CardSpace-OpenID Integration for CardSpace Users

Haitham Al-Sinani; Chris J Mitchell

CardSpace-OpenID Integration for CardSpace Users

Research output: Book/Report › Other report

119 Downloads (Pure)

Abstract

Whilst the growing number of identity management systems have the potential to reduce
the threat of identity attacks, major deployment problems remain because of the lack of
interoperability between such systems. In this paper
we propose a novel, simple scheme to provide interoperability between two
of the most widely discussed identity management systems, namely
CardSpace and OpenID\@. In this scheme, CardSpace users are
able to obtain an assertion token from an OpenID-enabled identity
provider, the contents of which can be processed by a CardSpace-enabled
relying party. The scheme, based on a browser extension, is
transparent to OpenID providers and to the CardSpace identity selector,
and only requires minor changes to the operation of a CardSpace-enabled relying party.
We specify its operation and also describe an implementation of a proof-of-concept prototype.
Additionally, security and operational analyses are provided.

Original language	English
Publisher	Department of Mathematics, Royal Holloway, University of London
Publication status	Unpublished - 24 May 2011

Publication series

Name	Technical Report Series
Publisher	Mathematics Department, Royal Holloway
No.	RHUL-MA-2011-12

Access to Document

RHUL MA 2011 12Submitted manuscript, 301 KB

http://www.ma.rhul.ac.uk/static/techrep/2011/RHUL-MA-2011-12.pdf

Cite this

@book{37ecdf0138e34c438bea4c68d0cac52b,

title = "CardSpace-OpenID Integration for CardSpace Users",

abstract = "Whilst the growing number of identity management systems have the potential to reducethe threat of identity attacks, major deployment problems remain because of the lack ofinteroperability between such systems. In this paperwe propose a novel, simple scheme to provide interoperability between twoof the most widely discussed identity management systems, namelyCardSpace and OpenID\@. In this scheme, CardSpace users areable to obtain an assertion token from an OpenID-enabled identityprovider, the contents of which can be processed by a CardSpace-enabledrelying party. The scheme, based on a browser extension, is transparent to OpenID providers and to the CardSpace identity selector,and only requires minor changes to the operation of a CardSpace-enabled relying party.We specify its operation and also describe an implementation of a proof-of-concept prototype.Additionally, security and operational analyses are provided.",

author = "Haitham Al-Sinani and Mitchell, {Chris J}",

year = "2011",

month = may,

day = "24",

language = "English",

series = "Technical Report Series",

publisher = "Department of Mathematics, Royal Holloway, University of London",

number = "RHUL-MA-2011-12",

}

TY - BOOK

T1 - CardSpace-OpenID Integration for CardSpace Users

AU - Al-Sinani, Haitham

AU - Mitchell, Chris J

PY - 2011/5/24

Y1 - 2011/5/24

N2 - Whilst the growing number of identity management systems have the potential to reducethe threat of identity attacks, major deployment problems remain because of the lack ofinteroperability between such systems. In this paperwe propose a novel, simple scheme to provide interoperability between twoof the most widely discussed identity management systems, namelyCardSpace and OpenID\@. In this scheme, CardSpace users areable to obtain an assertion token from an OpenID-enabled identityprovider, the contents of which can be processed by a CardSpace-enabledrelying party. The scheme, based on a browser extension, is transparent to OpenID providers and to the CardSpace identity selector,and only requires minor changes to the operation of a CardSpace-enabled relying party.We specify its operation and also describe an implementation of a proof-of-concept prototype.Additionally, security and operational analyses are provided.

AB - Whilst the growing number of identity management systems have the potential to reducethe threat of identity attacks, major deployment problems remain because of the lack ofinteroperability between such systems. In this paperwe propose a novel, simple scheme to provide interoperability between twoof the most widely discussed identity management systems, namelyCardSpace and OpenID\@. In this scheme, CardSpace users areable to obtain an assertion token from an OpenID-enabled identityprovider, the contents of which can be processed by a CardSpace-enabledrelying party. The scheme, based on a browser extension, is transparent to OpenID providers and to the CardSpace identity selector,and only requires minor changes to the operation of a CardSpace-enabled relying party.We specify its operation and also describe an implementation of a proof-of-concept prototype.Additionally, security and operational analyses are provided.