Title :
Negotiation-Based Trust Establishment for Shibboleth
Author :
Wang, Huaiye ; Shen, Fuke
Author_Institution :
Dept. of Comput. Sci., East China Normal Univ., Shanghai, China
Abstract :
In frameworks of Shibboleth, if the identity provider (IdP) receives a request from the service provider (SP), before sending back the response, it must verify the SP\´s identity by its metadata file. The same as in SP. However, these metadata files are stored in local and if the metadata file is modified hostilely, the trust establishment will be damaged. We focus on Shibboleth and propose a solution of trust establishment between an IdP and a SP for Shibboleth. While in the conventional framework of Shibboleth trust establishment is done by local metadata file, in our solution trust establishment is done by negotiation, an SP or IdP requests the discovery service (DS) whether the provider is trusty, then the DS returns either "true" or "false" to the SP or IdP.
Keywords :
Internet; authorisation; IdP request; SP request; Shibboleth system; Web single sign-on; discovery service; identity provider; metadata file; negotiation-based trust establishment; service provider; Access control; Authentication; Authorization; Computer architecture; Computer science; Information retrieval; Information science; Information security; Protection; Service oriented architecture;
Conference_Titel :
Information Science and Engineering (ICISE), 2009 1st International Conference on
Conference_Location :
Nanjing
Print_ISBN :
978-1-4244-4909-5
DOI :
10.1109/ICISE.2009.775
