{"title":"Shibboleth中面向隐私的属性交换扩展","authors":"Shoichirou Fujiwara, Takaaki Komura, Y. Okabe","doi":"10.1109/SAINT-W.2007.13","DOIUrl":null,"url":null,"abstract":"In frameworks for Web services like SAML, liberty or Shibboleth, a user can get authentication by asking one's IdP (identity provider) to issue a security assertion by which one can get access to services at an SP (service provider). If the SP additionally requests some attributes of one's, the user is forced to reveal the immediate values of them. There are cases where users must present detailed privacy information which SPs don't actually require to authorize them. We focus on Shibboleth and propose an extension of the attribute exchange protocol between an IdP and an SP in Shibboleth. While in the conventional framework of Shibboleth attributes are exchanged in immediate value, in our extension an SP requests an IdP to test whether user's attributes are satisfied some conditions, then the IdP returns either \"true\", \"false\" or \"unanswerable\" to the SP. We specify a language to describe the conditions as a query at the SP. We also extend an attribute authority at the IdP to evaluate the conditions presented from the SP","PeriodicalId":254195,"journal":{"name":"2007 International Symposium on Applications and the Internet Workshops","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"A Privacy Oriented Extension of Attribute Exchange in Shibboleth\",\"authors\":\"Shoichirou Fujiwara, Takaaki Komura, Y. Okabe\",\"doi\":\"10.1109/SAINT-W.2007.13\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In frameworks for Web services like SAML, liberty or Shibboleth, a user can get authentication by asking one's IdP (identity provider) to issue a security assertion by which one can get access to services at an SP (service provider). If the SP additionally requests some attributes of one's, the user is forced to reveal the immediate values of them. There are cases where users must present detailed privacy information which SPs don't actually require to authorize them. We focus on Shibboleth and propose an extension of the attribute exchange protocol between an IdP and an SP in Shibboleth. While in the conventional framework of Shibboleth attributes are exchanged in immediate value, in our extension an SP requests an IdP to test whether user's attributes are satisfied some conditions, then the IdP returns either \\\"true\\\", \\\"false\\\" or \\\"unanswerable\\\" to the SP. We specify a language to describe the conditions as a query at the SP. We also extend an attribute authority at the IdP to evaluate the conditions presented from the SP\",\"PeriodicalId\":254195,\"journal\":{\"name\":\"2007 International Symposium on Applications and the Internet Workshops\",\"volume\":\"17 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-10-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2007 International Symposium on Applications and the Internet Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SAINT-W.2007.13\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 International Symposium on Applications and the Internet Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SAINT-W.2007.13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Privacy Oriented Extension of Attribute Exchange in Shibboleth
In frameworks for Web services like SAML, liberty or Shibboleth, a user can get authentication by asking one's IdP (identity provider) to issue a security assertion by which one can get access to services at an SP (service provider). If the SP additionally requests some attributes of one's, the user is forced to reveal the immediate values of them. There are cases where users must present detailed privacy information which SPs don't actually require to authorize them. We focus on Shibboleth and propose an extension of the attribute exchange protocol between an IdP and an SP in Shibboleth. While in the conventional framework of Shibboleth attributes are exchanged in immediate value, in our extension an SP requests an IdP to test whether user's attributes are satisfied some conditions, then the IdP returns either "true", "false" or "unanswerable" to the SP. We specify a language to describe the conditions as a query at the SP. We also extend an attribute authority at the IdP to evaluate the conditions presented from the SP
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
