China
Africa
Explore chapters and articles related to this topic
Common Standards in Cloud Computing
Published in John W. Rittinghouse, James F. Ransome, Cloud Computing, 2017
John W. Rittinghouse, James F. Ransome
SAML is an XML-based standard for communicating authentication, authorization, and attribute information among online partners. It allows businesses to securely send assertions between partner organizations regarding the identity and entitlements of a principal. The Organization for the Advancement of Structured Information Standards (OASIS) Security Services Technical Committee is in charge of defining, enhancing, and maintaining the SAML specifications.9 SAML is built on a number of existing standards, namely, SOAP, HTTP, and XML. SAML relies on HTTP as its communications protocol and specifies the use of SOAP (currently, version 1.1). Most SAML transactions are expressed in a standardized form of XML. SAML assertions and protocols are specified using XML schema. Both SAML 1.1 and SAML 2.0 use digital signatures (based on the XML Signature standard) for authentication and message integrity. XML encryption is supported in SAML 2.0, though SAML 1.1 does not have encryption capabilities. SAML defines XML-based assertions and protocols, bindings, and profiles. The term SAML Core refers to the general syntax and semantics of SAML assertions as well as the protocol used to request and transmit those assertions from one system entity to another. SAML protocol refers to what is transmitted, not how it is transmitted. A SAML binding determines how SAML requests and responses map to standard messaging protocols. An important (synchronous) binding is the SAML SOAP binding.
Grid Security Architecture: Requirements, Fundamentals, Standards and Models
Published in Yang Xiao, Security in Distributed, Grid, Mobile, and Pervasive Computing, 2007
Jose L. Vivas, Javier Lopez, Jose A. Montenegro
SAML. The Secure Assertion Markup Language (SAML) [37] is an OASIS specification, later extended by the Liberty Alliance Project and the Internet2 Shibboleth group, concerned with access control for authenticated entities based on a set of policies. SAML allows trust assertions concerning authorization, authentication, and attributes of specific entities, to be specified using XML. An assertion is either a claim, a statement, or a declaration, and can be accepted as true to the extent that the certification authority that issued the claim can be trusted. Thus, authorities for attributes and authentication are crucial elements in the SAML model. SAML also defines a client/server protocol for exchanging XML messages. Typically, the underlying transport protocol is SOAP running over HTTP. SAML also enables portable trust by supporting authentication assertions between multiple administrative domains, a capability that is very important for grid services. Furthermore, it allows the mapping of access control elements between different systems. SAML has been proposed as a message format for expressing and requesting authorization assertions from an OGSA authorization service [11]. SAML 2.0, which became an OASIS standard in March 2005, added features to enable communication between SAML authorities, to enhance authentication methods, and to protect privacy.
A modified authentication approach for cloud computing in e-healthcare systems
Published in Sabyasachi Pramanik, Anand Sharma, Surbhi Bhatia, Dac-Nhuong Le, An Interdisciplinary Approach to Modern Network Security, 2022
Thus, the cumulative number of handshakes plays an important function in token-based authentication. Also, data transmission occurs through insecure wireless media in the Mobile Cloud Computing (MCC) environment. Therefore, the authentication method aims to reduce the number of handshakes that ensure the system’s reliability. We also explore the specific token-based third-party authentication tools, such as SAML, OpenID, and OAuth. Also, we present protection flaws for token-based authentication.
A Blockchain Based Decentralized Identifiers for Entity Authentication in Electronic Health Records
Published in Cogent Engineering, 2022
Manoj T, Krishnamoorthi Makkithaya, Narendra V G
The authentication of entities can be achieved by binding centralized identifiers to cryptographically generated keys, signatures and certificates with the help of public key infrastructure (PKI). Some of the earlier studies that demonstrated the role of PKI in healthcare based authentication schemes includes multi-biometric key generation in cloud framework (Khan et al., 2014), Burrows-Abadi-Needham(BAN) logic combined with Elliptical Curve Cryptography (ECC; He & Wang, 2015), ECC and three-party key agreement (Odelu et al., 2015), random oracle model (Chatterjee et al., 2018) and centralized identifiers integrated with continuous biometric authentication in cloud (Farid et al., 2021). The primary issue with all the mechanisms associated with public key cryptography-based authentication is that identifier tied with the public key is controlled by either IDPs or service providers (SPs). The federated identity schemes such as OAuth, OpenID, and Security Assertion Markup Language (SAML) try to address identity silos created by multiple identifiers. The authentication schemes proposed by Bahga et al (Bahga & Madisetti, 2013) and Mandel et al., (Mandel et al., 2016) in the EHR environment makes use of SAML based Single Sign-On (SSO) method and Open ID Connect, respectively. Inspite of providing the relaxation from using multiple identifiers by federated identity mechanism, it suffers from the single point of failure problem, which could leave entities inaccessible to relying parties and also enable a service provider to breach the trust by masquerading as a user (Lesavre et al., 2019).
Smart Cities, Playable Cities, and Cybersecurity: A Systematic Review
Published in International Journal of Human–Computer Interaction, 2023
Gustav Verhulsdonck, Jennifer L. Weible, Susan Helser, Nancy Hajduk
Three articles were coded as both “technology” and “people,” indicating that humans were considered as a part of the focus on enhanced privacy and security within smart cities. Aldeen and Salleh (2019) defined smart cities as integrated information and communication technologies that improve the quality of life of people. They utilized a heuristic anonymization technique to manage private data within the cloud in smart cities, which secures privacy of data when transferred between user to cloud storage to the end recipient. Chaturvedi et al. (2019) considered both the infrastructures and systems and the individuals’ experiences, thereby it was double coded as people and technology. They outlined key requirements for developing secure Spatial Data Infrastructures that secure access to data and integrate Smart City systems, and proposed ways to ensure privacy, security, and controlled access using Oauth2 access tokens, OpenID user claims, and security assertion markup language through single-sign-on authentications. An overview of the users’ experiences, as well as presenting a protocol and encryption system, was found in the Lai et al. (2017) article. In this study, Lai et al. examine a protocol that uses broadcast encryption. Their process provides a method for security of data, data privacy, and identity privacy for both user and developer. Overall security of the protocol is through revocable identity-based broadcast encryption where the users are anonymous and access can be revoked without revealing identities or message content. In each of these studies, consideration of the people using the system, not just those collecting and using the data, was found.
Integration of social and IoT technologies: architectural framework for digital transformation and cyber security challenges
Published in Enterprise Information Systems, 2021
Subodh Mendhurwar, Rajhans Mishra
Bernabe et al. (2014) report usage of IoT identity imprinting or delegation (i.e. partial, contextual and temporary revelation of smart object or owner identity), for innovative privacy-preserving identity management approaches. Such dynamic identity binding of real-world entities within specified spheres of influence, allows flexible authentication as well as authorisation assertions via standardised Security Assertion Markup Language (SAML) / eXtensible Access Control Markup Language (XACML) and constrained-capability based controls using JSON or similar technologies and ECC with contextual key management, leveraging architectural reference models based on IoT-A.