OIDC-TCI: OIDC with Trust Context Information | |
---|---|
Author | |
Abstract |
Current and future networks must tackle identity management to authenticate and authorise users to access services. Identity management solutions are widely employed nowadays, where one authenticates in third-party services using account information stored securely in identity providers. Solutions like OpenID Connect relying on OAuth 2.0 are employed to support Single-Sign-On, facilitating users’ login process, which does not need to manage multiple accounts in several services. Despite their wide usage in several domains (enterprise, web applications), they only consider entities like persons. Thus, trust information regarding the levels of trust a person can perceive when accessing services with its devices in specific environments (e.g. untrusted networks like public hotspots) can be employed to protect access to data. OIDC-TCI is an approach to convey context information reflecting the trust relations between endusers, the applications/services running in devices, and a specific environment where access to sensitive resources needs to be authorised. The results demonstrate OIDC-TCI as a feasible solution to convey trust with minimal impact, in compliance with OpenID Connect, in a web service - TeaStore. |
Year of Publication |
2022
|
Date Published |
oct
|
Publisher |
IEEE
|
Conference Location |
Sousse, Tunisia
|
ISBN Number |
978-3-903176-52-2
|
URL |
https://ieeexplore.ieee.org/document/9954295/
|
DOI |
10.23919/WMNC56391.2022.9954295
|
Google Scholar | BibTeX | DOI |