Integrating OAuth with Information Card  Systems

Haitham S. Al-Sinani

Integrating OAuth with Information Card Systems

Haitham S. Al-Sinani

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

421 Downloads (Pure)

Abstract

We propose a novel scheme to provide client-based interoperation between OAuth and an Information Card system such as CardSpace or Higgins. In this scheme, Information Card users are able to obtain a security token from an OAuth-enabled system, the contents of which can be processed by an Information Card-enabled relying party. The scheme, based on a browser extension, is transparent to OAuth providers and to identity selectors, and only requires minor changes to the operation of an Information Card-enabled relying party. We specify its operation and describe an implementation of a proof-of-concept prototype. Security and operational analyses are also provided.

Original language	English
Title of host publication	Proceedings of IAS '11
Subtitle of host publication	7th International Conference on Information Assurance and Security, Malacca, Malaysia, 5-8 December 2011
Publisher	IEEE
Publication status	Published - 2011

Access to Document

Integrating OAuth with Information Card SystemsAccepted author manuscript, 114 KB

Cite this

@inproceedings{d565675e8c8945229489d24cab4dc896,

title = "Integrating OAuth with Information Card Systems",

abstract = "We propose a novel scheme to provide client-based interoperation between OAuth and an Information Card system such as CardSpace or Higgins. In this scheme, Information Card users are able to obtain a security token from an OAuth-enabled system, the contents of which can be processed by an Information Card-enabled relying party. The scheme, based on a browser extension, is transparent to OAuth providers and to identity selectors, and only requires minor changes to the operation of an Information Card-enabled relying party. We specify its operation and describe an implementation of a proof-of-concept prototype. Security and operational analyses are also provided.",

author = "Al-Sinani, {Haitham S.}",

year = "2011",

language = "English",

booktitle = "Proceedings of IAS '11",

publisher = "IEEE",

}

TY - GEN

T1 - Integrating OAuth with Information Card Systems

AU - Al-Sinani, Haitham S.

PY - 2011

Y1 - 2011

N2 - We propose a novel scheme to provide client-based interoperation between OAuth and an Information Card system such as CardSpace or Higgins. In this scheme, Information Card users are able to obtain a security token from an OAuth-enabled system, the contents of which can be processed by an Information Card-enabled relying party. The scheme, based on a browser extension, is transparent to OAuth providers and to identity selectors, and only requires minor changes to the operation of an Information Card-enabled relying party. We specify its operation and describe an implementation of a proof-of-concept prototype. Security and operational analyses are also provided.

AB - We propose a novel scheme to provide client-based interoperation between OAuth and an Information Card system such as CardSpace or Higgins. In this scheme, Information Card users are able to obtain a security token from an OAuth-enabled system, the contents of which can be processed by an Information Card-enabled relying party. The scheme, based on a browser extension, is transparent to OAuth providers and to identity selectors, and only requires minor changes to the operation of an Information Card-enabled relying party. We specify its operation and describe an implementation of a proof-of-concept prototype. Security and operational analyses are also provided.

M3 - Conference contribution

BT - Proceedings of IAS '11

PB - IEEE

ER -