Visible to the public A Flexible and Compatible Model for Supporting Assurance Level through a Central Proxy

TitleA Flexible and Compatible Model for Supporting Assurance Level through a Central Proxy
Publication TypeConference Paper
Year of Publication2019
AuthorsDabbaghi Varnosfaderani, Shirin, Kasprzak, Piotr, Pohl, Christof, Yahyapour, Ramin
Conference Name2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom)
PublisherIEEE
ISBN Number978-1-7281-1661-7
Keywordsaccess control decisions, assurance information, assurance level, authentication, authentication and authorization infrastructure, authorisation, Authorization, central proxy, Collaboration, composability, federated identity management, FIM, Human Behavior, information assurance, Level of Assurance, LoA, message authentication, Metrics, NIST, policy-based governance, pubcrawl, remote identity providers, resilience, Resiliency, Scalability, service security, Trusted Computing, user credentials
Abstract

Generally, methods of authentication and identification utilized in asserting users' credentials directly affect security of offered services. In a federated environment, service owners must trust external credentials and make access control decisions based on Assurance Information received from remote Identity Providers (IdPs). Communities (e.g. NIST, IETF and etc.) have tried to provide a coherent and justifiable architecture in order to evaluate Assurance Information and define Assurance Levels (AL). Expensive deployment, limited service owners' authority to define their own requirements and lack of compatibility between heterogeneous existing standards can be considered as some of the unsolved concerns that hinder developers to openly accept published works. By assessing the advantages and disadvantages of well-known models, a comprehensive, flexible and compatible solution is proposed to value and deploy assurance levels through a central entity called Proxy.

URLhttps://ieeexplore.ieee.org/document/8854044
DOI10.1109/CSCloud/EdgeCom.2019.00018
Citation Keydabbaghi_varnosfaderani_flexible_2019