2008 International Symposium on Applications and the Internet (2008)
July 28, 2008 to Aug. 1, 2008
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SAINT.2008.20
We propose an extension of the attribute exchange between an Identity Provider (IdP) and an Service Provider (SP) in Shibboleth. While in the conventional framework of Shibboleth attributes are exchanged in immediate values, in our new extension an SP and an IdP exchange attributes according to so-called "Magic Protocols''.??This extension enables the SP to know whether user's attributes meet the requirement for authorization, without the SP and the IdP revealing their confidential information. We also show how we can detectch eating in execution of this protocol, e.g.\ the IdP tells another value instead of the true value to the SP in malice.
Y. Okabe, T. Komura, S. Miyazaki and T. Takagi, "Privacy Oriented Attribute Exchange in Shibboleth Using Magic Protocols," 2008 International Symposium on Applications and the Internet(SAINT), vol. 00, no. , pp. 293-296, 2008.