Integrating OAuth with Information Card Systems

Haitham S. Al-Sinani

Research output: Chapter in Book/Report/Conference proceedingConference contribution

436 Downloads (Pure)


We propose a novel scheme to provide client-based interoperation between OAuth and an Information Card system such as CardSpace or Higgins. In this scheme, Information Card users are able to obtain a security token from an OAuth-enabled system, the contents of which can be processed by an Information Card-enabled relying party. The scheme, based on a browser extension, is transparent to OAuth providers and to identity selectors, and only requires minor changes to the operation of an Information Card-enabled relying party. We specify its operation and describe an implementation of a proof-of-concept prototype. Security and operational analyses are also provided.
Original languageEnglish
Title of host publicationProceedings of IAS '11
Subtitle of host publication7th International Conference on Information Assurance and Security, Malacca, Malaysia, 5-8 December 2011
Publication statusPublished - 2011

Cite this