Abstract
Although many identity management systems have been proposed, intended
to improve the security and usability of user authentication, major
adoption problems remain. In this thesis we propose a range of novel schemes
to address issues acting as barriers to adoption, namely the lack of interoperation
between systems, simple adoption strategies, and user security within
such systems.
To enable interoperation, a client-based model is proposed supporting interworking
between identity management systems. Information Card systems
(e.g. CardSpace) are enhanced to enable a user to obtain a security token from
an identity provider not supporting Information Cards; such a token, after encapsulation
at the client, can be processed by an Information Card-enabled
relying party. The approach involves supporting interoperation at the client,
while maximising transparency to identity providers, relying parties and identity
selectors. Four specific schemes conforming to the model are described,
each of which has been prototyped. These schemes enable interoperation between
an Information Card-enabled relying party and an identity provider
supporting one of Liberty, Shibboleth, OpenID, or OAuth.
To facilitate adoption, novel schemes are proposed that enable Information
Card systems to support password management and single sign on. The
schemes do not require any changes to websites, and provide a simple, intuitive
user experience through use of the identity selector interface. They familiarise
users with Information Card systems, thereby potentially facilitating
their future adoption.
To improve user security, an enhancement to Information Card system
user authentication is proposed. During user authentication, a one-time password
is sent to the user’s mobile device which is then entered into the computer
by the user.
Finally, a universal identity management tool is proposed, designed to
support a wide range of systems using a single user interface. It provides a
consistent user experience, addresses a range of security issues (e.g. phishing),
and provides greater user control during authentication.
to improve the security and usability of user authentication, major
adoption problems remain. In this thesis we propose a range of novel schemes
to address issues acting as barriers to adoption, namely the lack of interoperation
between systems, simple adoption strategies, and user security within
such systems.
To enable interoperation, a client-based model is proposed supporting interworking
between identity management systems. Information Card systems
(e.g. CardSpace) are enhanced to enable a user to obtain a security token from
an identity provider not supporting Information Cards; such a token, after encapsulation
at the client, can be processed by an Information Card-enabled
relying party. The approach involves supporting interoperation at the client,
while maximising transparency to identity providers, relying parties and identity
selectors. Four specific schemes conforming to the model are described,
each of which has been prototyped. These schemes enable interoperation between
an Information Card-enabled relying party and an identity provider
supporting one of Liberty, Shibboleth, OpenID, or OAuth.
To facilitate adoption, novel schemes are proposed that enable Information
Card systems to support password management and single sign on. The
schemes do not require any changes to websites, and provide a simple, intuitive
user experience through use of the identity selector interface. They familiarise
users with Information Card systems, thereby potentially facilitating
their future adoption.
To improve user security, an enhancement to Information Card system
user authentication is proposed. During user authentication, a one-time password
is sent to the user’s mobile device which is then entered into the computer
by the user.
Finally, a universal identity management tool is proposed, designed to
support a wide range of systems using a single user interface. It provides a
consistent user experience, addresses a range of security issues (e.g. phishing),
and provides greater user control during authentication.
| Original language | English |
|---|---|
| Qualification | Ph.D. |
| Awarding Institution |
|
| Supervisors/Advisors |
|
| Thesis sponsors | |
| Award date | 1 Oct 2012 |
| Publication status | Unpublished - 2012 |
Keywords
- identity management
- user authentication
- interoperation
- password manager
- PassCard
- IDSpace