Databases Reference
In-Depth Information
can compromise the PDP or spoof its communication? How do we guaran-
tee that we reference the right object? While the system is distributed, a
policy is still in only one location. With respect to policy cross-referencing,
one policy may access another. Typical issues arise as with inheritance and
unions/intersections of related work. The challenge is to deal with conflicts.
Researchers as well as practitioners are working on exchanging both SAML
and XACML. In the next section we will discuss Shibboleth, which is a dis-
tributed web resource access control system that allows federations to cooper-
ate together to share web based resources. It uses SAML in its implementation.
2.5 Shibboleth
As stated earlier, Shibboleth is a distributed web resource access control sys-
tem that allows federations to cooperate together to share web based resources
[4]. It defines a protocol for carrying authentication information and user at-
tributes from a home to a resource site. The resource site can then use the
attributes to make access control decisions about the user. This web based
middleware layer uses SAML. Access control is carried out in stages. In stage
one the resource site redirects the user to their home site, and obtains a handle
for the user that is authenticated by the home site. In stage two, the resource
site returns the handle to the attribute authority of the home site and is re-
turned a set of attributes of the user, upon which to make an access control
decision.
There are some issues with single sign on with Shibboleth. How does the
resource site know the home site of the user? How does it trust the handle
returned? Answer is, it is handled by the system trust model. The authenti-
cation procedure is as follows: when the resource site asks for the home site
from the user, he/she selects it from the list of trusted sites which are already
authenticated by certificates. Handles are validated by the SAML signature
along with the message. User selects the home site from the list. Home site
authenticates the user if he/she is already registered. After the home server
authentication, it returns a message with SAML sign to the target resource
site. If the sign matches, then the target resource site provides a pseudonym
(handle) for the user, and sends an assertion message to the home page to find
out if the necessary attributes are available with the user. To ensure privacy,
each time the system provides different pseudonyms for the user's identity, it
needs the release attribute policy from the user attributes each time to provide
control over the authority attributes in the target site. Agreement attribute
release policy is between the user and the administrator.
Trust is at the heart of Shibboleth. It completely trusts the target resource
site and the origin home site registered in the federation. The disadvantage of
the existing trust model is that there is no differentiation between authenti-
cation authorities and attribute authorities. There is scope for allowing more
sophisticated distribution of trust, such as static or dynamic delegation of au-
thority. Another disadvantage in the existing trust model is that it provides
