Title :
Federated Authentication in a Hierarchy of IdPs by Using Shibboleth
Author :
Sato, Hikaru ; Nishimura, T.
Author_Institution :
Inf. Technol. Center, Univ. of Tokyo, Tokyo, Japan
Abstract :
By using widespread single sign-on (SSO) technologies, it is becoming common that services are provided in the form of SSO. However, it is also becoming common that the structure of IdPs is complex. A single person may have his/her identity in an organizations, in its sub organizations, and possibly in a virtual organization. A problem is that such identities are provided by independent IdPs. Considering that a major motivation of SSO is that we can reduce cost by integrating authentication, this scenario is never desirable. To solve this problem, we propose a hierarchy of IdPs. In particular, an IdP in a sub organization can rely on assertions of its parent organization, which enables authentication delegation. Moreover, delegation of authentication introduces hierarchy of trust. We define its protocol based on the idea that an IdP also issues authentication request to other IdPs as usual SPs. Its prototype implementation on Shibboleth is also shown. Our authentication delegation is widely applicable to actual scenarios in hierarchically organized institutions and virtual organizations.
Keywords :
authorisation; protocols; virtual enterprises; IdP; Shibboleth; authentication delegation; federated authentication; hierarchically organized institutions; protocol; single sign-on technologies; virtual organization; Authentication; Bridges; Engines; Organizations; Protocols; Prototypes; authentication; delegation; federation; middleware; trust;
Conference_Titel :
Applications and the Internet (SAINT), 2011 IEEE/IPSJ 11th International Symposium on
Conference_Location :
Munich, Bavaria
Print_ISBN :
978-1-4577-0531-1
Electronic_ISBN :
978-0-7695-4423-6
DOI :
10.1109/SAINT.2011.62
