research-article

Towards a Context-Aware WebID Certificate Creation Taking Individual Conditions and Trust Needs into Account

Authors:

Martin GaedkeAuthors Info & Claims

IIWAS '13: Proceedings of International Conference on Information Integration and Web-based Applications & Services

Pages 532 - 541

https://doi.org/10.1145/2539150.2539185

Published: 02 December 2013 Publication History

Abstract

WebID is a new development of the W3C. As a universal identification mechanism, WebID enables users to authenticate through client certificates instead of username/password pairs. For creating such WebID certificates, there are different ways available. Each is characterized by several aspects that become important depending on a user's individual conditions and trust needs. Users must carefully consider these aspects on their own to find the most appropriate way for them. There is a risk that inexperienced users make wrong considerations, which affect their security and privacy. In this work, we propose an approach towards a context-aware WebID certificate creation taking individual conditions and trust needs into account. As a proof of concept, we apply the SWAC framework that facilitates JavaScript-based generation of WebID certificates on both client and server. We evaluate our approach and available methods including HTML5 keygen and native implementations using different devices and Web browsers.

References

[1]

Forge - Documentation - RSA. https://github.com/digitalbazaar/forge/blob/0.1.15/README.md#rsa. {Online; accessed August 10, 2013}.

[2]

Node.js v0.10.15 Manual & Documentation - Cluster. http://nodejs.org/api/all.html#all_cluster. {Online; accessed August 10, 2013}.

[3]

Google Chrome for iOS. https://developers.google.com/chrome/mobile/docs/iosoverview, 2012. {Online; accessed August 10, 2013}.

[4]

Persona - Protocol Overview. https://developer.mozilla.org/en-US/docs/Mozilla/Persona/Protocol_Overview, 2013. {Online; accessed August 11, 2013}.

[5]

D. Akhawe, F. Li, W. He, P. Saxena, and D. Song. Data-Confined HTML5 Applications. Technical report, Electrical Engineering and Computer Sciences, University of California at Berkeley, 2013.

[6]

M. Ast, S. Wild, and M. Gaedke. The SWAC Approach for Sharing a Web Application's Codebase Between Server and Client. In F. Daniel, P. Dolog, and Q. Li, editors, Web Engineering, volume 7977 of Lecture Notes in Computer Science, pages 84--98. Springer, 2013.

Digital Library

[7]

E. Barker, W. Barker, W. Burr, W. Polk, and M. Smid. NIST Special Publication 800-57: Recommendation for Key Management - Part 1: General (Revision 3). Technical report, National Institute of Standards and Technology, 2012.

Digital Library

[8]

R. Berjon, S. Faulkner, T. Leithead, E. Doyle Navara, E. O'Connor, and S. Pfeiffer. HTML 5.1. http://www.w3.org/TR/html51/, 2013. {Online; accessed August 10, 2013}.

[9]

D. Cooper. Internet X. 509 Public Key Infrastructure Certificate And Certificate Revocation List (CRL) Profile. http://www.ietf.org/rfc/rfc5280.txt, 2008. {Online; accessed August 10, 2013}.

[10]

R. Dhamija and L. Dusseault. The Seven Flaws of Identity Management: Usability and security Challenges. Security & Privacy, IEEE, 6(2):24--29, 2008.

Digital Library

[11]

T. Dierks. The Transport Layer Security (TLS) Protocol Version 1.2. http://www.ietf.org/rfc/rfc5246.txt, 2008. {Online; accessed August 10, 2013}.

[12]

T. El Maliki and J.-M. Seigneur. A Survey Of User-centric Identity Management Technologies. In International Conference on Emerging Security Information, Systems, and Technologies. Secure Ware 2007, pages 12--17. IEEE, 2007.

Digital Library

[13]

B. Fitzpatrick, D. Recordon, D. Hardt, and J. Hoyt. OpenID Authentication 2.0 - Final. http://openid.net/specs/openid-authentication-2_0.html, 2007. {Online; accessed August 10, 2013}.

[14]

D. Florencio and C. Herley. A Large-scale Study of Web Password Habits. In Proceedings of the 16th international conference on World Wide Web, pages 657--666. ACM Press, 2007.

Digital Library

[15]

B. Gellman and L. Poitras. U.S., British Intelligence Mining Data from Nine U.S. Internet Companies in Broad Secret Program. The Washington Post, June 6, 2013.

[16]

A. Granville. Harald Cramér and the Distribution Of Prime Numbers. Scandinavian Actuarial Journal, 1:12--28, 1995.

[17]

M. Hackett and K. Hawkey. Security, Privacy and Usability Requirements for Federated Identity. In Workshop on Web 2.0 Security & Privacy, 2012.

[18]

I. Hickson. Web Workers. http://www.w3.org/TR/workers/, 2012. {Online; accessed August 10, 2013}.

[19]

T. Hughes-Croucher and M. Wilson. Node: Up and Running. O'Reilly, 2012.

[20]

A. Jøsang, M. A. Zomai, and S. Suriadi. Usability and Privacy in Identity Management Architectures. In Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68, pages 143--152. Australian Computer Society, Inc., 2007.

Digital Library

[21]

E. Maler and D. Reed. The Venn of Identity: Options and Issues in Federated Identity Management. Security & Privacy, IEEE, 6(2):16--23, 2008.

Digital Library

[22]

T. Parker, S. Jehl, M. C. Wachs, and P. Toland. Designing with Progressive Enhancement: Building the Web that Works for Everyone. New Riders Publishing, 2010.

Digital Library

[23]

J. T. Sott. Overall Kraken Performance. http://whyeye.org/blog/browsers/overall-kraken-performance-2012/, 2012. {Online; accessed August 15, 2013}.

[24]

M. Sporny, T. Inkster, H. Story, B. Harbulot, and R. Bachmann-Gmür. WebID 1.0: Web Identification and Discovery. http://www.w3.org/2005/Incubator/webid/spec/, 2011. {Online; accessed August 10, 2013}.

[25]

S. Turner. The application/pkcs10 Media Type. http://tools.ietf.org/html/rfc5967, 2010. {Online; accessed August 12, 2013}.

[26]

S. Wild, O. Chudnovskyy, S. Heil, and M. Gaedke. Customized Views on Profiles in WebID-Based Distributed Social Networks. In F. Daniel, P. Dolog, and Q. Li, editors, Web Engineering, volume 7977 of Lecture Notes in Computer Science, pages 498--501. Springer, 2013.

Digital Library

[27]

C.-m. A. Yeung, I. Liccardi, K. Lu, O. Seneviratne, and T. Berners-lee. Decentralization: The Future of Online Social Networking. In W3C Workshop on the Future of Social Networking Position Papers, volume 2, pages 2--7, 2009.

Cited By

Wild SWiedemann FHeil STschudnowsky AGaedke M(2015)ProProtect3: An Approach for Protecting User Profile Data from Disclosure, Tampering, and Improper Use in the Context of WebIDTransactions on Large-Scale Data- and Knowledge-Centered Systems XIX10.1007/978-3-662-46562-2_4(87-127)Online publication date: 24-Feb-2015
https://doi.org/10.1007/978-3-662-46562-2_4

Index Terms

Recommendations

RFC 8705: OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed Systems

Role-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Customized views on profiles in WebID-Based distributed social networks
ICWE'13: Proceedings of the 13th international conference on Web Engineering

WebID as an extensible and distributed identification approach enables users to globally authenticate themselves, connect to each other and manage their identity data at a self-defined place. Identity data stored in WebID profile documents can be ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

IIWAS '13: Proceedings of International Conference on Information Integration and Web-based Applications & Services

December 2013

753 pages

ISBN:9781450321136

DOI:10.1145/2539150

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

@WAS: International Organization of Information Integration and Web-based Applications and Services

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 December 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

IIWAS '13

IIWAS '13: The 15th International Conference on Information Integration and Web-based Applications & Services

December 2 - 4, 2013

Vienna, Austria

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
84
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wild SWiedemann FHeil STschudnowsky AGaedke M(2015)ProProtect3: An Approach for Protecting User Profile Data from Disclosure, Tampering, and Improper Use in the Context of WebIDTransactions on Large-Scale Data- and Knowledge-Centered Systems XIX10.1007/978-3-662-46562-2_4(87-127)Online publication date: 24-Feb-2015
https://doi.org/10.1007/978-3-662-46562-2_4

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten