Paper Info
Title
Trusted identity and session management using secure cookies
Abstract
The concept of federated identity management is increasingly coming to use in order to bring Service Providers closer to customers. Users are being provided an enriched experience while carrying out business on the Web at reduced overhead and improved customer service. The idea of maintaining a single profile and gaining access to multiple services has been accepted well by the customers. However, the benefits of breaking through just one set of credentials to gain access to multiple services has made the concept of Federated Identity Management of high interest to malicious users. In this paper, we analyze the structure of a generic Federated Identity Management System and explore the .NET Passport framework in depth. We explore the current security mechanisms adopted by the .NET Passport and identify potential security weaknesses. We then propose our new approaches to enhance the security services in .NET Passport by using Secure Cookies. Our approaches are transparent to and compatible with the current .NET Passport server. Finally, we prove the feasibility by implementing our ideas in a real system.
Year
DOI
Venue
2005
10.1007/11535706_23
DBSec
Keywords
Field
DocType
multiple service,generic federated identity management,current security mechanism,secure cookies,enriched experience,federated identity management,passport framework,passport server,session management,potential security weakness,trusted identity,security service,secure cooky,identity management,service provider
Internet privacy,Customer service,Session management,Computer science,Computer security,Identity management,Service provider,Federated identity management,Distributed computing,The Internet
Conference
Volume
ISSN
ISBN
3654
0302-9743
3-540-28138-X
Citations 
PageRank 
References 
1
0.44
6
Authors
2
Name
Order
Citations
PageRank
Joon S. Park152952.78
Harish S. Krishnan210.44