Conference PaperPDF Available

Leveraging social networks to gain access to organisational resources



We describe a federated identity management service that allows users to access organisational resources using their existing login accounts at social networking and other sites, without compromising the security of the organisation’s resources. We utilise and extend the Level of Assurance (LoA) concept to ensure the organisation’s site remains secure. Users are empowered to link together their various accounts, including their organizational one with an external one, so that the strongest registration procedure of one linked account can be leveraged by the other sites’ login processes that have less stringent registration procedures. Coupled with attribute release from their organizational account, this allows users to escalate their privileges due to either an increased LoA, or additional attributes, or both. The conceptual and architectural designs are described, followed by the implementation details, the user trials we carried out, and a discussion of the current limitations of the system.
A preview of the PDF is not available
... 1. Single user-id for many services -The Social Login removes the users need to identify their identity in every application used. Therefore, the user doesn't need to remember different usernames and password combinations (Chadwick, Inman, Siu, & Ferdous, 2011). ...
... 2. The user establishes one connection to a reliable identity provider via a social network. Subsequently, each time the user would like to access an application he will be recognized as authenticated by the identity provider without the user intervention (Chadwick et al., 2011). ...
... Their study shows that the overall security quality of SSO deployments seems to be worrisome. One major problem in using these Social networks for SSO is that they perform little or no authentication of their users' identities at registration time, another major problem is that some of these sites have very weak password policies, so it is relatively easy to masquerade as the site's user (Chadwick et al., 2011). Sun, Pospisil, Muslukhov, Dindar, Hawkey, and Beznosov (2011) conducted a research to examine the users' adoption of the OpenId protocol. ...
... The problem can be resolved if it is possible to link the untrusted IdP with an IdP which is fully trusted by the SP. In such a case, the fully trusted IdP would act like a Proxy IdP as described in [106]. A Proxy IdP can delegate the authentication task to another IdP which is hidden from the SP. ...
... Another scenario has been deployed in which the PPIdP can be federated with a trusted IdP to create a Type 2 PIF. Here, the fully trusted IdP would act like a Proxy IdP as described in [106] and would delegate the authentication task to the PPIdP which is hidden from the SP. The PPIdP will essentially act as an authentication source for the trusted IdP (Figure 6.8). ...
... In addition, many popular social networks utilise OpenID and OAuth protocols to authenticate users and release their attributes to third party service providers. Frameworks are available that allow the integration of such social networks within SAML federations to offer federated services [106]. However, how attributes are released using these protocols or if such protocols can be used to aggregate attributes in a federated setting have not been considered. ...
... A escolha de utilizar um IdP externo se dá pela dificuldade de implementação de um IdP próprio, principalmente por questões de segurança. A escolha de um IdP externo, também se dá principalmente pelo baixo custo de implementação, mesmo que possa acarretar em um custo adicional de manutenção, como observado por (Chadwick et al., 2011). (Chadwick et al., 2011) utilizou a autenticação em redes sociais para garantir o acesso dos seus estudantes aos recursos da universidade. ...
... A escolha de um IdP externo, também se dá principalmente pelo baixo custo de implementação, mesmo que possa acarretar em um custo adicional de manutenção, como observado por (Chadwick et al., 2011). (Chadwick et al., 2011) utilizou a autenticação em redes sociais para garantir o acesso dos seus estudantes aos recursos da universidade. Além disso, a criação de um IdP interno muitas vezes só transfere o problema para outro componente da rede. ...
Conference Paper
Full-text available
Nowadays, the process of installing and configuring computational clouds is becoming more and more simple. Computational clouds like OpenStack, through installation solutions like RedHat RDO and Mirantis Fuel, can be deployed in an easy way. However, especially in private clouds, there is still a need to create and manage multiple users. In this work, we perform a comparison of security aspects of using the OpenID Connect plugin using the Google IdP and using the OpenStack API To provide authentication through Facebook Connect.
... The SSO technologies are an active field of researc and development. Impovements have been proposed to the architecture [4,5,23,27], authentication strength [16,26] , usability [14,24,25], and privacy [1]. On the other hand, less attention has been paid to the termination of the authentication sessions, even though it is a critical part of the authentication process. ...
... There are plenty of OpenID identity providers [28] but only a few services that accept other than their own IdP.OpenID does not require pre-established trust between SP and IdP [22], and that might be one reason why it has not gained worldwide acceptance as a service authentication solution even though many services use it for access control with their own IdP. Moreover, popular OpenID identity providers such as Google do not verify the user's identity in the registration phase, only that the user has a valid email address [5]. However, strong user authentication is possible, e.g. in Estonia, a mobile phone operator acts as an IdP that provides strong verified authentication [12]. ...
Conference Paper
Single sign-on (SSO) helps users to cope with many online services that require authentication. Systems such as OpenID and SAML-based Shibboleth offer federated identity management where an Identity Provider authenticates the user on behalf of the services. Much research concentrates on making authentication stronger, preventing phishing and making the systems more user friendly but less attention has been paid to the termination of the authentication sessions i.e. logout. It is, however, equally important that the sessions do not remain open when, for example, a student using shared computers in a university library leaves the workstation. In this article, we describe challenges related to logout in federated identity management on web based services and give guidelines for implementing reliable logout from services that use single sign-on.
... For instance, securely implementing a local IdP may be a complex task, so it is reasonable to consider using existing solutions. The lower implementation cost may, however, result in an additional maintenance costs, as observed by [28] when using social networking authentication to allow users to access cloud resources. Nevertheless, an external IdP makes it easier to integrate the cloud with external services that rely on the same SSO mechanisms. ...
Conference Paper
The installation and configuration of cloud environments has increasingly become automated and therefore simple. For instance, solutions such as RedHat RDO and Mirantis Fuel facilitate the deployment of popular computational clouds like OpenStack. Despite the advances in usability, effort is still required to create and manage multiple users. This is of particular relevance when dealing with sensitive information, a somewhat common case for private clouds. To alleviate this burden, many clouds have adopted federated Single Sign-On (SSO) mechanisms for authenticating their users in a more transparent manner. In this work we analyze the practical security of an OpenStack IaaS cloud when combined with either OpenID Connect (using Google as IdP) or Facebook Connect (using Facebook as IdP). The criteria used in the analysis comprise the ability to provide data encryption, the risks involved in the use of an external IdP, and improper access control. We identify potential issues regarding these solutions and we propose approaches to fix them.
... For example, if the dynamics are captured using CSP, then the tool FDR3 [9] can be used for automated verification (e.g. using refinement checking to compare specifications of IMSs with their implementations). We would also like to extend our framework to accommodate advanced features of IMS such as attribute aggregation [6] and account linking [5] and to give formal models of extensions of IdM such as Mobile IdM [24]. ...
Conference Paper
Full-text available
There exist disparate sets of definitions with different se-mantics on different topics of Identity Management which often lead to misunderstanding. A few efforts can be found compiling several related vocabularies into a single place to build up a set of definitions based on a common semantic. However, these efforts are not comprehensive and are only textual in nature. In essence, a mathematical model of iden-tity and identity management covering all its aspects is still missing. In this paper we build up a mathematical model of different core topics covering a wide range of vocabular-ies related to Identity Management. At first we build up a mathematical model of Digital Identity. Then we use the model to analyse different aspects of Identity Management. Finally, we discuss three applications to illustrate the ap-plicability of our approach. Being based on mathematical foundations, the approach can be used to build up a solid understanding on different topics of Identity Management.
... The problem can be resolved if it is possible to link the untrusted IdP with an IdP which is fully trusted by the SP. In such a case, the fully trusted IdP would act like a Proxy IdP as described in [38]. The SP would think that it is interacting with the fully trusted IdP while in fact the proxy IdP would delegate the authentication service to the untrusted IdP which is hidden from the SP. ...
Full-text available
Security Assertion Markup Language (SAML, in short) is one of the most widely used technologies to enable Identity Federations among different organisations. Despite its several advantages, one of the key disadvantages of SAML is that it does not allow creating a federation in a dynamic fashion to enable service provisioning (or de-provisioning) in real time. A few approaches have been proposed to rectify this problem. However, most of them require elaborate changes of the SAML and do not provide mechanisms to manage federations dynamically. This paper presents a better approach based on an already drafted SAML Profile and thus requires no change of the SAML, rather it depends on the specific implementation of SAML. Our proposed approach covers all aspects regarding the management of dynamic Identity Federation. It will allow users to create federations dynamically using SAML between two prior unknown organisations and will allow them to manage such federations as long as it is required. Implicit in each identity federation is the issue of trust. Therefore, the trust issues involved in the management of dynamic federations are analysed in details. Moreover, a proof of concept is discussed to elaborate the practicality of our approach for managing dynamic federations. Finally, a few use-cases are outlined to illustrate how federations created dynamically can be used to access online services.
Full-text available
In the last decade or so, we have experienced a tremendous proliferation and popularity of different Social Networks (SNs), resulting more and more user attributes being stored in such SNs. These attributes represent a valuable asset and many innovative online services are offered in exchange of such attributes. This particular phenomenon has allured these social networks to act as Identity Providers (IdPs). However, the current setting unnecessarily imposes a restriction: a user can only release attributes from one single IdP in a single session, thereby, limiting the user to aggregate attributes from multiple IdPs within the same session. In addition, our analysis suggests that the manner by which attributes are released from these SNs is extremely privacy-invasive and a user has very limited control to exercise her privacy during this process. In this article, we present Social Anchor, a system for attribute aggregation from social networks in a privacy-friendly fashion. Our proposed Social Anchor system effectively addresses both of these serious issues. Apart from the proposal, we have implemented Social Anchor following a set of security and privacy requirements. We have also examined the associated trust issues using a formal trust analysis model. Besides, we have presented a formal analysis of its protocols using a state-of-the-art formal analysis tool called AVISPA to ensure the security of Social Anchor. Finally, we have provided a performance analysis of Social Anchor.
Identity management is the administration of an individual's access rights and privileges in the form of authentication and authorization within or across systems and organizations. An Identity Management system (IdM) helps manage an individual's credentials through the establishment, maintenance, and eventual destruction of their digital identity. Numerous products, applications, and platforms exist to address the privacy requirements of individuals and organizations. This chapter highlights the importance of IdM systems in the highly vulnerable security scenario that we live in. It defines and elaborates on the attributes and requirements of an effective identity management system. The chapter helps in establishing an understanding of frameworks that IdM systems follow while helping the reader contrast between different IdM architecture models. The latter part of this chapter elaborates on some of today's most popular IdM solutions.
The existing model of Federated Identity Management (FIM) allows a user to provide attributes only from a single Identity Provider (IdP) per service session. However, this does not cater to the fact that the user attributes are scattered and stored across multiple IdPs. An attribute aggregation mechanism would allow a user to aggregate attributes from multiple providers and pass them to a Service Provider (SP) in a single service session which would enable the SP to offer innovative service scenarios. Unfortunately, there exist only a handful of mechanisms for aggregating attributes and most of them either require complex user interactions or are based on unrealistic assumptions. In this paper, we present a novel approach called the Hybrid Model for aggregating attributes from multiple IdPs using one of the most popular FIM technologies: Security Assertion Markup Language (SAML). We present a thorough analysis of different requirements imposed by our proposed approach and discuss how we have developed a proof of concept using our model and what design choices we have made to meet the majority of these requirements. We also illustrate two use-cases to elaborate the applicability of our approach and analyse the advantages it offers and the limitations it currently has.
Full-text available
The SAML V2.0 Assertions and Protocols specification defines the syntax and semantics for XML-encoded assertions about authentication, attributes, and authorization, and for the protocols that convey this information. This document, known as an "errata composite", combines corrections to reported errata with the original specification text. By design, the corrections are limited to clarifications of ambiguous or conflicting specification text. This document shows deletions from the original specification as struck-through text, and additions as colored underlined text. The "[Enn]" designations embedded in the text refer to particular errata and their dispositions.
Full-text available
Most federated identity management systems are limited by users' ability to choose only one identity provider per service session. A proposed linking service lets users securely link their various identity provider (IdP) accounts, enabling the system to aggregate attributes from multiple authoritative sources automatically without requiring users to authenticate separately to each IdP.
Full-text available
This paper reasons about naming systems as specialized inference mechanisms, It describes a preference)-zierarch.v that can be used to specify the structure of a naming system’s inference mechanism and defines criteria by which different naming systems can be evaluated, For example, the preference hierarchy allows one to compare naming systems based on how dkcrzmznating they are and to identify the class of names for which a given naming system is sound and complete. A study of several example naming systems demonstrates how the prefer-ence hierarchy can be used as a formal tool for designing naming systems. Categories and Subject Descriptors: H.2.3 [Database Management]: Languages—query lan-guages; H.2.4 [Database Management]: Systems—query processing; H.3.3 [Information
The Fifth Annual Educause Current Issues Survey ranked "security and identity management" near the top of the list of critical IT challenges on campus today. Recognition of the crucial importance of securing networked resources led Internet2 to establish its Middleware Initiative (I2MI) in 1999. While Internet2 was founded to develop and deploy advanced network technologies and applications, it was clear from the start that high-speed networks would simply provide a quicker path to abuse unless improved methods of managing and controlling access to resources were developed and deployed along with those networks. I2MI has brought together campus middleware architects to work on fundamental issues in authentication, authorization, and directory services to make secure inter-institutional services possible and practical. The most innovative I2MI effort to date is the Shibboleth Project. Its primary product, the Shibboleth System (often called just Shibboleth), provides an effective solution for secure multi-organizational access to Web resources. In this article, the authors describe how it works, its key features, and how it is designed to meet the needs of the higher education and research communities and their partners. (Contains 2 endnotes.)
This paper describes our experiences building and working with the reference implementation of myVocs (my Virtual Organization Collaboration System). myVocs provides a flexible environment for exploring new approaches to security, application development, and access control built from Internet services without a central identity repository. The myVocs framework enables virtual organization (VO) self-management across unrelated security domains for multiple, unrelated VOs. By leveraging the emerging distributed identity management infrastructure. myVocs provides an accessible, secure collaborative environment using standards for federated identity management and open-source software developed through the National Science Foundation Middleware Initiative. The Shibboleth software, an early implementation of the Organization for the Advancement of Structured Information Standards Security Assertion Markup Language standard for browser single sign-on, provides the middleware needed to assert identity and attributes across domains so that access control decisions can be determined at each resource based on local policy. The eduPerson object class for lightweight directory access protocol (LDAP) provides standardized naming, format, and semantics for a global identifier. We have found that a Shibboleth deployment supporting VOs requires the addition of a new VO service component allowing VOs to manage their own membership and control access to their distributed resources. The myVocs system can be integrated with Grid authentication and authorization using GridShib. Copyright © 2008 John Wiley & Sons, Ltd.
INTRODUCTION 5 26 1.1. NOTATION 5 27 1.2. SCHEMA ORGANIZATION AND NAMESPACES 5 28 1.3. SAML CONCEPTS (NON-NORMATIVE) 6 29 2. ASSERTIONS 7 30 2.1. SCHEMA HEADER AND NAMESPACE DECLARATIONS 7 31 2.2. SIMPLE TYPES 7 32 2.2.1. Simple Type IDType 7 33 2.2.2. Simple Type DecisionType 8 34 2.3. ASSERTIONS 8 35 2.3.1. Element 8 36 2.3.2. Element 9 37 2.3.3. Element 9 38 Element 10 39<F11.8
Electronic Authentication Guideline”, NIST Special Publication 800- 63-1 Reasoning about naming systems
  • E William
  • Donna F Burr
  • Ray A Dodson
  • W Perlner
  • Sarbari Polk
  • Gupta
  • A Emad
  • M Nabbus
  • S K Debray
  • L L Peterson
William E. Burr, Donna F. Dodson, Ray A. Perlner, W. Timothy Polk, Sarbari Gupta, Emad A. Nabbus. “Electronic Authentication Guideline”, NIST Special Publication 800- 63-1, Feb 2008Bowman, M., Debray, S. K., and Peterson, L. L. 1993. Reasoning about naming systems. ACM Trans. Program. Lang. Syst. 15, 5 (Nov. 1993), 795-825. DOI=
The OAuth 2.0 Authorization Protocol " . draft-ietf-oauth-v2-18
  • E Hammer-Lahav
  • D Recordon
  • D Hardt
E. Hammer-Lahav, D. Recordon, D. Hardt " The OAuth 2.0 Authorization Protocol ". draft-ietf-oauth-v2-18. 8 July 2011