skip to main content
10.1145/1103022.1103034acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

Proving a WS-federation passive requestor profile with a browser model

Published: 11 November 2005 Publication History

Abstract

Web-based services are an important business area. For usability and cost-effectiveness these services require users to rely only on standard browsers. A representative class of such applications, currently in the focus of many industrial players, is Federated Identity Managent (FIM). In this context we are facing challenging probls: on the one hand, the security of the existing FIM protocols (including Microsoft Passport, OASIS SAML, and Liberty) is not yet based on rigorous proofs and has been challenged by several analyses. On the other hand, the existing formal security models and proof methods cannot be applied to browser-based protocols in a straightforward manner since they only consider protocol-aware principals: they assume that the involved principals behave according to the specification of the security protocol unless they are corrupted. Web browsers, in contrast, have predefined features and are unaware of the protocol they are involved in.Based on a generic framework for security proofs of browser-based protocols, we model an important FIM protocol, the WS-Federation Passive Requestor Interop profile. We rigorously prove that the protocol provides authenticity and secure channel establishment in a realistic trust scenario. This constitutes the first rigorous security proof for a browser-based identity federation protocol.

References

[1]
M. Backes, B. Pfitzmann, and M. Waidner. Reactively secure signature sches. International Journal of Information Security, 2005. To appear. Preliminary version ISC 2003, LNCS, pp. 84--95.
[2]
M. Bellare and P. Rogaway. Entity authentication and key distribution. In Advances in Cryptology: CRYPTO '93, volume 773 of Lecture Notes in Computer Science, pages 232--249. Springer, 1994.
[3]
K. Bhargavan, C. Fournet, and A. D. Gordon. A santics for web services authentication. In 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 198--209. ACM Press, 2004.
[4]
R. Canetti and H. Krawczyk. Universally composable notions of key exchange and secure channels. In Advances in Cryptology: EUROCRYPT 2002, volume 2332 of Lecture Notes in Computer Science, pages 337--351. Springer, 2002.
[5]
D. Dolev and A. C. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2):198--208, 1983.
[6]
R. T. Fielding, J. Gettys, J. C. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee. RFC 2616: Hypertext transfer protocol -- HTTP/1.1, June 1999.
[7]
K. Fu, E. Sit, K. Smith, and N. Feamster. Dos and don'ts of client authentication on the web. In Proceedings of the 10th USENIX Security Symposium Washington, D.C., Aug. 2001. USENIX.
[8]
S. Goldwasser, S. Micali, and R. L. Rivest. A digital signature sche secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281--308, 1988.
[9]
A. D. Gordon and R. Pucella. Validating a web service security abstraction by typing. In Proc. 2002 ACM Workshop on XML Security, pages 18--29, Fairfax VA, USA, Nov. 2002.
[10]
T. Gross. Security analysis of the SAML Single Sign-on Browser/Artifact profile. In Proc. 19th Annual Computer Security Applications Conference. IEEE, Dec. 2003.
[11]
T. Gross and B. Pfitzmann. Proving a WS-Federation Passive Requestor profile. In 2004 ACM Workshop on Secure Web Services (SWS), Washington, DC, USA, Oct. 2004. ACM Press. To appear.
[12]
T. Gross, B. Pfitzmann, and A.-R. Sadeghi. Browser model for security analysis of browser-based protocols. In ESORICS: 10th European Symposium on Research in Computer Security, volume 3679 of Lecture Notes in Computer Science, pages 489--508. Springer-Verlag, Berlin Germany, 2005.
[13]
T. Gross, B. Pfitzmann, and A.-R. Sadeghi. Proving a WS-Federation Passive Requestor profile with a browser model. Technical Report IBM Research Report RZ 3623, IBM Research Division, July 2005.
[14]
M. Hur, R. D. Johnson, A. Medvinsky, Y. Rouskov, J. Spellman, S. Weeden, and A. Nadalin. Passive Requestor Federation Interop Scenario, Version 0.4, Feb. 2004. newblock ftp://www6.software.ibm.com/software/developer/library/ws-fpscenario2.doc.
[15]
C. Kaler and A. Nadalin. Web Services Federation Language (WS-Federation), Version 1.0, July 2003. BEA, IBM, Microsoft, RSA Security and VeriSign http://www-106.ibm.com/developerworks/webservices/library/ws-fed/.
[16]
C. Kaler and A. Nadalin. WS-Federation: Passive Requestor Profile, Version 1.0, July 2003. BEA and IBM and Microsoft and RSA Security and VeriSign, http://www-106.ibm.com/developerworks/library/ws-fedpass/.
[17]
D. P. Kormann and A. D. Rubin. Risks of the Passport single signon protocol. Computer Networks, 33(1--6):51--58, June 2000.
[18]
Liberty Alliance Project. Liberty Phase 2 final specifications, Nov. 2003. http://www.projectliberty.org/.
[19]
G. Lowe. An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters, 56(3):131--135, 1995.
[20]
N. Lynch. I/O automaton models and proofs for shared-key communication systs. In Proc. 12th IEEE Computer Security Foundations Workshop (CSFW), pages 14--29, 1999.
[21]
Microsoft Corporation.NET Passport documentation, in particular Technical Overview, and SDK 2.1 Documentation, Sept. 2001.
[22]
R. M. Needham and M. D. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993--999, Dec. 1978.
[23]
OASIS Standard. Security assertion markup language (SAML) V1.1, Nov. 2002. http://www.oasis-open.org/committees/security/.
[24]
Object Managent Group. Unified modeling language (UML), Mar. 2003. http://www.omg.org/technology/documents/formal/uml.htm.
[25]
B. Pfitzmann and M. Waidner. A model for asynchronous reactive systs and its application to secure message transmission. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 184--200, Oakland, CA, May 2001. IEEE Computer Society Press.
[26]
B. Pfitzmann and M. Waidner. Privacy in browser-based attribute exchange. In ACM Workshop on Privacy in the Electronic Society (WPES), pages 52--62, Washington, USA, Nov. 2002.
[27]
B. Pfitzmann and M. Waidner. Analysis of Liberty single-signon with enabled clients. IEEE Internet Computing, 7(6):38--44, 2003.
[28]
B. Pfitzmann and M. Waidner. Federated identity-managent protocols. In Security Protocols---11th International Workshop, 2003, volume 3364 of Lecture Notes in Computer Science, pages 153--174. Springer, 2005.
[29]
V. Shoup. On formal models for secure key exchange. Research Report RZ 3120 (#93166), IBM Research, Apr. 1999.

Cited By

View all
  • (2012)An architecture for Web application session switching in virtual organizationsSeventh International Conference on Digital Information Management (ICDIM 2012)10.1109/ICDIM.2012.6360137(232-238)Online publication date: Aug-2012
  • (2009)User-aware provably secure protocols for browser-based mutual authenticationInternational Journal of Applied Cryptography10.1504/IJACT.2009.0280281:4(290-308)Online publication date: 1-Aug-2009
  • (2008)Complex federation architecturesProceedings of the 5th international conference on Soft computing as transdisciplinary science and technology10.1145/1456223.1456258(152-157)Online publication date: 28-Oct-2008
  • Show More Cited By

Recommendations

Reviews

Neil D Burgess

The Web services federation passive requestor profile (WSFPRP) discussed in this paper is a protocol for identity federation, a new technology aimed at linking a user's otherwise distinct identities at several locations. The paper represents an incremental addition to the body of knowledge in this field. The authors present a formal proof of WSFPRP integrity, in contrast to most security analyses of browser-based protocols, which focus on identifying vulnerabilities. The paper's intellectual title and its rather dry, academic tone tend to mask the importance of its topic. Security in Web-based business services enables growth in the reach and reliability of the services, and is the key factor in consumer and business trust in the infrastructure. The existing body of knowledge on which this paper is based is detailed clearly. Almost one-third of the references are similar papers by one or more of the authors. Further papers are foreshadowed in the conclusion. To derive the full benefit from this paper, the reader should collect a significant number of the referenced materials, and follow the developments of the research to the current state of knowledge, and into the future. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SWS '05: Proceedings of the 2005 workshop on Secure web services
November 2005
98 pages
ISBN:1595932348
DOI:10.1145/1103022
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 November 2005

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. WS-federation passive requestor profile
  2. WSFPI
  3. identity federation
  4. security proof of protocols
  5. single signon
  6. web browser
  7. web service security

Qualifiers

  • Article

Conference

CCS05
Sponsor:

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)1
  • Downloads (Last 6 weeks)0
Reflects downloads up to 09 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2012)An architecture for Web application session switching in virtual organizationsSeventh International Conference on Digital Information Management (ICDIM 2012)10.1109/ICDIM.2012.6360137(232-238)Online publication date: Aug-2012
  • (2009)User-aware provably secure protocols for browser-based mutual authenticationInternational Journal of Applied Cryptography10.1504/IJACT.2009.0280281:4(290-308)Online publication date: 1-Aug-2009
  • (2008)Complex federation architecturesProceedings of the 5th international conference on Soft computing as transdisciplinary science and technology10.1145/1456223.1456258(152-157)Online publication date: 28-Oct-2008
  • (2008)Provably secure browser-based user-aware mutual authentication over TLSProceedings of the 2008 ACM symposium on Information, computer and communications security10.1145/1368310.1368354(300-311)Online publication date: 18-Mar-2008
  • (2008)Enforcing User-Aware Browser-Based Mutual Authentication with Strong Locked Same Origin PolicyProceedings of the 13th Australasian conference on Information Security and Privacy10.1007/978-3-540-70500-0_2(6-20)Online publication date: 7-Jul-2008
  • (2007)Federated Identity ManagementSecurity, Privacy, and Trust in Modern Data Management10.1007/978-3-540-69861-6_15(213-238)Online publication date: 2007
  • (2006)Symbolic and cryptographic analysis of the secure WS-ReliableMessaging scenarioProceedings of the 9th European joint conference on Foundations of Software Science and Computation Structures10.1007/11690634_29(428-445)Online publication date: 25-Mar-2006
  • (2005)Tailoring the Dolev-Yao abstraction to web services realitiesProceedings of the 2005 workshop on Secure web services10.1145/1103022.1103035(65-74)Online publication date: 11-Nov-2005
  • (2005)Federated identity management for protecting users from ID theftProceedings of the 2005 workshop on Digital identity management10.1145/1102486.1102500(77-83)Online publication date: 11-Nov-2005

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media