Paper Info
Title
Reliability and scalability improvements to identity federations by managing SAML metadata with distributed ledger technology.
Abstract
In identity federations, users assigned to identity providers (IDPs) can access applications operated by service providers (SPs) without SP-specific credentials for authentication and authorization. While OpenID Connect and SAML are the two most widely adopted federation standards, using them inherently results in a trade-off between data quality guarantees and scalability, given how they handle the Metadata about the involved IDPs and SPs. This paper presents a novel approach for federation membership and federation Metadata management based on Distributed Ledger Technology. It applies the core idea of Certificate Transparency, as known from Global-PKI certificate authorities for X.509v3 server certificates, to SAML federation Metadata; therefore, it achieves OpenID Connect's federation building flexibility without losing the significant advantages of traditional SAML federations. An implementation based on Hyperledger Fabric is used to evaluate typical use cases by measuring impacts on Metadata distribution latency and Metadata size, and to discuss the feasibility of the presented approach.
Year
Venue
Keywords
2018
IEEE IFIP Network Operations and Management Symposium
Federated Identity Management,SAML,Access Management,Distributed Ledger,Blockchain,Internet of Things
Field
DocType
ISSN
Metadata,OpenID Connect,Authentication,Use case,Computer security,Computer science,Certificate authority,Computer network,Service provider,Metadata management,Scalability
Conference
1542-1201
Citations 
PageRank 
References 
0
0.34
0
Authors
2
Name
Order
Citations
PageRank
Michael Grabatin101.35
Wolfgang Hommel25319.45