发布求助
文献互助 智能选刊 最新文献

Symposium on Identity and Trust on the Internet最新文献

筛选
英文 中文
Safeguarding digital identity: the SPICI (Sharing Policy, Identity, and Control Information) approach to negotiating identity federation and sharing agreements 保护数字身份:协商身份联盟和共享协议的SPICI(共享策略、身份和控制信息)方法
Symposium on Identity and Trust on the Internet Pub Date : 2009-04-14 DOI: 10.1145/1527017.1527024
D. Bodeau
{"title":"Safeguarding digital identity: the SPICI (Sharing Policy, Identity, and Control Information) approach to negotiating identity federation and sharing agreements","authors":"D. Bodeau","doi":"10.1145/1527017.1527024","DOIUrl":"https://doi.org/10.1145/1527017.1527024","url":null,"abstract":"To perform key business functions, organizations in critical infrastructure sectors such as healthcare or finance increasingly need to share identifying and authorization-related information. Such information sharing requires negotiation about identity safeguarding policies and capabilities, as provided by processes, technologies, tools, and models. That negotiation must address the concerns not only of the organizations sharing the information, but also of the individuals whose identity-related information is shared. SPICI (Sharing Policy, Identity, and Control Information) provides a descriptive and analytic framework to structure and support such negotiations, with an emphasis on assurance.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133162084","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Identity, credential, and access management at NASA, from Zachman to attributes NASA的身份、凭证和访问管理,从Zachman到属性
Symposium on Identity and Trust on the Internet Pub Date : 2009-04-14 DOI: 10.1145/1527017.1527019
Corinne S. Irwin, Dennis C. Taylor
{"title":"Identity, credential, and access management at NASA, from Zachman to attributes","authors":"Corinne S. Irwin, Dennis C. Taylor","doi":"10.1145/1527017.1527019","DOIUrl":"https://doi.org/10.1145/1527017.1527019","url":null,"abstract":"To achieve the ultimate goal of attribute-based access control (ABAC), a robust architecture for Identity, Credential, and Access Management must first be established. The National Aeronautics and Space Administration (NASA) began formal development of its Identity, Credential, and Access Management Architecture using the Zachman Framework for Enterprise Architecture in June 2006. The Architecture provided the necessary structure to meet aggressive deadlines for issuance and use of the PIV smartcard. It also led to the development of NASA's Logical Access Control infrastructure to support not only PIV smartcards, but all authentication credentials in use at NASA.\u0000 Use of the Zachman Framework has transformed the way that NASA looks at Logical Access Control, and has positioned NASA to provide robust attributed-based access control in the future. In this paper, we will discuss the Logical Access Control System (LACS) we are implementing at NASA, changes in the way NASA views Identity Trust and Level of Assurance, technical challenges to implementation, and our future vision for Identity, Credential, and Access Management.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128001651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Usable secure mailing lists with untrusted servers 可用的安全邮件列表与不受信任的服务器
Symposium on Identity and Trust on the Internet Pub Date : 2009-04-14 DOI: 10.1145/1527017.1527032
R. Bobba, Joe Muggli, Meenal Pant, J. Basney, H. Khurana
{"title":"Usable secure mailing lists with untrusted servers","authors":"R. Bobba, Joe Muggli, Meenal Pant, J. Basney, H. Khurana","doi":"10.1145/1527017.1527032","DOIUrl":"https://doi.org/10.1145/1527017.1527032","url":null,"abstract":"Mailing lists are a natural technology for supporting messaging in multi-party, cross-domain collaborative tasks. However, whenever sensitive information is exchanged on such lists, security becomes crucial. We have earlier developed a prototype secure mailing list solution called SELS (Secure Email List Services) based on proxy encryption techniques [20], which enables the transformation of cipher-text from one key to another without revealing the plain-text. Emails exchanged using SELS are ensured confidentiality, integrity, and authentication. This includes ensuring their confidentiality while in transit at the list server; a functionality that is uniquely supported by SELS through proxy re-encryption. In this work we describe our efforts in studying and enhancing the usability of the software system and our experiences in supporting a production environment that currently is used by more than 50 users in 11 organizations. As evidence of its deployability, SELS is compatible with common email clients including Outlook, Thunderbird, Mac Mail, Emacs, and Mutt. As evidence of its usability, the software is being used by several national and international incident response teams.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134048623","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
A calculus of trust and its application to PKI and identity management 信任演算及其在PKI和身份管理中的应用
Symposium on Identity and Trust on the Internet Pub Date : 2009-04-14 DOI: 10.1145/1527017.1527021
Jingwei Huang, D. Nicol
{"title":"A calculus of trust and its application to PKI and identity management","authors":"Jingwei Huang, D. Nicol","doi":"10.1145/1527017.1527021","DOIUrl":"https://doi.org/10.1145/1527017.1527021","url":null,"abstract":"We introduce a formal semantics based calculus of trust that explicitly represents trust and quantifies the risk associated with trust in public key infrastructure (PKI) and identity management (IdM). We then show by example how to formally represent trust relationships and quantitatively evaluate the risk associated with trust in public key certificate chains. In the context of choosing a certificate chain, our research shows that the shortest chain need not be the most trustworthy, and that it may make sense to compare the trustworthiness of a potential chain against a threshold to govern acceptance, changing the problem to finding a chain with sufficiently high trustworthiness. Our calculus also shows how quantified trust relationships among CAs can be combined to achieve an overall trust assessment of an offered certificate.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128709853","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 94
Personal identity verification (PIV) cards as federated identities: challenges and opportunities 个人身份验证(PIV)卡作为联邦身份:挑战和机遇
Symposium on Identity and Trust on the Internet Pub Date : 2009-04-14 DOI: 10.1145/1527017.1527020
Sarbari Gupta
{"title":"Personal identity verification (PIV) cards as federated identities: challenges and opportunities","authors":"Sarbari Gupta","doi":"10.1145/1527017.1527020","DOIUrl":"https://doi.org/10.1145/1527017.1527020","url":null,"abstract":"In this paper, we describe the challenges in using Personal Identity Verification (PIV) cards and PIV-like cards as federated identities to authenticate to US Federal government facilities and systems. The current set of specifications and policies related to the implementation and use of PIV cards leave a number of gaps in terms of trust and assurance. This paper identifies these gaps and proposes approaches to address them towards making the PIV card the standardized, interoperable, federated identity credential envisioned within Homeland Security Presidential Directive 12 (HSPD-12).","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115488432","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
FileSpace: an alternative to CardSpace that supports multiple token authorisation and portability between devices FileSpace: CardSpace的替代方案,支持多个令牌授权和设备之间的可移植性
Symposium on Identity and Trust on the Internet Pub Date : 2009-04-14 DOI: 10.1145/1527017.1527030
D. Chadwick
{"title":"FileSpace: an alternative to CardSpace that supports multiple token authorisation and portability between devices","authors":"D. Chadwick","doi":"10.1145/1527017.1527030","DOIUrl":"https://doi.org/10.1145/1527017.1527030","url":null,"abstract":"This paper describes a federated identity management system based on long lived encrypted credential files rather than virtual cards and short lived assertions. Users obtain their authorisation credential files from their identity providers and have them bound to their public key certificates, which can hold any pseudonym the user wishes. Users can then use these credentials multiple times without the identity providers being able to track their movements and without having to authenticate to the IdP each time. The credentials are worthless to an attacker if lost or stolen, therefore they do not need any special protection mechanisms. They can be copied freely between multiple devices, and users can use multiple credentials in a single transaction. Users only need to authenticate to their private key store in order for it to produce a signed token necessary for the service provider to authenticate the user and decrypt the authorisation credentials. The signed token is bound to the service provider and is short lived to prevent man in the middle attacks.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"152 7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131227251","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Usable trust anchor management 可用信任锚管理
Symposium on Identity and Trust on the Internet Pub Date : 2009-04-14 DOI: 10.1145/1527017.1527025
Massimiliano Pala, S. A. Rea
{"title":"Usable trust anchor management","authors":"Massimiliano Pala, S. A. Rea","doi":"10.1145/1527017.1527025","DOIUrl":"https://doi.org/10.1145/1527017.1527025","url":null,"abstract":"Security in browsers is based upon users trusting a set of root Certificate Authorities (called Trust Anchors) which they may know little or nothing about. Browser vendors face a difficult challenge to provide an appropriate interface for users. Providing usable Trust Anchor Management (TAM) for users, applications and PKI deployers is a complex task. The PKIX working group at Internet Engineering Task Force (IETF) is working on a new protocol, the Trust Anchor Management Protocol (TAMP), which will provide a standardized method to automatically manage trust anchors in applications and devices. Although promising, this protocol does not go far enough to allow users to gather information about previously unknown trust anchors in an automatic fashion. We have proposed the PKI Resource Query Protocol (PRQP)---which is currently an Internet Draft on Experimental Track with IETF---to provide applications with an automatic discovery system for PKI management. In this paper we describe the basic architecture and capabilities of PRQP that allow Browsers to provide a more complete set of trust anchor management services. We also provide the design of a PRQP enabled infrastructure that uses a trust association mechanism to provide an easy solution for managing Trust Anchors for Virtual Organizations.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121809124","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Privacy-preserving management of transactions' receipts for mobile environments 移动环境中交易收据的隐私保护管理
Symposium on Identity and Trust on the Internet Pub Date : 2009-04-14 DOI: 10.1145/1527017.1527027
F. Paci, Ning Shang, Sam Kerr, Kevin Steuer, Jungha Woo, E. Bertino
{"title":"Privacy-preserving management of transactions' receipts for mobile environments","authors":"F. Paci, Ning Shang, Sam Kerr, Kevin Steuer, Jungha Woo, E. Bertino","doi":"10.1145/1527017.1527027","DOIUrl":"https://doi.org/10.1145/1527017.1527027","url":null,"abstract":"Users increasingly use their mobile devices for electronic transactions to store related information, such as digital receipts. However, such information can be target of several attacks. There are some security issues related to M-commerce: the loss or theft of mobile devices results in a exposure of transaction information; transaction receipts that are send over WI-FI or 3G networks can be easily intercepted; transaction receipts can also be captured via Bluetooth connections without the user's consent; and mobile viruses, worms and Trojan horses can access the transaction information stored on mobile devices if this information is not protected by passwords or PIN numbers. Therefore, assuring privacy and security of transactions' information, as well as of any sensitive information stored on mobile devices is crucial. In this paper, we propose a privacy-preserving approach to manage electronic transaction receipts on mobile devices. The approach is based on the notion of transaction receipts issued by service providers upon a successful transaction and combines Pedersen commitment and Zero Knowledge Proof of Knowledge (ZKPK) techniques and Oblivious Commitment-Based Envelope (OCBE) protocols. We have developed a version of such protocol for Near Field Communication (NFC) enabled cellular phones.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"440 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132052824","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Palantir: a framework for collaborative incident response and investigation Palantir:协作事件响应和调查的框架
Symposium on Identity and Trust on the Internet Pub Date : 2009-04-14 DOI: 10.1145/1527017.1527023
H. Khurana, J. Basney, Mehedi Bakht, D. M. Freemon, Von Welch, R. Butler
{"title":"Palantir: a framework for collaborative incident response and investigation","authors":"H. Khurana, J. Basney, Mehedi Bakht, D. M. Freemon, Von Welch, R. Butler","doi":"10.1145/1527017.1527023","DOIUrl":"https://doi.org/10.1145/1527017.1527023","url":null,"abstract":"Organizations owning cyber-infrastructure assets face large scale distributed attacks on a regular basis. In the face of increasing complexity and frequency of such attacks, we argue that it is insufficient to rely on organizational incident response teams or even trusted coordinating response teams. Instead, there is need to develop a framework that enables responders to establish trust and achieve an effective collaborative response and investigation process across multiple organizations and legal entities to track the adversary, eliminate the threat and pursue prosecution of the perpetrators. In this work we develop such a framework for effective collaboration. Our approach is motivated by our experiences in dealing with a large-scale distributed attack that took place in 2004 known as Incident 216. Based on our approach we present the Palantir system that comprises conceptual and technological capabilities to adequately respond to such attacks. To the best of our knowledge this is the first work proposing a system model and implementation for a collaborative multi-site incident response and investigation effort.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114209887","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 35
A federation of web services for Danish health care 丹麦卫生保健网络服务联合会
Symposium on Identity and Trust on the Internet Pub Date : 2008-03-04 DOI: 10.1145/1373290.1373305
E. Dalsgaard, Kåre Kjelstrøm, Jan Riis
{"title":"A federation of web services for Danish health care","authors":"E. Dalsgaard, Kåre Kjelstrøm, Jan Riis","doi":"10.1145/1373290.1373305","DOIUrl":"https://doi.org/10.1145/1373290.1373305","url":null,"abstract":"Having relevant, up-to-date information about a patient's health care history is often crucial for providing the appropriate treatment. In Denmark, IT systems have been built to support different work flows in the health sector, but the systems are rarely connected and have become islands of data.\u0000 To remedy this situation, a service-oriented architecture based on web services for online exchange of health care data between the vast array of heterogeneous IT systems in the sector is being built.\u0000 The architecture forms a federation of web services and enables secure and reliable authentication of end-users and systems in the Danish health sector. The architecture is based on national and international standards and specifications. Yet it defines its own profile for secure interchange of data due to a lack of available international profiles that could handle the special needs of the health sector at the time of project inception.\u0000 The architecture has evolved through a pilot project from mid 2005 to the end of 2007, and is being tested in a small scale 1st quarter 2008. This paper aims to convey experiences from the project, so rich in benefits that the architecture has been accepted and standardized as the foundation for the future of system integration in the health sector in Denmark.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123718171","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信