基于IBAS的SAML路径验证协议

在Web服务认证调用过程中，现有基于公钥基础设施(PKI)的签名机制在保证安全声明标记语言(SAML)断言的安全传递时会显著降低SOAP消息的传输效率。为此，提出基于身份聚合签名的SAML路径验证协议IBSPV，通过缩短签名值和验证公钥的长度，加快 SOAP消息的传输速度。在随机预言模型下分析证明IBSPV具有保证SAML断言的完整性、源不可伪造性以及传递路径不可篡改和抗 重放攻击等安全特性。通过比较IBSPV签名与PKI签名的断言长度，证明IBSPV协议具有更高的传输效率。

SAML Path Verification Protocol Based on IBAS

To resolve the problem that signature mechanisms based on Public Key Infrastructure(PKI) reduce the SOAP message transmission efficiency when protecting the Security Assertion Markup Language(SAML) assertion transport significantly in Web service authentication call process.This paper proposes Identity-based SAML Path Verification(IBSPV),which improves the transmission efficiency of the SOAP message by shortening the length of the signature value and the public key.Based on random oracle model,IBSPV can ensure the integrity of the SAML assertion and source unforgeability,protect the transmission path which can not be tampered with,and can prevent anti-replay attacks.By comparing the assertion length of IBSPV and PKI,it proves that IBSPV protocol improves the transmission efficiency.