Attribute Aggregating System for Shibboleth Based Access Management Federation

Author

Yamaji, Kazutsuna ; Kataoka, Toshiyuki ; Nakamura, Motonori ; Orawiwattanakul, Tananun ; Sonehara, Noboru

Author_Institution

R&D Center for Acad. Networks, Nat. Inst. of Inf., Tokyo, Japan

fYear

2010

fDate

19-23 July 2010

Firstpage

281

Lastpage

284

Abstract

In a federation, single sign-on (SSO) for web applications can be achieved by performing authentication at the user´s home organization called identity provider (IdP) and authorization at the service provider (SP). The IdP provides the user´s information to the SP though the attribute exchange and the SP assigns the authorized access level for the user according to the data in the attributes. The SP trusts the attributes sent from the trusted IdP. However, the authorized access level of the user is limited in some circumstance when the trusted IdP cannot provide enough user´s information to the SP. This study develops an attribute aggregating system that integrates user´s information from different IdPs which is operated by different federated domain. Currently, our developed system is implemented in the Japanese academic society federation called Informatics Square.

Keywords

Internet; authorisation; Japanese academic society federation; Shibboleth based access management federation; Web application; attribute aggregating system; authorization; home organization; identity provider; informatics square; service provider; single sign-on; Application programming interface; Authentication; Authorization; Informatics; Libraries; Organizations; Attribute; Authentication; Authorization; Federation; GakuNin; ID Provider; SAML; Shibboleth;

fLanguage

English

Publisher

ieee

Conference_Titel

Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on

Conference_Location

Seoul

Print_ISBN

978-1-4244-7526-1

Electronic_ISBN

978-0-7695-4107-5

Type

conf

DOI

10.1109/SAINT.2010.14

Filename

5598061