Abstract
We propose a novel scheme to provide client-based interoperation between OAuth and an Information Card system such as CardSpace or Higgins. In this scheme, Information Card users are able to obtain a security token from an OAuth-enabled system, the contents of which can be processed by an Information Card-enabled relying party. The scheme, based on a browser extension, is transparent to OAuth providers and to identity selectors, and only requires minor changes to the operation of an Information Card-enabled relying party. We specify its operation and describe an implementation of a proof-of-concept prototype. Security and operational analyses are also provided.
Original language | English |
---|---|
Title of host publication | Proceedings of IAS '11 |
Subtitle of host publication | 7th International Conference on Information Assurance and Security, Malacca, Malaysia, 5-8 December 2011 |
Publisher | IEEE |
Publication status | Published - 2011 |