Hasso-Plattner-Institut
 
    • de
 

Conference Papers for Security and Trust Engineering at the chair of Prof. Dr. Christoph Meinel

Here you can find all our peer-reviewed conference papers about security and trust engineering:

Using Quantified Trust Level to Describe Authentication Requirements in Federated Identity Management

Thomas, Ivonne; Menzel, Michael; Meinel, Christoph in Proceedings of the 5th ACM Workshop on Secure Web Services (SWS 2008), in conjunction with the 15th ACM Conference on Computer and Communications Security (CCS 2008) Seite 71-80 . Alexandria, VA, USA , ACM Press , 2008 .

Service-oriented Architectures (SOA) facilitate the dynamic and seamless integration of services offered by different service providers which in addition can be located in different trust domains. Especially for business integration scenarios, Federated Identity Management emerged as a possibility to propagate identity information as security assertions across company borders in order to secure the interaction between different services. Although this approach guarantees scalability regarding the integration of identity-based services, it exposes a service provider to new security risks. These security risks result from the complex trust relationships within a federation. In a federation the authentication of a user is not necessarily performed within the service provider's domain, but can be performed in the user's local domain. Consequently, the service provider has to rely on authentication results received from a federation partner to enforce access control. This implies that the quality of the authentication process is out of control by the service provider and therefore becomes a factor which needs to be considered in the access control step. In order to guarantee a designated level of security, the quality of the authentication process should be part of the access control decision. To ease this process, we propose in this paper a method to rate authentication information by a level of trust which describes the strength of an authentication method. Additionally, in order to support the concept of a two-factor authentication, we also present a mathematical model to calculate the trust level when combining two authentication methods.
Weitere Informationen
Tags its
BibTeX

 

You can find other sub-lists of our conference papers focusing on 

Go back to the complete list of peer-reviewed conference papers.

Other Links

... to our Research
              Security Engineering - Learning & Knowledge Tech - Design Thinking - former
... to our Teaching
              Tele-Lectures - MOOCs - Labs - Systems 
... to our Publications
              Books - Journals - Conference-Papers - Patents
... and to our Annual Reports.