题名

Technology of Federated Identity and Secure Loggings in Cloud Computing

DOI

10.7903/ijecs.1157

作者

Takashi Shitamichi;Ryoichi Sasaki

关键词

Federation, Identity ; Authentication ; SAML ; ID-WSF ; Cloud Computing ; Log

期刊名称

International Journal of Electronic Commerce Studies

卷期/出版年月

5卷1期(2014 / 06 / 01)

页次

39 - 61

内容语文

英文
英文摘要

Federated services are becoming widely implemented at many sites in multiple domain networks for cloud computing across many industry segments. New technology is required not only for federated authentication, but also for services operating distributed attributes, which are both static and dynamic. In addition to the technology, the sites that provide services across multiple domain networks are required to store every log as audit trails. This paper focuses on SAML and ID-WSF, which are the technology and the architecture for identity management and secure web services, discusses deployments and problems in the real world, then proposes a fast and safe technology that extends the ID-WSF for services and logs. To verify the effectiveness of the proposed technology and architecture, the latencies of SAML SSO that exchange SOAP messages are measured and considered in a cloud computing environment.
主题分类 基礎與應用科學 > 資訊科學
社會科學 > 經濟學
社會科學 > 財金及會計學
社會科學 > 管理學
参考文献
  1. SAML Single Sign-On (SSO) Service for Google Apps. Retrieved on August 19, 2013, from https://developers.google.com/google-apps/sso/saml_reference_implementation?hl=us
  2. OpenID, OpenID Authentication 2.0 - Final. Retrieved on December 5, 2007, from http://openid.net/specs/openid-authentication-2_0.html
  3. Forrester Research, eCommerce Web Site Performance Today - An Updated Look At Consumer Reaction To A Poor Online Shopping Experience, August 17, 2009.
  4. OASIS, OASIS Security Services (SAML) TC. Retrieved on March 1, 2005, from http://saml.xml.org/saml-specifications
  5. Salesforce.com, Single Sign-On with SAML on Force.com. Retrieved on June 13, 2014, from http://wiki.developerforce.com/page/Single_Sign-On_with_SAML_on_Force.com
  6. Internet2, Shibboleth. Retrieved on September 10, 2005, from https://wiki.shibboleth.net/confluence/download/attachments/2162702/internet2-mace-shibboleth-arch-protocols-200509.pdf
  7. Projectliberty, Liberty Alliance ID-WSF 2.0 Specifications including Errata v1.0 Updates. Retrieved on March 29, 2008, from http://www.projectliberty.org/resource_center/specifications/liberty_alliance_id_wsf_2_0_specifications/?f=resource_center/specifications/liberty_alliance_id_wsf_2_0_specifications
  8. OASIS, Security Assertion Markup Language (SAML) V2.0 Technical Overview, March 25, 2008..
  9. Chiba, M.,Urushima, K.,Maeda, Y.(2006).Personal attribute provider: A secure framework for personal attribute exchange on the Internet (Information Systems for Society and Humans).Information Processing Society of Japan,47(3),676-685.
  10. Chigusa, Y.,Fujii, A.,Ishikawa, K.,Homma, Y.,Obi, T.,Yachida, M.,Lee, Joong Sun(2010).User-device authentication federation framework for receiving personalized telecommunication services based on data broadcasting service.Forum on Information Technology,9(4),255-258.
  11. Ebato, T.,Matsumoto, S.,Tomono, A.,Uehara, M.,Shimada, Y.(2010).The study on implementation authorizing consumer for OAuth.72th National Convention of Information Processing Society of Japan (IPSJ),Tokyo:
  12. Fujii, A.,Ishikawa, K.,Morizumi, T.,Kikuchi, Y.,Yamada, T.,Kawamori, M.,Kawazoe, K.(2018).Seamlessviewing service for multi-device users by accession of authentication information.IEICE technical report,108(218),21-26.
  13. Hatakeyama, M.(2010).Attribute Exchange using a federation proxy connecting multiple federation protocols.72nd National Convention of IPSJ,Tokyo:
  14. Hatakeyama, M.,Shima, S.(2008).Privilege federation between different user profiles for service federation.4th ACM workshop on Digital identity management - DIM '08,Alexandria, VA, USA:
  15. Horikawa, K.(2010).Development and operation of the ID federation service for consumers and its strategy.IEICE technical report,109(362)
  16. Inoue, T.,Asakura, H.,Sato, H.,Takahashi, N.(2009).A study of sessions in the REST architectural style.IEICE General Conference 2009,Japan:
  17. Internet Engineering Task Force=IETF(2010).The OAuth 1.0 Protocol
  18. Kokogawa, T.,Miyajima, A.,Ohno, H.,Nakamura, T.,Maeda, Y.(2009).A proposal of information delivery platform for medical and healthcare information services.Information Processing Society of Japan,46(14),1-6.
  19. Maki, K.,Washio, G.(2011).A study of ID-Mapping registration mechanism.73rd National Convention of IPSJ,Tokyo:
  20. Schneier, B.,Kelsey, J.(1998).Cryptographic support for secure logs on untrusted machines.Seventh USENIX Security Symposium,San Antonio, Texas:
  21. Shimoe, T.(2009).The progress and transition of identity management related technologies.Japanese Society Artificial Intelligence,24(4),504-511.
  22. Shitamichi, T.(2010).The current status of Cloud Computing and the effort for privacy protection in Europe and United States.The Law and Computers Association of Japan,28,119-125.
  23. Sugano, J.(2011).Secure Information Sharing using ID-WSF.Kantara initiative Seminar
  24. Takeda, Y.,Kondo, S.,Kitayama, Y.,Torato, M.,Motegi, T.(2006).Avoidance of performance bottlenecks caused by HTTP redirect in identity management protocols.second ACM workshop on Digital identity management - DIM '06,Alexandria, VA, USA:
  25. Washio, G.,Murasawa, Y.(2011).Implementation and verification of authentication platoform for cloud computing based system.73rd National Convention of IPSJ,Tokyo:
print cancel