Mediante soluciones de identidad federada los individuos pueden emplear la misma identificación personal (típicamente usuario y contraseña) para identificarse en redes de diferentes departamentos o ...incluso empresas. Vinculado al concepto, OpenID es un estándar de identificación digital descentralizado, con el que un usuario puede identificarse en una página web a través de una URL (o un XRI en la versión actual) y puede ser verificado por cualquier servidor que soporte el protocolo. Por su parte, el estándar también está enfocado hacia la privacidad. Aunque puede utilizarse para acceder a múltiples sitios, no se usa el mismo identificador para todos los sitios. Como resultado, muchas compañías han implementado OpenID Connect en todo el mundo, incluyendo Google, Microsoft, Deutsche Telekom, Salesforce, Ping Identity, así como otras empresas y organizaciones.
É notório que as soluções disponibilizadas pela Tecnologia da Informação (TI) trazem benefícios mensuráveis para áreas afins e também áreas meio. Desta forma, aceita-se que com esta evolução ...tecnológica os Sistemas de Gerenciamento de Banco de Dados Relacional (SGBDR) obtiveram um ganho significativo dos recursos referentes a segurança, persistência, processamento e armazenamento de dados. A junção de todos estes recursos possibilita aos Administradores de Banco de Dados (DBA) criar, organizar e manter as diversas bases de informações de diversas organizações da forma mais efetiva possível. A este propósito o Serviço de Diretório, nos Bancos de Dados Oracle, veio contribuir para as melhores práticas de Segurança da Informação, que integrado aos Serviços de Diretórios já existentes, tais como: Active Directory (Microsoft), eDirectory (Novell) e OpenLDAP, aumentam o leque da interoperabilidade de serviços. Assim, como resultado tem-se o provisionamento automático de identidades dos usuários nas principais funcionalidades, tais como a criação, atualização, desativação e remoção destas contas nos respectivos Bancos de Dados, de forma imediata, e com total transparência. Este trabalho tem como objetivo elaborar um estudo sobre o componente Oracle Internet Directory que provisiona login e senha únicos da rede corporativa sincronizados com o Serviço de Diretório do Banco de Dados Oracle. Quando este componente é registrado nos Bancos de Dados Oracle, otimiza o custo da troca constante das senhas dos respectivos Administradores de Banco de Dados. Assim, fundamenta-se as bases para que o Single Sign-On (Único Ponto de Entrada) nos Bancos de Dados Oracle possa ser implementado seguindo as melhores práticas de Gestão de Acesso e Segurança da Informação.
Federation is an identity management model in which various tasks associated with an identity transaction are distributed among the actors involved in the transaction. This model works from the ...premise that distributing tasks among the actors can achieve usability and privacy advantages for the user, as well as business efficiencies for businesses or applications. Typically, federated identity manifests itself as transferring some aspect of a user's identity from one entity to another. Web single sign-on is an archetypical example of a federated transaction, in which a user authenticates to one Web site and can then access another with the same login.
Mit „KliFO – Klinische Fertigkeiten Online“ wurde an den medizinischen Fakultäten der CAU Kiel und der LMU München ein gemeinsames Blended Learning-Konzept zum computergestützten Lernen und ...praktischen Trainieren von klinischen Untersuchungstechniken für Medizinstudenten entwickelt (http://www.cliso.de). Das didaktische Konzept beinhaltet die standardisierte und Lernziel-bezogene Vermittlung klinischer Untersuchungstechniken und sensomotorischer Fertigkeiten und die Verbindung von typischen Fallbeispielen mit biomedizinischem Hintergrundwissen. Beide beteiligten Fakultäten brachten hierbei ihre speziellen Kompetenzen und Erfahrungen in den Bereichen systematisches (Kiel: Lernplattform Nickels) bzw. fallbasiertes Lernen (München: Lernplattform CASUS® ) ein. Eine Single-Sign-On-Lösung wurde durch Einsatz eines SCORM/AICC-HACP-Protokolles verwirklicht und erlaubt den direkten und gezielten Zugriff auf freigegebene Inhalte beider Lernplattformen und den Austausch der Ergebnisse der Lernzielkontrollen.KliFO wurde in das vorklinische und klinische Curriculum integriert. Evaluationen in beiden Studienabschnitten bestätigen den Erfolg des Ansatzes in inhaltlich-didaktischer und technischer Hinsicht. Ein Transfer des Konzeptes auf andere Fakultäten wird angestrebt.
Anonymous credentials are a solid foundation for privacy-preserving Single Sign-On (SSO). They enable unlinkable authentication across domains and allow users to prove their identity without ...revealing more than necessary. Unfortunately, anonymous credentials schemes remain difficult to use and complex to deploy. They require installation and use of complex software at the user side, suffer from poor performance, and do not support security features that are now common, such as two-factor authentication, secret recovery, or support for multiple devices. In contrast, Open ID Connect (OIDC), the
standard for SSO is widely deployed and used despite its lack of concern for users’ privacy. We present EL PASSO, a privacy-preserving SSO system based on anonymous credentials that does not trade security for usability, and can be incrementally deployed at scale alongside Open ID Connect with no significant changes to end-user operations. EL PASSO client-side operations leverage a WebAssembly module that can be downloaded on the fly and cached by users’ browsers, requiring no prior software installation or specific hardware. We develop automated procedures for managing cryptographic material, supporting multi-device support, secret recovery, and privacy-preserving two-factor authentication using only the built-in features of common Web browsers. Our implementation using PS Signatures achieves 39x to 180x lower computational cost than previous anonymous credentials schemes, similar or lower sign-on latency than Open ID Connect and is amenable for use on mobile devices.
Smart Cities are complex distributed systems which may involve multiple stakeholders, applications, sensors, and IoT devices. In order to be able to link and use such heterogeneous data, spatial data ...infrastructures for Smart Cities can play an important role in establishing interoperability between systems and platforms. Based on the open and international standards of the Open Geospatial Consortium (OGC), the Smart District Data Infrastructure (SDDI) concept integrates different sensors, IoT devices, simulation tools, and 3D city models within a common operational framework. However, such distributed systems, if not secured, may cause a major threat by disclosing sensitive information to untrusted or unauthorized entities. Also, there are various users and applications who prefer to work with all the systems in convenient ways using Single-Sign-On. This paper presents a concept for securing distributed applications and services in such data infrastructures for Smart Cities. The concept facilitates privacy, security and controlled access to all stakeholders and the respective components by establishing proper authorization and authentication mechanisms. The approach facilitates Single-Sign-On (SSO) authentication by a novel combination in the use of the state-of-the-art security concepts such as OAuth2 access tokens, OpenID Connect user claims and Security Assertion Markup Language (SAML). An implementation of this concept for the district Queen Elizabeth Olympic Park in London is shown in this paper and is also provided as an online demonstration. Such access control and security federation based realization has not been considered in spatial data infrastructures for Smart Cities before.
We perform a comprehensive analysis and comparison of 14 web single sign-on (SSO) systems proposed and/or deployed over the past decade, including federated identity and credential/password ...management schemes. We identify common design properties and use them to develop a taxonomy for SSO schemes, highlighting the associated tradeoffs in benefits (positive attributes) offered. We develop a framework to evaluate the schemes, in which we identify 14 security, usability, deployability, and privacy benefits. We also discuss how differences in priorities between users, service providers, and identity providers impact the design and deployment of SSO schemes.
Abstract
SIAM (Student Academic Information System) is an academic services information system that has been implemented at the State Polytechnic of Creative Media (Polimedia). It’s been two months ...SIAM has been integrated using Single Sign On (SSO). After we implemented SIAM new version we received a lot of complaints every day. In this research, the authors conducted a usability test on the SIAM new version in order to determine the effectiveness and performance of the application. Usability test components include effectiveness, efficiency, and satisfaction. The average usability 70% indicates that the SIAM new version has a good usability performance.
The challenge of achieving passwordless user authentication is real given the prevalence of web applications that keep asking passwords. Complicating this issue further, in an enterprise environment, ...a single sign-on (SSO) service is often maintained but not all applications can be integrated with it. We envision a passwordless future which provides a frictionless and trustworthy online experience for users by integrating credential management and federated identity systems. In this regard, our implementation ROSTAM offers a dashboard that presents all applications the user can access with a single click after a passwordless SSO. The security of web passwords on the credential manager is ensured with a Master Key, rather than a Master Password, so that encrypted passwords can remain secure even if stolen from the server. We propose and implement novel techniques for synchronization (pairing) and recovery of this Master Key. We compare our solution to previous work using different evaluation frameworks, demonstrating that our hybrid solution combines the benefits of credential management and federated identity systems.
•Introduces passwordless SSO with secure credential management.•Enhances security and privacy with a client-side Master Key encryption scheme.•Features novel Master Key sync and recovery techniques.•Outperforms widely adopted solutions in usability, security and privacy.
Web users are increasingly presented with multiple login options, including password-based login and common web single sign-on (SSO) login options such as “Login with Google” and “Login with ...Facebook”. There has been little focus in previous studies on how users choose from a list of login options and how to better inform users about privacy issues in web SSO systems. In this paper, we conducted a 200-participant study to understand factors that influence participants' login decisions, and how they are affected by displaying permission differences across login options; permissions in SSO result in release of user personal information to third-party web sites through SSO identity providers. We compare and report on login decisions made by participants before and after viewing permission-related information, examine self-reported responses for reasons related to their login decisions, and report on the factors that motivated their choices. We find that usability preferences and inertia (habituation) were among the dominant factors influencing login decisions. After participants viewed permission-related information, many prioritised privacy over other factors, changing their login decisions to more privacy-friendly alternatives. Displaying permission-related information also influenced some participants to make tradeoffs between privacy and usability preferences.
PDF
