Al-Sinani, Haitham S. (2011) Browser Extension-based Interoperation Between OAuth and Information Card-based Systems.
Full text access: Open
Whilst the growing number of identity management systems have the potential to reduce the threat of identity attacks, major deployment problems remain because of the lack of interoperability between such systems. In this paper we propose a simple scheme to provide client-based interoperation between OAuth and an Information Card-based system such as CardSpace or Higgins. In this scheme, Information Card users are able to obtain an assertion token from an OAuth-enabled system, the contents of which can be processed by an Information Card-enabled relying party. The scheme, based on a browser extension, is transparent to OAuth providers and to identity selectors, and only requires minor changes to the operation of an Information Card-enabled relying party. We specify its operation and also describe an implementation of a proof-of-concept prototype. Additionally, security and operational analyses are provided.
This is a Submitted version This version's date is: 24/9/2011 This item is not peer reviewed
https://repository.royalholloway.ac.uk/items/c73c6d4b-c790-beca-7f9c-26a14ee63a59/6/
Deposited by Research Information System (atira) on 19-Jun-2013 in Royal Holloway Research Online.Last modified on 19-Jun-2013