A Scheme for Confidentiality Protection of OpenID Authentication Mechanism

Single Sign-On (SSO) means that a user logs in once and gains access to all systems without being prompted to log in again at each of them. As a solution to SSO, OpenID can simplify users´ operation process and reduce the resource provider´s overhead. Its application is becoming popular. However, there are still some security problems in OpenID, such as some confidential resources might be downloaded by some un-granted users. How to implement the confidentiality protection in OpenID authentication mechanism as a problem of multilevel security has become a topic of concern and hence research on the multilevel security of the OpenID is significant. Based on the Single Sign-On solutions, we introduced the basic OpenID infrastructure, including its components, hierarchy and other key issues. Then we proposed a security access control scheme for OpenID based on BLP model, which can be used to solve the problem on access control of multi-level security, and we store the security label in XML document.