Browser Extension-based Interoperation Between OAuth and Information Card-based Systems. / Al-Sinani, Haitham S.

Department of Mathematics, Royal Holloway, University of London, 2011. 25 p. (Technical Report Series; No. RHUL-MA-2011-15).

Research output: Book/ReportOther report

Unpublished

Standard

Browser Extension-based Interoperation Between OAuth and Information Card-based Systems. / Al-Sinani, Haitham S.

Department of Mathematics, Royal Holloway, University of London, 2011. 25 p. (Technical Report Series; No. RHUL-MA-2011-15).

Research output: Book/ReportOther report

Harvard

Al-Sinani, HS 2011, Browser Extension-based Interoperation Between OAuth and Information Card-based Systems. Technical Report Series, no. RHUL-MA-2011-15, Department of Mathematics, Royal Holloway, University of London.

APA

Al-Sinani, H. S. (2011). Browser Extension-based Interoperation Between OAuth and Information Card-based Systems. (Technical Report Series; No. RHUL-MA-2011-15). Department of Mathematics, Royal Holloway, University of London.

Vancouver

Al-Sinani HS. Browser Extension-based Interoperation Between OAuth and Information Card-based Systems. Department of Mathematics, Royal Holloway, University of London, 2011. 25 p. (Technical Report Series; RHUL-MA-2011-15).

Author

Al-Sinani, Haitham S. / Browser Extension-based Interoperation Between OAuth and Information Card-based Systems. Department of Mathematics, Royal Holloway, University of London, 2011. 25 p. (Technical Report Series; RHUL-MA-2011-15).

BibTeX

@book{17ac74ac4ae94573a4ebd0bfee4caa70,
title = "Browser Extension-based Interoperation Between OAuth and Information Card-based Systems",
abstract = "Whilst the growing number of identity management systems have the potential to reduce the threat of identity attacks, major deployment problems remain because of the lack of interoperability between such systems. In this paper we propose a simple scheme to provide client-based interoperation between OAuth and an Information Card-based system such as CardSpace or Higgins. In this scheme, Information Card users are able to obtain an assertion token from an OAuth-enabled system, the contents of which can be processed by an Information Card-enabled relying party. The scheme, based on a browser extension, is transparent to OAuth providers and to identity selectors, and only requires minor changes to the operation of an Information Card-enabled relying party. We specify its operation and also describe an implementation of a proof-of-concept prototype. Additionally, security and operational analyses are provided.",
keywords = "Information Cards, CardSpace, Higgins, OAuth, Interoperation, Browser Extension",
author = "Al-Sinani, {Haitham S.}",
year = "2011",
month = sep
day = "24",
language = "English",
series = "Technical Report Series",
publisher = "Department of Mathematics, Royal Holloway, University of London",
number = "RHUL-MA-2011-15",

}

RIS

TY - BOOK

T1 - Browser Extension-based Interoperation Between OAuth and Information Card-based Systems

AU - Al-Sinani, Haitham S.

PY - 2011/9/24

Y1 - 2011/9/24

N2 - Whilst the growing number of identity management systems have the potential to reduce the threat of identity attacks, major deployment problems remain because of the lack of interoperability between such systems. In this paper we propose a simple scheme to provide client-based interoperation between OAuth and an Information Card-based system such as CardSpace or Higgins. In this scheme, Information Card users are able to obtain an assertion token from an OAuth-enabled system, the contents of which can be processed by an Information Card-enabled relying party. The scheme, based on a browser extension, is transparent to OAuth providers and to identity selectors, and only requires minor changes to the operation of an Information Card-enabled relying party. We specify its operation and also describe an implementation of a proof-of-concept prototype. Additionally, security and operational analyses are provided.

AB - Whilst the growing number of identity management systems have the potential to reduce the threat of identity attacks, major deployment problems remain because of the lack of interoperability between such systems. In this paper we propose a simple scheme to provide client-based interoperation between OAuth and an Information Card-based system such as CardSpace or Higgins. In this scheme, Information Card users are able to obtain an assertion token from an OAuth-enabled system, the contents of which can be processed by an Information Card-enabled relying party. The scheme, based on a browser extension, is transparent to OAuth providers and to identity selectors, and only requires minor changes to the operation of an Information Card-enabled relying party. We specify its operation and also describe an implementation of a proof-of-concept prototype. Additionally, security and operational analyses are provided.

KW - Information Cards

KW - CardSpace

KW - Higgins

KW - OAuth

KW - Interoperation

KW - Browser Extension

M3 - Other report

T3 - Technical Report Series

BT - Browser Extension-based Interoperation Between OAuth and Information Card-based Systems

PB - Department of Mathematics, Royal Holloway, University of London

ER -