论文信息 - Leveraging social networks to gain access to organisational resources

Leveraging social networks to gain access to organisational resources

We describe a federated identity management service that allows users to access organisational resources using their existing login accounts at social networking and other sites, without compromising the security of the organisation's resources. We utilise and extend the Level of Assurance (LoA) concept to ensure the organisation's site remains secure. Users are empowered to link together their various accounts, including their organizational one with an external one, so that the strongest registration procedure of one linked account can be leveraged by the other sites' login processes that have less stringent registration procedures. Coupled with attribute release from their organizational account, this allows users to escalate their privileges due to either an increased LoA, or additional attributes, or both. The conceptual and architectural designs are described, followed by the implementation details, the user trials we carried out, and a discussion of the current limitations of the system.

[1] Purushotham Bangalore,et al. Cross‐domain authorization for federated virtual organizations using the myVocs collaboration environment , 2009, Concurr. Comput. Pract. Exp..

[2] Andreas Matheus,et al. How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[3] Jeff Hodges,et al. Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2. 0 , 2001 .

[4] Ken Klingenstein,et al. Federated Security: The Shibboleth Approach , 2004 .

[5] David W. Chadwick,et al. Attribute Aggregation in Federated Identity Management , 2009, Computer.

[6] Larry L. Peterson,et al. Reasoning about naming systems , 1993, TOPL.