Title :
Secure Bindings of SAML Assertions to TLS Sessions
Author :
Kohlar, Florian ; Schwenk, Jörg ; Jensen, Meiko ; Gajek, Sebastian
Author_Institution :
Horst Gortz Inst. for IT Security, Ruhr Univ., Bochum, Germany
Abstract :
In recent research work, two approaches to protect SAML based Federated Identity Management (FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to strengthen the Same Origin Policy of the browser by taking into account the security guarantees TLS gives. In this paper, we present a third approach which is of further interest beyond IDM protocols: we bind the SAML assertion to the TLS session that has been agreed upon between client and the service provider and thus provide anonymity of the browser.
Keywords :
XML; public key cryptography; SAML artifact; SAML assertion; TLS client certificate; TLS sessions; federated identity management; man-in-the-middle attacks; public key certificate; security assertion markup language; transport layer security; Access protocols; Authentication; Computer security; Cryptographic protocols; Data security; Domain Name System; Identity management systems; Internet; Public key; Web server; Authentication; Federated Identity Management; Kerberos; SAML; SSL; Single-Sign-On; TLS;
Conference_Titel :
Availability, Reliability, and Security, 2010. ARES '10 International Conference on
Conference_Location :
Krakow
Print_ISBN :
978-1-4244-5879-0
DOI :
10.1109/ARES.2010.89
