Article

Federated identity management for protecting users from ID theft

Authors:

Kenji TakahashiAuthors Info & Claims

DIM '05: Proceedings of the 2005 workshop on Digital identity management

Pages 77 - 83

https://doi.org/10.1145/1102486.1102500

Published: 11 November 2005 Publication History

Abstract

Federated identity management is sometimes criticized as exacerbating the problem of online identity theft, based as it is on the idea of connecting together previously separate islands of identity information. This paper explores this conjecture, and argues that, while such linkages do undeniably increase the potential scope of a successful theft of identity information, this risk is more than offset by the much greater value federated identity, in combination with strong authentication, offers in preventing such theft in the first place.

References

[1]

Liberty Alliance Project. http://www.projectliberty.org/

[2]

Organization for the Advancement of Structured Information Standards. http://www.oasis-open.org/

[3]

S. Cantor and J. Kemp. Liberty ID-FF Protocols and Schema Specification. Version 1.2. Liberty Alliance Project. http://www.projectliberty.org/specs/

[4]

S. Cantor and J. Kemp. Liberty ID-FF Bindings and Profiles Specification. Version 1.2. Liberty Alliance Project. http://www.projectliberty.org/specs/

[5]

J. Tourzan and Y. Koga. Liberty ID-WSF Web Services Framework Overview. Version 1.1. Liberty Alliance Project. http://www.projectliberty.org/specs/

[6]

J. Sergent Liberty ID-WSF Discovery Service Specification. Version 1.2, Liberty Alliance Project. http://www.projectliberty.org/specs/

[7]

R. Aarts. Liberty ID-WSF Interaction Service Specification. Version 1.1. Liberty Alliance Project. http://www.projectliberty.org/specs/

[8]

E. Maler, P. Mishra, and R. Philpott. Assertion and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1. Version 1.1. OASIS Standards. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security

[9]

S. Cantor, F. Hirsch, J. Kemp, R. Philpott, E. Maler, J. Hughes, J. Hodges, P. Mishra, and J. Moreh. Security Assertion Markup Language (SAML) V2.0. Version 2.0. OASIS Standards. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security

[10]

W. Duserick. Whitepaper on Liberty Protocol and Identity Theft. Liberty Alliance Project. http://www.projectliberty.org/about/whitepapers.php

[11]

Bajaj, G. Della-Libera, B. Dixon, M. Dusche, M. Hondo, M. Hur, C. Kaler, H. Lockhart, H. Maruyama, A. Nadalin, N. Nagaratnam, A. Nash, H. Prafullchandra, and J. Shewchuk, Web Services Federation Language (WS-Federation). Version 1.0. http://msdn.microsoft.com/webservices/understanding /advancedwebservices/default.aspx?pull=/library/en-us/dnglobspec/html/ws-federation.asp

[12]

Microsoft Passport Network. http://www.passport.com/

[13]

D. P. Kormann and A. D. Rubin. Risks of the Passport Single Signon Protocol. Computer Networks. Elsevier Science Press. Volume 33. pages 51--58. 2000.

Digital Library

[14]

M. Slemko. Microsoft Passport to Trouble. http://alive.znep.com/~marcs/passport/. November 2001.

[15]

T. Groβ. Security Analysis of the SAML Single Sign-on Browser/Artifact Profile. 19th Annual Computer Security Applications Conference Proceedings. December 2003.

Digital Library

[16]

T. Groβ and B. Pfitzmann. Proving a WS-Federation Passive Requestor Profile. 1st ACM Workshop on Secure Web Services (SWS). ACM Press. October 2004.

Digital Library

Cited By

Al Abdulwahid AClarke NStengel IFurnell SReich C(2016)Continuous and transparent multimodal authenticationCluster Computing10.1007/s10586-015-0510-419:1(455-474)Online publication date: 1-Mar-2016
https://dl.acm.org/doi/10.1007/s10586-015-0510-4
Al Abdulwahid AClarke NFurnell SStengel IReich C(2015)The Current Use of Authentication Technologies: An Investigative Review2015 International Conference on Cloud Computing (ICCC)10.1109/CLOUDCOMP.2015.7149658(1-8)Online publication date: Apr-2015
https://doi.org/10.1109/CLOUDCOMP.2015.7149658
Al Abdulwahid AClarke NStengel IFurnell SReich C(2015)Security, Privacy and Usability – A Survey of Users’ Perceptions and AttitudesTrust, Privacy and Security in Digital Business10.1007/978-3-319-22906-5_12(153-168)Online publication date: 5-Aug-2015
https://doi.org/10.1007/978-3-319-22906-5_12
Show More Cited By

Index Terms

Federated identity management for protecting users from ID theft
1. Information systems
  1. Information systems applications
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures
      1. Distributed systems organizing principles
        Organizing principles for web applications

Recommendations

Establishing and protecting digital identity in federation systems
DIM '05: Proceedings of the 2005 workshop on Digital identity management

We develop solutions for the security and privacy of user identity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information ...
Identity Management

The Identity Solutions Symposium held in Jonesboro, Arkansas, 21 to 22 February, 2007 brought together academic, industry, and government experts working on radio frequency identification (RFID), biometrics, sensors, animal identification, identity ...
A survey on security issues of federated identity in the cloud computing
CLOUDCOM '12: Proceedings of the 2012 IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom)

Cloud computing is a new generation of the technology that has been designed to cater for commercial necessities and to run suitable applications or solve IT management issues. While cost and ease of use are two top benefits of cloud, trust and security ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

DIM '05: Proceedings of the 2005 workshop on Digital identity management

November 2005

120 pages

ISBN:1595932321

DOI:10.1145/1102486

General Chair:
Vijay Atluri
Rurgers University
,
Program Chairs:
Pierangela Samarati
Universita' degli Studi di Milano, Italy
,
Atsuhiro Goto
NTT, Japan

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 November 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS05

Sponsor:

CCS05: 12th ACM Conference on Computer and Communications Security 2005

November 11, 2005

VA, Fairfax, USA

Acceptance Rates

Overall Acceptance Rate 16 of 34 submissions, 47%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
2,273
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Al Abdulwahid AClarke NStengel IFurnell SReich C(2016)Continuous and transparent multimodal authenticationCluster Computing10.1007/s10586-015-0510-419:1(455-474)Online publication date: 1-Mar-2016
https://dl.acm.org/doi/10.1007/s10586-015-0510-4
Al Abdulwahid AClarke NFurnell SStengel IReich C(2015)The Current Use of Authentication Technologies: An Investigative Review2015 International Conference on Cloud Computing (ICCC)10.1109/CLOUDCOMP.2015.7149658(1-8)Online publication date: Apr-2015
https://doi.org/10.1109/CLOUDCOMP.2015.7149658
Al Abdulwahid AClarke NStengel IFurnell SReich C(2015)Security, Privacy and Usability – A Survey of Users’ Perceptions and AttitudesTrust, Privacy and Security in Digital Business10.1007/978-3-319-22906-5_12(153-168)Online publication date: 5-Aug-2015
https://doi.org/10.1007/978-3-319-22906-5_12
Grzonkowski SEnsor BMcDaniel B(2013)Applied Cryptography in Electronic CommerceIT Policy and Ethics10.4018/978-1-4666-2919-6.ch017(368-388)Online publication date: 2013
https://doi.org/10.4018/978-1-4666-2919-6.ch017
Jensen J(2012)Federated Identity Management ChallengesProceedings of the 2012 Seventh International Conference on Availability, Reliability and Security10.1109/ARES.2012.68(230-235)Online publication date: 20-Aug-2012
https://dl.acm.org/doi/10.1109/ARES.2012.68
Grzonkowski SEnsor BMcDaniel B(2011)Applied Cryptography in Electronic CommerceApplied Cryptography for Cyber Security and Defense10.4018/978-1-61520-783-1.ch008(180-200)Online publication date: 2011
https://doi.org/10.4018/978-1-61520-783-1.ch008
Jensen J(2011)Benefits of Federated Identity Management - A Survey from an Integrated Operations ViewpointAvailability, Reliability and Security for Business, Enterprise and Health Information Systems10.1007/978-3-642-23300-5_1(1-12)Online publication date: 2011
https://doi.org/10.1007/978-3-642-23300-5_1
Khattak ZManan JSulaiman S(2011)Finding New Solutions for Services in Federated Open Systems InterconnectionAdvances in Computing and Communications10.1007/978-3-642-22726-4_27(250-259)Online publication date: 2011
https://doi.org/10.1007/978-3-642-22726-4_27
Rashed ASantos H(2010)Multimodal Biometrics and Multilayered IDM for Secure AuthenticationGlobal Security, Safety, and Sustainability10.1007/978-3-642-15717-2_11(87-95)Online publication date: 2010
https://doi.org/10.1007/978-3-642-15717-2_11
AlZomai MAlFayyadh BJøsang AMcCullagh A(2008)An exprimental investigation of the usability of transaction authorization in online bank security systemsProceedings of the sixth Australasian conference on Information security - Volume 8110.5555/1385109.1385123(65-73)Online publication date: 1-Jan-2008
https://dl.acm.org/doi/10.5555/1385109.1385123
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents