1. Introduction
Computers play a vital role in today’s world. A lot of data is generated in a very few seconds. Now, the question arises how the generated data need to be shared via network and how far the network is safe for data transmission. Here is where the concept of SAML comes into picture.
SAML is an acronym used for Security Assertion Mark-up Language. It basically manages the authentication and authorization related thefts between two or more parties. Here the two parties in particular are known as relying party and the other as identity party. These parties communicate with each other using assertions.
Here in this research paper, SAML is combined with SASL and GSS-API mechanisms in order to achieve maximum security. SASL (Simple Authentication and Security Layer) has set of rules such that helps to maintain the various interactions between security layer continuously. Protocols like IMAP also use SASL to configure its security features. By doing so we can add new features of authentication directly into the system without waiting for long.
If we need to perform authentication process on a system many times then GSS-API can be used. The acronym GSS-API stands for Generic Security Service-Application Program Interface, which functions accordingly to facilitate single interface multiple authentication. This helps SAML to be more reliable and load free.
In this research paper it is observed that SASL clearly helps SAML and GSS-API together known as GS2. It is also seen that in some critical environments GSS-API is not necessary. But, it all depends on the consequences of the usage of security layer followed by authentication process.
The process involved in this document specifies that servers having SASL or GSS-API ...
... middle of paper ...
...rns and also binding between the client and the server.
The popular risk is if the identity provider has the client information but client moves out of the platform and then attempts to request again then the identity of that particular client is lost.
It is also seen that sometimes if the binding is not done then the third party can interfere in between and even break the code. This is a problem hence the binding of channel needs to be strong and alternative algorithms must be used in order to protect the message.
The privacy issues occur in this kind of mechanism because every communication is open to SAML. It is possible that SAML can track all the conversation between message transfer.
Collision between various relaying parties may occur, as it is unique to one particular server. The problem is only one identifier is used for the same relaying party.
Binding: In order to run the function the RPC must know what server to contact and where. If this changes for any reason, or there are multiple servers that could run the function it needs to know which one to use (Wills, 1998).
Identity Management & Authorization is the ability to insure the person accessing the system is one, who they say they are, and two, authorized to access that program. In addition, this means terminating user account that are no longer authorized to access the system.
Giammarco, Erica. "U of S Central Authentication Service (CAS)." U of S Central Authentication Service (CAS). N.p., Jan. 2013. Web. 20 Nov. 2013. http://www.sciencedirect.com.cyber.usask.ca/science/article/pii/S0191886912003650?np=y
Because when sending a message there are two parts: the information itself and the communication
SAML is an abbreviation of Security Assertion Markup Language, which is an XML based standard for web browser Single Sign On (SSO), and defined by OASIS. It is in rife since 2002. SAML is called a security markup language because this is specifically defined to exchange security and identity related information such as authorization information and authentication information etc.
2. Once you have segregated the POS network, you need to apply rules on the networking device responsible for the
Roberts, Richard M. "Network Secrurity." Networking Fundamentals. 2nd ed. Tinley Park, IL: Goodheart-Willcox, 2005. 599-639. Print.
“In order to establish trust or confidence, there must be some binding of unique attributes in the website that will identify the unique identity. If website has got some elements of trust is commonly called authentication and will provide trust relationship to the users” (Andert et al 2002)
In both the scenarios, a backtracking (For example using an IP Address to determine from where the communication was initiated) would not lea...
ABSTRACT : This paper describes the basic threats to the network security and the basic issues of interest in designing a secure network. it describes the important aspects of network security. A secure network is one which is free of unauthorized entries and hackers. INTRODUCTION
Authentication: The process of proving one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.)
Channel Barriers. If the sender chooses an inappropriate channel of communication, communication may come to an end. Detailed instructions presented over the telephone, for example, may be frustrating for both communicators.
b) Information cannot be shared at a wider range to different receivers at distanced locations
Due to the demand for the internet to be fast, networks are designed for maximum speed, rather than to be secure or track users (“Interpol” par. 1). The adage of the adage.... ... middle of paper ... ...
Rayne, PB, Kulkarni, P, Patil, S & Meshram, BB 2012, ‘Authentication and Authorization:Tool for Ecommerce Security’, Engineering Science and Technology: An International Journal, vol. 2, no. 1, pp. 150-157.