity management system with centralized trust and unified single sign-on. InCommunications and Networking in China (CHINACOM), 2011 6th International ICST Conference on, pages 785- 789. IEEE.
  10. Odette (2009). Odette sesam specification for building up federated single-sign-on (sso) scenarios between companies in the automotive sector - draft of 15.07.2009. Technical report, Odette.
  11. Pöhn, D. (2015a). Dynamic automated metadata exchange - draft-pohn-dame-03. Work in Progress.
  12. Pöhn, D. (2015b). Topology of Dynamic Metadata Exchange via a Trusted Third Party. In GI-Edition 251 - Open Identity Summit 2015. GI.
  13. Pöhn, D., Metzger, S., and Hommel, W. (2014). GéantTrustBroker: Dynamic, Scalable Management of SAML-Based Inter-federation Authentication and Authorization Infrastructures. In ICT Systems Security and Privacy Protection, pages 307-320. Springer Berlin Heidelberg.
  14. Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., and Mortimore, C. (2014). OpenID Connect Core 1.0. Technical report, OpenID Foundation.
  15. Young, I. A. (2015). Metadata Query Protocol - draftyoung-md-query-05. Work in Progress.
  16. Young, I. A. and Joie, C. L. (2009). Interfederation and metadata exchange: Concepts and methods. http://iay.org.uk/blog/2009/05/conceptsv1.10.pdf [accessed: 2015-11-30].
Download


Paper Citation


in Harvard Style

Pöhn D. (2016). Risk Management for Dynamic Metadata Exchange via a Trusted Third Party . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 227-234. DOI: 10.5220/0005651702270234


in Bibtex Style

@conference{icissp16,
author={Daniela Pöhn},
title={Risk Management for Dynamic Metadata Exchange via a Trusted Third Party},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={227-234},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005651702270234},
isbn={978-989-758-167-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Risk Management for Dynamic Metadata Exchange via a Trusted Third Party
SN - 978-989-758-167-0
AU - Pöhn D.
PY - 2016
SP - 227
EP - 234
DO - 10.5220/0005651702270234