论文信息 - A Cross-IdP Single Sign-On Method in SAML-Based Architecture

A Cross-IdP Single Sign-On Method in SAML-Based Architecture

Security Assertion Markup Language, which is an XML-based framework, has been developed to describe and exchange authorization and authentication information between on-line business partners. One of the major applications is used to achieve single sign-on through different cloud services. SAML has provided the basic assertion of security that allows the user to surf hybrid clouds of the enterprise. The identify provider, which in charge of the management of the user information, can help users access these services effortlessly. However, the user anonymity of SSO from different identify providers is still an open issue even in SAML 2.0. In this study, we propose a SSO architecture for hybrid cloud to achieve identity federation cross-IdP using SAML, which provide the user an enterprise-crossed, services-integrated, backward compatible, and anonymity-maintained environment.

Chien-Chao Tseng | Chorng-Shiuh Koong | Tzu-I Yang

[1] Eve Maler,et al. The Venn of Identity: Options and Issues in Federated Identity Management , 2008, IEEE Security & Privacy.

[2] Elisa Bertino,et al. An integrated approach to federated identity and privilege management in open systems , 2007, CACM.

[3] Zhu Cheng-rong. Design and Implementation of Single Sign-on Using Yale-CAS , 2007 .

[4] Drummond Reed,et al. OpenID 2.0: a platform for user-centric identity management , 2006, DIM '06.

[5] Go Hasegawa,et al. A Report of Campus-Wide IT Authentication Platform System Development in Osaka University , 2007, 2007 International Symposium on Applications and the Internet Workshops.

[6] Andrew D. Gordon,et al. Verified implementations of the information card federated identity-management protocol , 2008, ASIACCS '08.

[7] Somchart Fugkeaw,et al. A Robust Single Sign-On Model Based on Multi-Agent System and PKI , 2007, Sixth International Conference on Networking (ICN'07).