This paper presents a generic proposal for improving existing IdM systems, by enabling service providers to determine whether the SSO credentials presented by a user satisfy some minimum requirements. For example, a service provider may require the users to have been authenticated using a method labelled with a particular level of assurance or a credential issued by a specific identity provider. Thus, a user initially authenticated by a username and password might not access a service that requires a stronger mechanism, such as public key certificates. Similarly, the access to some critical service may be restricted to users belonging to a specific organization. The main contribution of this paper is a generic infrastructure that defines the mechanisms to enforce access control policies based on levels of assurance and multiple identities, and it also provides the means to find and redirect the users to the appropriate authentication service when reauthentication is required. © 2008 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Sánchez, M., Cánovas, Ó., López, G., & Gómez-Skarmeta, A. F. (2008). Levels of assurance and reauthentication in federated environments. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5057 LNCS, pp. 89–103). https://doi.org/10.1007/978-3-540-69485-4_7
Mendeley helps you to discover research relevant for your work.