DocumentCode
2927638
Title
Integrating OAuth with Information card systems
Author
Al-Sinani, Haitham S.
Author_Institution
Inf. Security Group, Univ. of London, London, UK
fYear
2011
fDate
5-8 Dec. 2011
Firstpage
198
Lastpage
203
Abstract
We propose a novel scheme to provide client-based interoperation between OAuth and an Information Card system such as CardSpace or Higgins. In this scheme, Information Card users are able to obtain a security token from an OAuth-enabled system, the contents of which can be processed by an Information Card-enabled relying party. The scheme, based on a browser extension, is transparent to OAuth providers and to identity selectors, and only requires minor changes to the operation of an Information Card-enabled relying party. We specify its operation and describe an implementation of a proof-of-concept prototype. Security and operational analyses are also provided.
Keywords
authorisation; open systems; smart cards; Information Card-enabled relying party; OAuth provider; OAuth-enabled system; browser extension; client-based interoperation; identity selectors; information card system; information card users; security token; Authorization; Browsers; Facebook; HTML; Protocols; Servers; CardSpace; Information Cards; OAuth;
fLanguage
English
Publisher
ieee
Conference_Titel
Information Assurance and Security (IAS), 2011 7th International Conference on
Conference_Location
Melaka
Print_ISBN
978-1-4577-2154-0
Type
conf
DOI
10.1109/ISIAS.2011.6122819
Filename
6122819
Link To Document