Published: May 15, 2023
The following paper has been accepted at the 18th International Conference on Availability, Reliability and Security (ARES 2023):
- Title: Cross-Domain Sharing of User Claims: A Design Proposal for OpenID Connect Attribute Authorities
- Author: Amir Sharif, Francesco Antonio Marino, Giada Sciarretta, Giuseppe De Marco, Roberto Carbone, Silvio Ranise
- Abstract: An Attribute Authority is an entity responsible for establishing, maintaining, and sharing a subject’s qualified attributes, such as titles and qualifications. In the OpenID Connect digital identity ecosystem, this entity is distinct from Identity Providers that manage only the basic identity profile information. A relevant scenario is as follows: the User first logs in to an online service using his/her identity managed by an Identity Provider. Then, the online service asks the Attribute Authority for the additional User’s attributes (e.g., entitlements) before granting access to its resources. In some high-sensitive cases, an Attribute Authority needs proof of the User’s authentication before releasing the User’s attributes to the online service. The challenge of this scenario involving usability, security, and privacy requirements lies in finding the right mechanism to share (the minimum and necessary set of) claims of the User who is currently authenticated with the online service across multiple domains without requiring his or her re-authentication. In this paper, we present the design of two solutions based on OpenID Connect to share User claims across domains. We provide security and privacy analysis for the two solutions and a brief comparison between them.
- DOI: 10.1145/3600160.3600183
About the conference
- Name: 18th International Conference on Availability, Reliability and Security (ARES 2023)
- Date: from August 29, 2023 to September 01, 2023
- Location: Benevento, Italy
- Website: https://www.ares-conference.eu
