%M C.IDTRUST.08.1
%T A client-side CardSpace-Liberty integration architecture
%S Identity management
%A Alrodhan, Waleed A.
%A Mitchell, Chris J.
%B Proceedings of the 2008 Symposium on Identity and Trust on the Internet
%D 2008-03-04
%P 1-7
%K CardSpace, Liberty, federation, identity management, integration
%* (c) Copyright 2008 ACM
%W http://doi.acm.org/10.1145/1373290.1373292
%X Over the last few years, many identity management schemes, frameworks and
system specifications have been proposed; however these various schemes and
frameworks are typically not interoperable. In this paper we propose an
approach to enable interoperation between two of the most prominent identity
management schemes, namely the Liberty Alliance Project scheme (specifically
the ID-FF LEC Profile) and the Microsoft CardSpace (formerly known as InfoCard)
scheme. This integration should enhance interoperability by enabling users to
make use of identity management systems even if the system participants are
using different schemes. The main advantages and disadvantages of the proposed
integration model are also investigated.

%M C.IDTRUST.08.8
%T Identity protection factor (IPF)
%S Identity management
%A Noor, Arshad
%B Proceedings of the 2008 Symposium on Identity and Trust on the Internet
%D 2008-03-04
%P 8-18
%K access control, asymmetric key, authentication, identification &amp;
authentication, identity management, identity protection factor (IPF),
shared-secret, symmetric key
%* (c) Copyright 2008 ACM
%W http://doi.acm.org/10.1145/1373290.1373293
%X Since the dawn of computing, operating systems and applications have used
many schemes to identify and authenticate entities accessing resources within
computers. While the technologies and schemes have varied, there appears to
have been little attempt to classify them based on their ability to resist
attacks from unauthorized entities.
   With the proliferation of identity management technologies in the market
today, it is becoming increasingly difficult to assess and compare them with
each other. As the threat level continues to rise on the internet, and
regulations governing information technology continue to grow, risk managers
need more objective mechanisms to assign risk to their systems so they may
apply appropriate mitigating controls.
   This paper attempts to describe a classification scheme that will permit the
comparison of seemingly different identification and authentication (I&amp;A)
technologies on the basis of their vulnerability to attacks. With a better
understanding of related authentication technologies, companies can determine
the appropriate technology to use for mitigating authentication risks.

%M C.IDTRUST.08.19
%T OpenID identity discovery with XRI and XRDS
%S Identity management
%A Reed, Drummond
%A Chasen, Les
%A Tan, William
%B Proceedings of the 2008 Symposium on Identity and Trust on the Internet
%D 2008-03-04
%P 19-25
%K Higgins project, OpenID, SAML, XRDS, XRI, Yadis, extensible resource
descriptor sequence, extensible resource identifier, i-card, identifier,
identity discovery, information card, resolution, user-centric identity
%* (c) Copyright 2008 ACM
%W http://doi.acm.org/10.1145/1373290.1373294
%X The work examines the identity discovery problems that needed to be
addressed by the OpenID 2.0 protocol in order to enable a user-centric Internet
identity layer. The paper illustrates how the OASIS XRI and XRDS specifications
were applied to help solve these identity discovery challenges. The work also
considers interoperable identity discovery for other Internet identity
frameworks such as SAML, Information Cards, and the Higgins Project, and
recommends future work.

%M C.IDTRUST.08.26
%T A content-driven access control system
%S Access control in open systems
%A Staddon, Jessica
%A Golle, Philippe
%A Gagn&eacute;, Martin
%A Rasmussen, Paul
%B Proceedings of the 2008 Symposium on Identity and Trust on the Internet
%D 2008-03-04
%P 26-35
%K access control, attribute-based encryption, inference control, revocation,
secret sharing
%* (c) Copyright 2008 ACM
%W http://doi.acm.org/10.1145/1373290.1373296
%X Protecting identity in the Internet age requires the ability to go beyond
the identification of explicitly identifying information like social security
numbers, to also find the broadly-held attributes that, when taken together,
are identifying. We present a system that can work in conjunction with natural
language processing algorithms or user-generated tags, to protect identifying
attributes in text. The system uses a new attribute-based encryption protocol
to control access to such identifying attributes and thus protects identity.
The system supports the definition of user access rights based on role or
identity. We extend the existing model of attribute-based encryption to support
threshold access rights and provide a heuristic instantiation of revocation.

%M C.IDTRUST.08.36
%T Secure roaming with identity metasystems
%S Access control in open systems
%A Hoang, Long Nguyen
%A Laitinen, Pekka
%A Asokan, N.
%B Proceedings of the 2008 Symposium on Identity and Trust on the Internet
%D 2008-03-04
%P 36-47
%K identity metasystem, mobility, roaming
%* (c) Copyright 2008 ACM
%W http://doi.acm.org/10.1145/1373290.1373297
%X The notion of identity metasystem has been introduced as the means to ensure
inter-operability among different identity systems while providing a consistent
user experience. Current identity metasystems provide limited support for
secure roaming: by "roaming" we refer to the ability of a user to use the same
set of identities and credentials across different terminals. We argue that in
order to support different types of roaming, the identity metasystem client
should be structured as a set of distributable components. We describe such
distributed client-side software architecture and how that architecture is
implemented by adapting Novell's Bandit project. We use our implementation to
demonstrate how credentials are stored in a trusted device in the form of a
mobile phone but can be used on less trusted terminals in the form of PCs.

%M C.IDTRUST.08.48
%T Secure communication for ad-hoc, federated groups
%S Access control in open systems
%A Sj&ouml;holm, Andreas
%A Seitz, Ludwig
%A Sadighi, Babak
%B Proceedings of the 2008 Symposium on Identity and Trust on the Internet
%D 2008-03-04
%P 48-58
%K Diffie-Hellman, XACML, access control, authorization, secure group
communication, tree-based group
%* (c) Copyright 2008 ACM
%W http://doi.acm.org/10.1145/1373290.1373298
%X Ad-hoc federated groups are getting increasingly popular as means of
addressing collaborative tasks that require information sharing. However, in
some application scenarios, the security of the shared information is vital.
Managing the communication security of such groups in an efficient way is a
difficult task.
   This paper presents an architecture that enables secure communication for
ad-hoc, cross-organisational groups. Our architecture covers group admission
control, group key management and secure group communication. The groups in
question are expected to be ad-hoc groups where the potential participants have
no prior knowledge of each other and thus federation mechanisms need to be used
to establish group admission rights. In order to handle group admission we use
the SAML and XACML standards, for group key management we use the TGDH
protocol. Our approach thus supports decentralised management of the most
important tasks in secure group communication using an integrated approach
based on established security standards. We have also produced a demo
implementation to show the feasibility of our architecture.
   This research was pursued as part of the TrustDis project funded by the
Swedish Governmental Agency for Innovation Systems (Vinnova).

%M C.IDTRUST.08.59
%T User-centric PKI
%S Public key infrastructure
%A Perlman, Radia
%A Kaufman, Charlie
%B Proceedings of the 2008 Symposium on Identity and Trust on the Internet
%D 2008-03-04
%P 59-71
%K PKI, authentication, single sign-on, web services
%* (c) Copyright 2008 ACM
%W http://doi.acm.org/10.1145/1373290.1373300
%X The goal of supporting Single Sign-On to the Web has proven elusive. A
number of solutions have been proposed -- and some have even been deployed --
but the capability remains unavailable to most users and the solutions deployed
raise concerns for both convenience and security. In this paper, we enumerate
desirable attributes in a scheme for authenticating from an Internet browser to
a web site and the authorization that follows. We categorize the currently
deployed or advocated approaches, describing their benefits and issues, and we
suggest incremental improvements to such schemes. We then outline a design for
public-key based authentication particularly suited to what we believe to be
the common case: users, acting on their own behalf (as opposed to as an
employee of an organization), performing actions on the web such as making a
purchase or maintaining an account at a service provider. We contrast the
usability/privacy/security properties of our design with other identity
management/authentication schemes deployed or being proposed today. Our design
is truly user-centric, in the sense that the user acts as his own CA, and as a
decision point for authorizing release of user information to web sites, rather
than having an Identity Provider be the center of trust.

%M C.IDTRUST.08.72
%T Public key superstructure "it's PKI Jim, but not as we know it!"
%S Public key infrastructure
%A Wilson, Stephen
%B Proceedings of the 2008 Symposium on Identity and Trust on the Internet
%D 2008-03-04
%P 72-88
%K PKI, authentication, digital certificates, public key infrastructure
%* (c) Copyright 2008 ACM
%W http://doi.acm.org/10.1145/1373290.1373301
%X While PKI has had its difficulties (like most new technologies) the unique
value of public key authentication in paperless transactions is now widely
acknowledged. The na&iuml;ve early vision of a single all-purpose identity
system has given way to a more sophisticated landscape of multiple PKIs, used
not for managing identity per se, but rather more subtle memberships,
credentials and so on. It is well known that PKI's successes have mostly been
in closed schemes. Until now, this fact was often regarded as a compromise;
many held out hope that a bigger general purpose PKI would still eventuate. But
I argue that the dominance of closed PKI over open is better understood as
reflecting the reality of identity plurality, which independently is becoming
the norm through the Laws of Identity and related frameworks.
   This paper introduces the term "Public Key Superstructure" to describe a new
way to knit together existing mature PKI components to improve the utility and
practicality of digital certificates. The "superstructure" draws on useful
precedents in the security printing industry for manufacturing specialized
security goods without complicated or un-natural liabilities, and
inter-national accreditation arrangements for achieving cross-border
recognition of certificates. The model rests on a crucial re-imagining of
certificates as standing for relationships rather than identities. This elegant
re-interpretation of otherwise standard elements could truly be a paradigm
shift for PKI, for it grounds certificates in familiar, even mundane management
processes. It will bring profound yet easily realized benefits for liability,
cost, interoperability, scalability, accreditation, and governance.

%M C.IDTRUST.08.89
%T Audit and backup procedures for hardware security modules
%S Public key infrastructure
%A de Souza, T&uacute;lio Cicero Salvaro
%A Martina, Jean Everson
%A Cust&oacute;dio, Ricardo Felipe
%B Proceedings of the 2008 Symposium on Identity and Trust on the Internet
%D 2008-03-04
%P 89-97
%K PKI ceremony, embedded cryptographic hardware, hardware security module, key
life-cycle, key management, public key infrastructure
%* (c) Copyright 2008 ACM
%W http://doi.acm.org/10.1145/1373290.1373302
%X Hardware Security Modules (HSMs) are an useful tool to deploy public key
infrastructure (PKI) and its applications. This paper presents necessary
procedures and protocols to perform backup and audit in such devices when
deployed in PKIs. These protocols were evaluated in an implementation of a real
HSM, enabling it to perform secure backups and to provide an audit trail, two
important considerations for a safe PKI operation. It also introduces a
ceremony procedure to support the operation of such HSMs in a PKI environment.

%M C.IDTRUST.08.98
%T Securing the core with an Enterprise Key Management Infrastructure (EKMI)
%S Public key infrastructure
%A Noor, Arshad
%B Proceedings of the 2008 Symposium on Identity and Trust on the Internet
%D 2008-03-04
%P 98-111
%K XML encryption (XENC), XML signature (DSIG), enterprise key management
infrastructure (EKMI), key-management (KM), public key infrastructure (PKI),
symmetric key client library (SKCL), symmetric key management system (SKMS),
symmetric key services (SKS), symmetric key services markup language (SKSML)
%* (c) Copyright 2008 ACM
%W http://doi.acm.org/10.1145/1373290.1373303
%X The last twenty-five years has witnessed an emphasis on protecting the
network and computing host as a proxy for protecting data from unauthorized
access. While this was a reasonable strategy at the dawn of network-based
computing, given the state of the internet today with its security issues, this
strategy is proving to be hopeless.
   This paper advances the notion that the time has finally come to begin what
we should have done initially -- protect the core of our computing
infrastructure: the data -- in addition to protecting the network and computing
host.
   The paper describes an architecture -- and a specific implementation of that
architecture -- to enable the encryption of data across the enterprise in a
platform and application-independent manner. The architecture describes the use
of a Public Key Infrastructure (PKI) and a Symmetric Key Management System
(SKMS) within an Enterprise Key Management Infrastructure (EKMI), to securely
-- and centrally -- manage the life-cycle of the symmetric encryption keys used
for data encryption.

%M C.IDTRUST.08.112
%T A federation of web services for Danish health care
%S Practice &amp; experience: health care
%A Dalsgaard, Esben
%A Kjelstr&oslash;m, K&aring;re
%A Riis, Jan
%B Proceedings of the 2008 Symposium on Identity and Trust on the Internet
%D 2008-03-04
%P 112-121
%K SAML, SOA, SOAP, WS-trust, X509 certificates, digital signatures, electronic
patient records, federated identity management, health care, security token
service, single sign on, web services
%* (c) Copyright 2008 ACM
%W http://doi.acm.org/10.1145/1373290.1373305
%X Having relevant, up-to-date information about a patient's health care
history is often crucial for providing the appropriate treatment. In Denmark,
IT systems have been built to support different work flows in the health
sector, but the systems are rarely connected and have become islands of data.
   To remedy this situation, a service-oriented architecture based on web
services for online exchange of health care data between the vast array of
heterogeneous IT systems in the sector is being built.
   The architecture forms a federation of web services and enables secure and
reliable authentication of end-users and systems in the Danish health sector.
The architecture is based on national and international standards and
specifications. Yet it defines its own profile for secure interchange of data
due to a lack of available international profiles that could handle the special
needs of the health sector at the time of project inception.
   The architecture has evolved through a pilot project from mid 2005 to the
end of 2007, and is being tested in a small scale 1{sup:st} quarter 2008. This
paper aims to convey experiences from the project, so rich in benefits that the
architecture has been accepted and standardized as the foundation for the
future of system integration in the health sector in Denmark.

%M C.IDTRUST.08.122
%T Security and privacy system architecture for an e-hospital environment
%S Practice &amp; experience: health care
%A Garson, Kathryn
%A Adams, Carlisle
%B Proceedings of the 2008 Symposium on Identity and Trust on the Internet
%D 2008-03-04
%P 122-130
%K authentication, health care, policy-based encryption, privacy
%* (c) Copyright 2008 ACM
%W http://doi.acm.org/10.1145/1373290.1373306
%X Hospitals are now using electronic medical records and computer applications
in order to provide more efficient and thorough care for their patients. The
Mobile Emergency Triage system provides doctors with decision support for
emergency care by pulling information from a patient's health record and a
medical literature database. In order to achieve compliance with privacy
legislations PIPEDA and PHIPA, security and privacy measures must be put in
place. Encryption and access control are necessary for ensuring proper
authorization and confidentiality for patient records. Strong authentication
and audit logs are required to ensure access only by those allowed. We discuss
differences in security technologies and detail the ones used in our MET
system. A new encryption technology called policy-based encryption proves to be
quite useful within a health care environment for providing both encryption and
access control. We propose an extension to an existing scheme which allows for
the use of this cryptography in a hospital setting.