论文信息 - Authentication and Authorization for Mobile Devices

Authentication and Authorization for Mobile Devices

Nowadays market demand forces companies to adapt to mobile technology. For an enterprise company, this change will bring up security challenges. In this article, we investigate authentication and authorization aspects of security. We conduct a case study in Volvo IT in order to extract their requirements regarding to authentication and authorization of their current and future mobile applications. Also we investigate three security protocols: OAuth, OpenID and SAML to find out to what extent they can satisfy the challenges and requirements. Keywords-component; Authentication; Authorization; Mobility; Mobile Devices; OAuth; OpenID; SAML.

Navid Ranjbar | Abdinejadi Mahdi

[1] Izak Benbasat,et al. The Case Research Strategy in Studies of Information Systems , 1987, MIS Q..

[2] Dobromir Todorov,et al. Mechanics of User Identification and Authentication , 2007 .

[3] P. Samarati,et al. Access control: principle and practice , 1994, IEEE Communications Magazine.

[4] J. Fitzgerald,et al. Managing mobile devices , 2009 .

[5] Eve Maler,et al. The Venn of Identity: Options and Issues in Federated Identity Management , 2008, IEEE Security & Privacy.

[6] Chia-Chi Teng,et al. Mobile Application Development: Essential New Directions for IT , 2010, 2010 Seventh International Conference on Information Technology: New Generations.

[7] James E. Lewis,et al. Web Single Sign-On Authentication using SAML , 2009, ArXiv.

[8] Dick Hardt,et al. The OAuth 2.0 Authorization Framework , 2012, RFC.

[9] Raymond N. J. Veldhuis,et al. Practical Biometric Authentication with Template Protection , 2005, AVBPA.

[10] Michael D. Myers,et al. The qualitative interview in IS research: Examining the craft , 2007, Inf. Organ..