Loading...
Please wait, while we are loading the content...
Similar Documents
FileSpace: an alternative to CardSpace that supports multiple token authorisation and portability between devices (2009)
| Content Provider | CiteSeerX |
|---|---|
| Author | Chadwick, David |
| Description | This paper describes a federated identity management system based on long lived encrypted credential files rather than virtual cards and short lived assertions. Users obtain their authorisation credential files from their identity providers and have them bound to their public key certificates, which can hold any pseudonym the user wishes. Users can then use these credentials multiple times without the identity providers being able to track their movements and without having to authenticate to the IdP each time. The credentials are worthless to an attacker if lost or stolen, therefore they do not need any special protection mechanisms. They can be copied freely between multiple devices, and users can use multiple credentials in a single transaction. Users only need to authenticate to their private key store in order for it to produce a signed token necessary for the service provider to authenticate the user and decrypt the authorisation credentials. The signed token is bound to the service provider and is short lived to prevent man in the middle attacks. |
| File Format | |
| Language | English |
| Publisher | ACM |
| Publisher Date | 2009-01-01 |
| Publisher Institution | In Proceedings of the 8th Symposium on Identity and Trust on the Internet (IDtrust 09 |
| Access Restriction | Open |
| Subject Keyword | Virtual Card Public Key Certificate Authorisation Credential File Authorisation Credential Service Provider Single Transaction Private Key Store Token Authorisation User Wish Federated Identity Management System Special Protection Mechanism Multiple Credential Identity Provider Signed Token Multiple Device Credential File Middle Attack |
| Content Type | Text |
| Resource Type | Article |
