Formalising identity management protocols
Formalising identity management protocols
In this paper we present the formalisation of three well-known Identity Management protocols - SAML, OpenID and OAuth. The formalisation consists of two steps: formal specification using HLPSL (High-Level Protocol Specification Language) and formal verification using a state-of-the-art verification tool for security protocols called AVISPA (Automated Validation of Internet Security Protocols and Applications). The existing formalisation initiatives using AVISPA are based on SAML and OpenID, leaving OAuth entirely, even though OAuth is one of the most widely-used Internet protocols. Furthermore, the motivation of the existing initiatives was to identify any weakness. In this paper, we have taken an opposite approach as we are keen to present how to model these protocols correctly. Moreover, our formalisation is based on a model of identity and also captures the authentication mechanism; both of these are missing in the
existing works.
Identity Managment, Formalisation, SAML, OpenID, OAuth, AVISPA
Ferdous, Md Sadek
1a77c989-cc58-4d52-920a-da9c24f20e7d
Poet, Ron
3c7e3ce8-0023-4530-ab8a-b151852e8b1f
24 April 2017
Ferdous, Md Sadek
1a77c989-cc58-4d52-920a-da9c24f20e7d
Poet, Ron
3c7e3ce8-0023-4530-ab8a-b151852e8b1f
Ferdous, Md Sadek and Poet, Ron
(2017)
Formalising identity management protocols.
International Conference on Privacy, Security and Trust, , Auckland, New Zealand.
12 - 14 Dec 2016.
10 pp
.
(doi:10.1109/PST.2016.7906948).
Record type:
Conference or Workshop Item
(Paper)
Abstract
In this paper we present the formalisation of three well-known Identity Management protocols - SAML, OpenID and OAuth. The formalisation consists of two steps: formal specification using HLPSL (High-Level Protocol Specification Language) and formal verification using a state-of-the-art verification tool for security protocols called AVISPA (Automated Validation of Internet Security Protocols and Applications). The existing formalisation initiatives using AVISPA are based on SAML and OpenID, leaving OAuth entirely, even though OAuth is one of the most widely-used Internet protocols. Furthermore, the motivation of the existing initiatives was to identify any weakness. In this paper, we have taken an opposite approach as we are keen to present how to model these protocols correctly. Moreover, our formalisation is based on a model of identity and also captures the authentication mechanism; both of these are missing in the
existing works.
Text
FormalisingIdentityProtocols_CameraReady
- Accepted Manuscript
More information
Accepted/In Press date: 14 October 2016
e-pub ahead of print date: 24 April 2017
Published date: 24 April 2017
Venue - Dates:
International Conference on Privacy, Security and Trust, , Auckland, New Zealand, 2016-12-12 - 2016-12-14
Keywords:
Identity Managment, Formalisation, SAML, OpenID, OAuth, AVISPA
Organisations:
Agents, Interactions & Complexity
Identifiers
Local EPrints ID: 406426
URI: http://eprints.soton.ac.uk/id/eprint/406426
PURE UUID: e2c78438-5d51-4f9b-941a-4571817f7382
Catalogue record
Date deposited: 10 Mar 2017 10:47
Last modified: 06 Jun 2024 04:09
Export record
Altmetrics
Contributors
Author:
Md Sadek Ferdous
Author:
Ron Poet
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics