Title :
Analysis of liberty single-sign-on with enabled clients
Author :
Pfitzmann, Birgit ; Waidner, Michael
Author_Institution :
IBM Zurich Res. Lab., Ruschlikon, Switzerland
Abstract :
Web single-sign-on protocols-such as Microsoft passport, Oasis´s security assertion markup language (SAML), and the Internet2 project Shibboleth, aim to solve security problems by letting individuals log in to many Internet services while authenticating only once, or at least always in the same way. Enterprises hope that single-sign-on protocols will significantly decrease customer-care costs due to forgotten passwords and increase e-commerce transactions by enhancing the user experience. Commercial interest centers on distributed enterprises and on small federations of enterprises with existing business relationships, such as supply chains. We concentrate on the liberty-enabled client and proxy (LECP) profile. The LECP protocol assumes a special protocol-aware client (the enabled client). We also consider the design of security protocols based on XML and Web services.
Keywords :
Internet; XML; authorisation; computer crime; data privacy; message authentication; protocols; Internet service; Internet2 project Shibboleth protocol; LECP protocol; Microsoft passport protocol; Oasis security assertion markup language protocol; Web service; Web single-sign-on protocol; XML; authentication; distributed enterprise; e-commerce transaction; liberty-enabled client and proxy; security protocol design; supply chain; Access protocols; Authentication; Costs; Credit cards; Cryptographic protocols; Cryptography; Information security; Markup languages; Web and internet services; Wireless application protocol;
Journal_Title :
Internet Computing, IEEE
DOI :
10.1109/MIC.2003.1250582
