Secure Bindings of SAML Assertions to TLS Sessions

In recent research work, two approaches to protect SAML based Federated Identity Management (FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to str...

Full description

Saved in:
Bibliographic Details
Main Authors: Kohlar, F., Schwenk, J., Jensen, M., Gajek, S.
Format: Conference Proceeding
Language:English
Subjects:
Access protocols
Authentication
Computer security
Cryptographic protocols
Data security
Domain Name System
Federated Identity Management
Identity management systems
Internet
Kerberos
Public key
SAML
Single-Sign-On
SSL
TLS
Web server
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In recent research work, two approaches to protect SAML based Federated Identity Management (FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to strengthen the Same Origin Policy of the browser by taking into account the security guarantees TLS gives. In this paper, we present a third approach which is of further interest beyond IDM protocols: we bind the SAML assertion to the TLS session that has been agreed upon between client and the service provider and thus provide anonymity of the browser.
DOI:10.1109/ARES.2010.89