Secure Bindings of SAML Assertions to TLS Sessions

In recent research work, two approaches to protect SAML based Federated Identity Management (FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to str...

Full description

Saved in:
Bibliographic Details
Main Authors: Kohlar, F., Schwenk, J., Jensen, M., Gajek, S.
Format: Conference Proceeding
Language:English
Subjects:
Access protocols
Authentication
Computer security
Cryptographic protocols
Data security
Domain Name System
Federated Identity Management
Identity management systems
Internet
Kerberos
Public key
SAML
Single-Sign-On
SSL
TLS
Web server
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 69
container_issue
container_start_page 62
container_title
container_volume
creator Kohlar, F.
Schwenk, J.
Jensen, M.
Gajek, S.
description In recent research work, two approaches to protect SAML based Federated Identity Management (FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to strengthen the Same Origin Policy of the browser by taking into account the security guarantees TLS gives. In this paper, we present a third approach which is of further interest beyond IDM protocols: we bind the SAML assertion to the TLS session that has been agreed upon between client and the service provider and thus provide anonymity of the browser.
doi_str_mv 10.1109/ARES.2010.89
format conference_proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_5438111</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>5438111</ieee_id><sourcerecordid>5438111</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-7d5d93ce13a107fee639056d1619f822518e6eeee3d4063c7b10b2b81a3de06e3</originalsourceid><addsrcrecordid>eNotjE1LxDAURSMiqGN37tzkD3TMy8vnsg7jKFQGJiO4G9rmVQLaSlMX_nsLejeXA-dexm5BrAGEv68O27CWYkHnz1jhrRPWeI3eaHnOrkFJpbSz_u2SFTmnVoB2KKWHKyYDdd8T8Yc0xDS8Zz72PFQvNa9ypmlO45D5PPJjHXigZbvwDbvom49MxX-v2Ovj9rh5Kuv97nlT1WUCq-fSRh09dgTYgLA9kUEvtIlgwPdOSg2ODC3BqITBzrYgWtk6aDCSMIQrdvf3mxbp9DWlz2b6OWmFDgDwF68gQ2Q</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Secure Bindings of SAML Assertions to TLS Sessions</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Kohlar, F. ; Schwenk, J. ; Jensen, M. ; Gajek, S.</creator><creatorcontrib>Kohlar, F. ; Schwenk, J. ; Jensen, M. ; Gajek, S.</creatorcontrib><description>In recent research work, two approaches to protect SAML based Federated Identity Management (FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to strengthen the Same Origin Policy of the browser by taking into account the security guarantees TLS gives. In this paper, we present a third approach which is of further interest beyond IDM protocols: we bind the SAML assertion to the TLS session that has been agreed upon between client and the service provider and thus provide anonymity of the browser.</description><identifier>ISBN: 142445879X</identifier><identifier>ISBN: 9781424458790</identifier><identifier>EISBN: 9780769539652</identifier><identifier>EISBN: 1424458803</identifier><identifier>EISBN: 9781424458806</identifier><identifier>EISBN: 0769539653</identifier><identifier>DOI: 10.1109/ARES.2010.89</identifier><language>eng</language><publisher>IEEE</publisher><subject>Access protocols ; Authentication ; Computer security ; Cryptographic protocols ; Data security ; Domain Name System ; Federated Identity Management ; Identity management systems ; Internet ; Kerberos ; Public key ; SAML ; Single-Sign-On ; SSL ; TLS ; Web server</subject><ispartof>2010 International Conference on Availability, Reliability and Security, 2010, p.62-69</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/5438111$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,777,781,786,787,2052,27906,54901</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/5438111$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Kohlar, F.</creatorcontrib><creatorcontrib>Schwenk, J.</creatorcontrib><creatorcontrib>Jensen, M.</creatorcontrib><creatorcontrib>Gajek, S.</creatorcontrib><title>Secure Bindings of SAML Assertions to TLS Sessions</title><title>2010 International Conference on Availability, Reliability and Security</title><addtitle>ARES</addtitle><description>In recent research work, two approaches to protect SAML based Federated Identity Management (FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to strengthen the Same Origin Policy of the browser by taking into account the security guarantees TLS gives. In this paper, we present a third approach which is of further interest beyond IDM protocols: we bind the SAML assertion to the TLS session that has been agreed upon between client and the service provider and thus provide anonymity of the browser.</description><subject>Access protocols</subject><subject>Authentication</subject><subject>Computer security</subject><subject>Cryptographic protocols</subject><subject>Data security</subject><subject>Domain Name System</subject><subject>Federated Identity Management</subject><subject>Identity management systems</subject><subject>Internet</subject><subject>Kerberos</subject><subject>Public key</subject><subject>SAML</subject><subject>Single-Sign-On</subject><subject>SSL</subject><subject>TLS</subject><subject>Web server</subject><isbn>142445879X</isbn><isbn>9781424458790</isbn><isbn>9780769539652</isbn><isbn>1424458803</isbn><isbn>9781424458806</isbn><isbn>0769539653</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2010</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotjE1LxDAURSMiqGN37tzkD3TMy8vnsg7jKFQGJiO4G9rmVQLaSlMX_nsLejeXA-dexm5BrAGEv68O27CWYkHnz1jhrRPWeI3eaHnOrkFJpbSz_u2SFTmnVoB2KKWHKyYDdd8T8Yc0xDS8Zz72PFQvNa9ypmlO45D5PPJjHXigZbvwDbvom49MxX-v2Ovj9rh5Kuv97nlT1WUCq-fSRh09dgTYgLA9kUEvtIlgwPdOSg2ODC3BqITBzrYgWtk6aDCSMIQrdvf3mxbp9DWlz2b6OWmFDgDwF68gQ2Q</recordid><startdate>201002</startdate><enddate>201002</enddate><creator>Kohlar, F.</creator><creator>Schwenk, J.</creator><creator>Jensen, M.</creator><creator>Gajek, S.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201002</creationdate><title>Secure Bindings of SAML Assertions to TLS Sessions</title><author>Kohlar, F. ; Schwenk, J. ; Jensen, M. ; Gajek, S.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-7d5d93ce13a107fee639056d1619f822518e6eeee3d4063c7b10b2b81a3de06e3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2010</creationdate><topic>Access protocols</topic><topic>Authentication</topic><topic>Computer security</topic><topic>Cryptographic protocols</topic><topic>Data security</topic><topic>Domain Name System</topic><topic>Federated Identity Management</topic><topic>Identity management systems</topic><topic>Internet</topic><topic>Kerberos</topic><topic>Public key</topic><topic>SAML</topic><topic>Single-Sign-On</topic><topic>SSL</topic><topic>TLS</topic><topic>Web server</topic><toplevel>online_resources</toplevel><creatorcontrib>Kohlar, F.</creatorcontrib><creatorcontrib>Schwenk, J.</creatorcontrib><creatorcontrib>Jensen, M.</creatorcontrib><creatorcontrib>Gajek, S.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Kohlar, F.</au><au>Schwenk, J.</au><au>Jensen, M.</au><au>Gajek, S.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Secure Bindings of SAML Assertions to TLS Sessions</atitle><btitle>2010 International Conference on Availability, Reliability and Security</btitle><stitle>ARES</stitle><date>2010-02</date><risdate>2010</risdate><spage>62</spage><epage>69</epage><pages>62-69</pages><isbn>142445879X</isbn><isbn>9781424458790</isbn><eisbn>9780769539652</eisbn><eisbn>1424458803</eisbn><eisbn>9781424458806</eisbn><eisbn>0769539653</eisbn><abstract>In recent research work, two approaches to protect SAML based Federated Identity Management (FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to strengthen the Same Origin Policy of the browser by taking into account the security guarantees TLS gives. In this paper, we present a third approach which is of further interest beyond IDM protocols: we bind the SAML assertion to the TLS session that has been agreed upon between client and the service provider and thus provide anonymity of the browser.</abstract><pub>IEEE</pub><doi>10.1109/ARES.2010.89</doi><tpages>8</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 142445879X
ispartof 2010 International Conference on Availability, Reliability and Security, 2010, p.62-69
issn
language eng
recordid cdi_ieee_primary_5438111
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Access protocols
Authentication
Computer security
Cryptographic protocols
Data security
Domain Name System
Federated Identity Management
Identity management systems
Internet
Kerberos
Public key
SAML
Single-Sign-On
SSL
TLS
Web server
title Secure Bindings of SAML Assertions to TLS Sessions
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-17T17%3A14%3A52IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Secure%20Bindings%20of%20SAML%20Assertions%20to%20TLS%20Sessions&rft.btitle=2010%20International%20Conference%20on%20Availability,%20Reliability%20and%20Security&rft.au=Kohlar,%20F.&rft.date=2010-02&rft.spage=62&rft.epage=69&rft.pages=62-69&rft.isbn=142445879X&rft.isbn_list=9781424458790&rft_id=info:doi/10.1109/ARES.2010.89&rft.eisbn=9780769539652&rft.eisbn_list=1424458803&rft.eisbn_list=9781424458806&rft.eisbn_list=0769539653&rft_dat=%3Cieee_6IE%3E5438111%3C/ieee_6IE%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i175t-7d5d93ce13a107fee639056d1619f822518e6eeee3d4063c7b10b2b81a3de06e3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=5438111&rfr_iscdi=true