Browse wiki

Jump to: navigation, search
A Semantic Approach for context-aware Authorization in Enterprise Systems
Approved Approved  +
ApprovedBy Kirsti Dalseth  +
DueDate 12 May 2013  +
Keywords SSO  + , Login  + , Liberty Alliance  + , Microsoft Card Space  + , Semantic Technologies  + , Access control  +
Methods The tools and methods in this thesis are bThe tools and methods in this thesis are based on * A set of scenario, describing the challenges * A list of requirements being extracted from the scenarios * A description and evaluation of technologies and tools being candidates for solutions * A functional architecture/description of the envisaged system * An implementation of the core concepts * A demonstration of the solution * An evaluation of the solution, including a critical review of the descisions taken earlier * Conclusions * Referencess taken earlier * Conclusions * References  +
Objective Single-Sign-On (SSO) is one of the dominanSingle-Sign-On (SSO) is one of the dominant sign on mechanisms for the web. Though implementations of SSO are known for quite some year, with implementations from e.g. myopenid.org and Feide, they have only recently reached the mass market. Social networks like LinkedIN, Facebook and Google allow for SSO or rather remote authentication, which is then used for access authorisation of specific tasks on the server of the requiring party. Current Single-Sign-On Systems are only delivering the "yes/no" authentication string back to requiring party. This binary authentication is not state-of-the-art, as it does not provide any information of the role of the person in the remote organisation or the trust-level resulting from the authentication. Advanced access systems include the notation of roles (RBAC) or even attributes (ABAC). Semantic technologies are seen as enablers for context information, which can be add as on of the attributes in an ABAC system. This master thesis consists of research around the topic of authentication methods. We are interested what different kinds of policies that are available to us, third party authentication and what other purposes does the authentication mechanism (e.g. password) have other than pure authentication for common platforms (UNIX, Windows and OSX). The main purpose here is to find the effect of each method/policy that are available to us and henceforth theorize on some best practices. This thesis will establish a model describing the cost-/benefit analysis for a company providing advanced authentication mechanisms, including SSO. A specific focus is on the use of passwords, as they are seen to be critical both with respect to security, but also with respect to usability. The envisaged outcome of the thesis is a policy-based decision tree, allowing companies to define a required security level, and then adopt criteria which will met this required security. Common- and best-praxis examples are foreseen to elaborate on how close industrial solutions are to satisfy the security policy in conjunction with an easy-to-use algorithm.conjunction with an easy-to-use algorithm.  +
Pre-Knowledge The user should have a decent understanding of programming. He should also be interested to learn about Semantic Technologies  +
Schedule Time Schedule: T0 0 starting month=August Time Schedule: T0 0 starting month=August 2012, T0+m denotes the month where the contribution to a certain chapter shalle be finalized : T0+2 months: create an initial page describing the scenario : T0+3: Provide a list of technologies which you think are necessary for the thesis : T0+4: Establish the table of content (TOC) of the envisaged thesis. Each section shall contain 3-10 keywords describing the content of that section :T0+7: Provide a draft of section 2 (scenario) and 3 (technologies) :T0+10: Establish a draft on what to implement/architecture :T0+11: Set-up an implementation, testing and evaluation plan :T0+15: Evaluate your solution based on a set of parameters, keep in mind ''there is no such thing as a free lunch'' :T0+17: Deliver the thesis a free lunch'' :T0+17: Deliver the thesis  +
Supervisor Josef Noll  + , Zahid Iqbal  +
ThesisStatus Finished  +
Titel A Semantic Approach for context-aware Authorization in Enterprise Systems  +
User Hans Martin Sydskogen Folkeseth  +
Creation dateThis property is a special property in this wiki. 10 December 2013 12:42:03  +
Categories Thesis  +
Modification dateThis property is a special property in this wiki. 1 December 2014 21:07:04  +
hide properties that link here 
Advancing Authentication Schemes for Single-Sign-On Systems redirect page
 

 

Enter the name of the page to start browsing from.