Title :
Leveraging PKI in SAML 2.0 Federation for Enhanced Discovery Service
Author :
Kataoka, Toshiyuki ; Nishimura, Takeshi ; Shimaoka, Masaki ; Yamaji, Kazutsuna ; Nakamura, Motonori ; Sonehara, Noboru ; Okabe, Yasuo
Author_Institution :
Nat. Inst. of Inf., Tokyo, Japan
Abstract :
The University Public Key Infrastructure (UPKI) project in Japan is developing a national academic inter-institution authentication and authorization infrastructure based on the Public Key Infrastructure (PKI), and it is carrying out a feasibility study on SAML 2.0 federation by building a Shibboleth2.x test-bed called UPKI-Fed with about thirty university participants. Federation usually provides a discovery service (DS, previously called WAYF) to a user since he/she needs to select his/her identity provider (IdP). This IdP selection becomes a serious problem as the number of IdP grows. We solved this problem for a user using client certificate authentication by developing a DS plug-in called DS-PKI Plug-In to leverage securely stored information in a PKI certificate.
Keywords :
authorisation; public key cryptography; Japan; PKI certificate; SAML 2.0 Federation; University Public Key Infrastructure project; authorization infrastructure; client certificate authentication; discovery service; enhanced discovery service; identity provider selection; national academic interinstitution authentication; Authentication; Authorization; Informatics; Information security; National security; Portals; Public key; Testing; Web and internet services; Web server; Discovery Service; Federation; PKI; SAML 2.0; Shibboleth; UPKI;
Conference_Titel :
Applications and the Internet, 2009. SAINT '09. Ninth Annual International Symposium on
Conference_Location :
Bellevue, WA
Print_ISBN :
978-1-4244-4776-3
Electronic_ISBN :
978-0-7695-3700-9
DOI :
10.1109/SAINT.2009.56
