skip to main content
10.1145/1179529.1179535acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

Avoidance of performance bottlenecks caused by HTTP redirect in identity management protocols

Published: 03 November 2006 Publication History

Abstract

HTTP redirect is a convenient scheme to move a Web browser from one web site to another, and is widely used in identity management protocols, including newly emerging User-Centric Identity Management technologies. HTTP redirect, however, can cause a performance bottleneck in the identity management process. Although this problem is already explored partially in OASIS SAML and the Liberty Alliance Project, this paper discusses how the approach used in them can be enhanced from the viewpoint of user centrism. We developed a new model to replace HTTP redirect with server-to-server communication. Performance evaluation of our prototype implementation shows significant improvement of turnaround time for authentication by avoiding HTTP redirect over a 64kbps wireless communication channel.

References

[1]
Arneson, D. Overall Protocol Diagram, OpenID Enabled. Retrieved August 18, 2006, from OpenID Enabled, JanRain, Inc., Portland, OR, 2006. http://www.openidenabled.com/openid/openid.png/view.
[2]
Cantor, S., Kemp, J., and Champagne, D. Liberty ID-FF Bindings and Profiles Specification Version 1.2-errata-v1.0. Liberty Alliance Project, 2004.
[3]
Cantor, S. and Kemp, J. Liberty ID-FF Protocols and Schema Specification Version 1.2-errata-v3.0. Liberty Alliance Project, 2005.
[4]
Cantor, S., Kemp, J., et al. Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. Organization for the Advancement of Structured Information Standards, Billerica, MA, 2005.
[5]
Cantor, S., Kemp, J., et al. Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0. Organization for the Advancement of Structured Information Standards, Billerica, MA, 2005.
[6]
Chappel, D. Introducing Windows CardSpace. Microsoft Corporation, Redmond, WA, 2006.
[7]
Fitzpatrick. B., and Recordon, D. OpenID: an actually distributed identity system. Retrieved August 18, 2006, from OpenID. http://www.openid.net.
[8]
Higgins Trust Framework Project. Introduction to Higgins. Retrieved August 18, 2006, from The Eclipse Foundation. http://spwiki.editme.com/HigginsIntroduction.
[9]
Hirsch, F., Philport, R., and Maler, E. Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0. Organization for the Advancement of Structured Information Standards, Billerica, MA, 2005.
[10]
Hughes, J., Cantor, S., et al. Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0. Organization for the Advancement of Structured Information Standards, Billerica, MA, 2005.
[11]
Lamping, U., Sharpe, R., and Warnicke, E. Ethereal User's Guide. Retrieved August 18, 2006, from Ethereal Inc. http://www.ethereal.com/docs/eug_html_chunked/.
[12]
Ministry of Internal Affairs and Communication of Japan, INFORMATION on subscribers of Cellular telephone, Pager and PHS (Personal Handy-phone System) in Japan. Retrieved August 29, 2006, from Ministry of Internal Affairs and Communication of Japan. http://www.soumu.go.jp/joho_tsusin/eng/Releases/Telecommunications/news060217_1.html.
[13]
Ministry of Internal Affairs and Communication of Japan, Main Data on Information and Communications in Japan. Retrieved August 29, 2006, from Ministry of Internal Affairs and Communication of Japan. http://www.soumu.go.jp/joho_tsusin/eng/main_data.html.
[14]
PHS MoU Group, PHS Subs in China, Japan, Taiwan, Tailand. Retrieved August 29, 2006, from PHS MoU Group, Chiyoda-ku, Tokyo. http://www.phsmou.or.jp/world/sub_statistics.aspx.
[15]
Sxip Identity Corporation. SXIP 2.0 Overview. Sxip Identity Corporation, Vancouver, BC, 2006.
[16]
Wason, T. Liberty ID-FF Architecture Overview Version 1.2-errata-v1.0. Liberty Alliance Project, 2005.

Cited By

View all

Index Terms

  1. Avoidance of performance bottlenecks caused by HTTP redirect in identity management protocols

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    DIM '06: Proceedings of the second ACM workshop on Digital identity management
    November 2006
    88 pages
    ISBN:1595935479
    DOI:10.1145/1179529
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 03 November 2006

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. identity management
    2. protocol

    Qualifiers

    • Article

    Conference

    CCS06
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 16 of 34 submissions, 47%

    Upcoming Conference

    CCS '25

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)4
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 19 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2017)Identity Management SystemsIdentity Theft10.4018/978-1-5225-0808-3.ch007(129-155)Online publication date: 2017
    • (2015)Identity Management SystemsHandbook of Research on Emerging Developments in Data Privacy10.4018/978-1-4666-7381-6.ch008(144-169)Online publication date: 2015
    • (2013)Logout in Single Sign-on SystemsPolicies and Research in Identity Management10.1007/978-3-642-37282-7_14(147-160)Online publication date: 2013
    • (2011)Security Management Services Based on Authentication Roaming between Different Certificate AuthoritiesEnterprise Information Systems Design, Implementation and Management10.4018/978-1-61692-020-3.ch005(72-84)Online publication date: 2011
    • (2010)Technical Perspective for the E-Health Care Management of Adaptive Collaboration Based on Authentication Roaming Between Different Certificate AuthoritiesHandbook of Research on Developments in E-Health and Telemedicine10.4018/978-1-61520-670-4.ch007(156-169)Online publication date: 2010
    • (2009)Approaches for optimizing the performance of a mobile SAML-based emergency response system2009 13th Enterprise Distributed Object Computing Conference Workshops10.1109/EDOCW.2009.5332000(148-156)Online publication date: Sep-2009
    • (2009)Secure and Reliable Communication Infrastructure for a Distributed IT-FederationMobile Response10.1007/978-3-642-00440-7_14(138-147)Online publication date: 20-Feb-2009

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media