共查询到20条相似文献,搜索用时 31 毫秒
1.
Most federated identity management systems are limited by users' ability to choose only one identity provider per service session. A proposed linking service lets users securely link their various identity provider (IdP) accounts, enabling the system to aggregate attributes from multiple authoritative sources automatically without requiring users to authenticate separately to each IdP. 相似文献
2.
蒋小莺 《数字社区&智能家居》2010,(4):778-780
SAML是由OASIS提出的基于XML规范用于网络应用间用户身份及授权等安全信息描述和交换的一个规范。基于SAML规范,可以在已建立信任关系的不同服务实体间进行认证、授权等信息的传递。该文主要针对以Identity Pmvider(IdP)发起模式实现Web SSO中对SAML的应用进行一定的研究。 相似文献
3.
Jianyong Chen Guihua Wu Linlin Shen Zhen Ji 《Expert systems with applications》2011,38(11):14156-14162
With the rapid development of Internet services, identity management (IdM) has got widely attraction as the credit agency between users and service providers. It facilitates users to use the Internet service, promotes service providers to enrich services, and makes Internet more security. Personally identifiable information (PII) is the most important information asset with which identity provider (IdP) can provide various services. Since PII is sensitive to users, it has become a serious problem that PII is leaked, illegal selected, illegal accessed. In order to improve security of PII, this study develops a novel framework using data mining to forecast information asset value and find appropriate security level for protecting user PII. The framework has two stages. In the first stage, user information asset is forecasted by data mining tool (decision tree) from PII database. Then security level for user PII is determined by the information asset value assuming that the higher information asset is, the more security requirement of PII is. In the second stage, with time being, number of illegal access and attack can be accumulated. It can be used to reconstruct the decision tree and update the knowledge base combined with the result of the first stage. Thus security level of PII can be timely adjusted and the protection of PII can be guaranteed even when security threat changes. Furthermore, an empirical case was studied in a user dataset to demonstrate the protection decision derived from the framework for various PII. Simulation results show that the framework with data mining can protect PII effectively. Our work can benefit the development of e-business service. 相似文献
4.
5.
Trust-based security in pervasive computing environments 总被引:1,自引:0,他引:1
Traditionally, stand-alone computers and small networks rely on user authentication and access control to provide security. These physical methods use system-based controls to verify the identity of a person or process, explicitly enabling or restricting the ability to use, change, or view a computer resource. However, these strategies are inadequate for the increased flexibility that distributed networks such as the Internet and pervasive computing environments require because such systems lack central control and their users are not all predetermined. Mobile users expect to access locally hosted resources and services anytime and anywhere, leading to serious security risks and access control problems. We propose a solution based on trust management that involves developing a security policy, assigning credentials to entities, verifying that the credentials fulfill the policy, delegating trust to third parties, and reasoning about users' access rights. This architecture is generally applicable to distributed systems but geared toward pervasive computing environments 相似文献
6.
《Journal of Network and Computer Applications》2012,35(3):892-904
Security infrastructure is one of the most challenging tasks in the development, integration and deployment of Grid middlewares. Even though the Grid community addresses the security issue through public key infrastructures (PKI) to support mutual authentication using X.509 certificates, maintaining X.509 credentials is not that easy for non-IT-experts, and has proved to be an obstacle for a more wide deployment of Grid technologies. The identity federation is an increasingly popular technology that can facilitate cross-domain single sign-on without requiring the users to maintain any credentials additional to their own institutional accounts. We believe that utilizing identity federation for Grid middlewares is a promising path for the Grid technology to get more widely used. This paper describes a single sign-on infrastructure developed as a part of the NorduGrid ARC (Advanced Resource Connector) Grid middleware. It adopts the identity federation standard (SAML), as well as other Web Service standards. It focuses on a single sign-on solution at the middleware level for users to access Grids by only using their frequently used accounts, without being bothered to maintain X.509 credentials. Users can use their username/password only to access Grids developed in ARC middleware, as well as access Grids developed in other middlewares that requires users to provide X.509 certificates. Moreover, the single sign-on for workflow-like Grid applications (in which intermediate entities act on behalf of users) is also supported. As an important aspect of single sign-on, authorization is also considered by implementing an attribute-based authorization using SAML standard. In addition, the performance of single sign-on solution is measured. We identify performance limitations of security-related services inside this solution, and analyse the ways to avoid the limitations. To our knowledge, the work presented in this paper is the first evaluated implementation that utilizes identity federation for Grid usage on the middleware level. 相似文献
7.
Mark Norman 《New Review of Information Networking》2013,18(2):193-207
This article explores the advantages and disadvantages of end user/client digital certificates as means of online authentication in a higher or further education information environment. We conclude that the use of client certificates is feasible and scalable. Nevertheless, it is valid to question whether there is a future in such a technology. Certificates could be useful to some users as the front-end authentication tokens for single sign on systems and we believe that it is not critical that most users will never fully understand how they work. With feedback from over eighty users, with a broad spectrum of technical abilities, the Digital Certificate Operation in a Complex Environment (DCOCE) project looked deeply into the usability of such credentials. Whatever access management technology an institution uses, there is much to learn from the human methodologies of public key infrastructure (PKI) and how these can be made to scale. The use of local user registration individuals to issue user credentials is to be encouraged. Library services are good examples of resources that may be authorized centrally, but other services are not suited to central authorization control. We consider these issues and indicate where digital certificates could be used in the future access management protocols within the UK. 相似文献
8.
Secure Interoperation between different identity management (IdM) systems has become a challenge. In this paper, a framework is proposed to discover interoperation paths among identity providers (IdP) located in different circles of trust (CoT). According to the proposed framework, interoperation path and path discovery algorithm are proposed to establish a trust relationship between different CoTs. Security of the interoperation path is improved by the deployment of authentication assurance level (AAL) conversion and role mapping. Moreover, security of the path discovery process is guaranteed by path authentication which can resist security violation. 相似文献
9.
10.
11.
12.
随着互联网中隐私保护技术的发展,身份认证已成为保护计算机系统和数据安全的一道重要屏障.然而,信息技术的快速发展使传统身份认证手段暴露出一些弊端,例如,区块链技术的兴起对身份认证提出了更高的要求,在认证身份的同时需要保护用户的身份隐私等.采用匿名认证技术可解决用户身份隐私泄露的问题,但目前大多数方案未考虑可监管的问题,一旦用户出现不诚信行为,很难进行追责,因此,需要在匿名认证过程中建立监管机制.针对以上问题和需求,主要设计了一种可监管的匿名认证方案,通过匿名证书的方式确定用户的资源访问权限和使用权限,同时,用户在出示证书时可选择性地出示属性,确保用户的隐私信息不过度暴露;此外,方案中引入监管机制,可信中心(CA)对匿名认证过程进行监管,一旦出现欺诈行为,可对相关责任人进行追责.该方案主要采用安全的密码学算法构建,并通过了安全性的分析证明,能够高效实现可监管的匿名身份认证,适宜在区块链(联盟链)和其他具有匿名认证需求和可监管需求的系统中使用. 相似文献
13.
With the recent advances in the World Wide Web development, more and more users have access to web information, and more and more information providers are able to put information of various types on the web. The web has now become one of the most important Internet information systems for various professionals and users. However, owing to the huge amount of information of various types available and various users on the Internet and Web, efficient query and information retrieval as well as the management of Internet information have become a challenging and difficult task. Therefore, systematic research on the design, implementation, and management of Internet and web-based information systems has been increasingly attractive and important. The Web Information Systems Engineering (WISE) Conference Series (see http://www.i-wise.org) has emerged since 2000 as an excellent forum for researchers, professionals, and industrial practitioners to share their rapidly developing knowledge and report on new advances in web-based information systems. 相似文献
14.
在信息系统的应用中,为了保证信息的安全使用,为了打破各应用系统间的信息孤岛,降低维护管理成本,切实有效的保证用户身份信息的安全性、完整性、一致性和可用性,最好的方法就是建立一套用户信息管理使用体系,这套体系也就是用户信息资源在所有应用系统中的统一认证和统一授权管理支撑系统。为了解决多系统中存在的多重口令管理而提出的解决方案,它应有统一用户信息资源管理、统一用户身份认证和认证接口服务等三大主要部分组成。也就是要建立权威的、适合各应用系统使用的统一帐号数据库;利用这个统一帐号数据库,通过各应用系统的用户信息的接口,实现用户在各应用系统中的身分识别。统一用户身分识别或认证只是实现了用户统一管理的第一步,要实现用户统一授权,在用户统一认证的基础上完成用户角色管理,通过把用户加入到某一种角色来实现该用户的权限分配,管理员可以添加自定义的角色,从而实现灵活的系统配置;完成模块管理,为控制用户使用系统各功能模块的权限,把系统中所有的功能项添加到模块表中,添加到表中的模块以菜单的形式显示在系统中,增加新的功能模块时,添加模块表,把新增的模块纳入一致的权限管理范畴;完成模块授权配置,对系统各个模块进行定义,并设置对哪些角色、部... 相似文献
15.
16.
Hosam El- El-Sofany 《计算机系统科学与工程》2022,43(2):573-589
Most user authentication mechanisms of cloud systems depend on the credentials approach in which a user submits his/her identity through a username and password. Unfortunately, this approach has many security problems because personal data can be stolen or recognized by hackers. This paper aims to present a cloud-based biometric authentication model (CBioAM) for improving and securing cloud services. The research study presents the verification and identification processes of the proposed cloud-based biometric authentication system (CBioAS), where the biometric samples of users are saved in database servers and the authentication process is implemented without loss of the users’ information. The paper presents the performance evaluation of the proposed model in terms of three main characteristics including accuracy, sensitivity, and specificity. The research study introduces a novel algorithm called “Bio_Authen_as_a_Service” for implementing and evaluating the proposed model. The proposed system performs the biometric authentication process securely and preserves the privacy of user information. The experimental result was highly promising for securing cloud services using the proposed model. The experiments showed encouraging results with a performance average of 93.94%, an accuracy average of 96.15%, a sensitivity average of 87.69%, and a specificity average of 97.99%. 相似文献
17.
The development of digital libraries has enhanced the integration of textual and multimedia information in many document collections. The World Wide Web provides the connectivity for many digital library users. Studies exploring the searching characteristics of Web users are an important and a growing area of research. Most Web user studies have focused on general Web searching, regardless of subject matter or format. Little research has examined how Web users search for multimedia information. Our study examines users' multimedia searching on a major Web search service. The data set examined consisted of 1,025,908 queries from 211,058 users of Excite ®, a major Web search service. From this data set, we identified and analyzed queries for audio, image, and video queries. Our findings were compared to results from general Web searching studies. Implications for the design of Web searching services and interfaces are discussed. 相似文献
18.
《IT Professional》2007,9(3):19-24
The notion of "service" has spurred major evolutions for both information systems and the Web. A software application is no longer considered a monolithic component; it can be divided into services that are smaller components defined by their function and accessible through well-defined interfaces and protocols. As a result, IT actors are using service-oriented architectures (SOAs) to remodel the information systems of many companies while the Web is increasingly becoming a programmable place. In both domains, developers build composite client applications to consume these services. Even boundaries between enterprise services and Internet services are vanishing. Some companies, such as Strikelron provide enterprise services that were previously always hosted internally - like customer relationship management solutions. As a consequence, companies now have the technologies required to bring their business online. With Web services, private business processes can be exposed to partners through public composite Web applications. When new projects emerge, companies need guidance to properly handle such work. In this context, we aim to provide companies solutions - through a methodology, an architecture, and technical choices - that will help them solve generic problems such as security and application conception 相似文献
19.
一种云计算中的多重身份认证与授权方案 总被引:1,自引:0,他引:1
OpenID是一种广泛应用于云计算中的去中心化的身份认证技术。OpenID为用户以一个身份在多个云服务中通行提供了一种方式,也解决了因遗失在云提供商处注册的云身份凭证而不能登录的问题。但用户以OpenID身份登录云服务后,却不能访问该用户的云身份拥有的资源,且OpenID技术也没有对请求身份信息的云服务进行认证与细粒度授权。因此文章在OpenID技术和OAuth技术的基础上,设计了一种多重身份认证与授权方案来解决上述同一用户不同身份的资源不可访问问题,以及身份信息等资源访问流程中的细粒度授权问题。 相似文献
20.
This paper introduces a model‐driven approach to the design of collaborative Web‐based applications, i.e. applications in which several users play different roles, in a collaborative way, to pursue a specific goal. The paper illustrates a conference management application (CMA), whose main requirements include: (i) the management of users profiles and access rights based on the role played by users during the conference life cycle; (ii) the delivery of information and services to individual users; (iii) the management of the sequence of activities that lead to the achievement of a common goal. The presented approach is based on WebML, a conceptual modelling language for the Web. The paper also highlights some general properties—as understood by the practical experience of CMA development—that a Web modelling language should feature in order to fully support the development of collaborative applications. Copyright © 2003 John Wiley & Sons, Ltd. 相似文献