Security of Microsoft's Identity Metasystem and CardSpace
Konferenz: KiVS 2007 - Kommunikation in Verteilten Systemen - 15. ITG/GI-Fachtagung
26.02.2007 - 02.03.2007 in Bern, Schweiz
Tagungsband: KiVS 2007
Seiten: 12Sprache: EnglischTyp: PDF
Persönliche VDE-Mitglieder erhalten auf diesen Artikel 10% Rabatt
Autoren:
Oppliger, Rolf (eSECURITY Technologies, Beethovenstrasse 10, CH-3073 Gümligen)
Gajek, Sebastian (Ruhr University Bochum, Universitätsstrasse 150, D-44780 Bochum)
Hauser, Ralf (PrivaSphere AG, Jupiterstrasse 49, CH-8032 Zürich)
Inhalt:
Microsoft has designed and proposed an identity metasystem that is user-centric and consistent with open Web services (WS-*) standards. An implementation of the metasystem is, for example, available in the .NET Framework 3.0. It interfaces to the user by providing an identity selector named CardSpace (formerly codenamed InfoCard). Various applications can make use of CardSpace, including, for example, Microsoft Internet Explorer 7. We therefore expect Microsoft’s identity metasystem and CardSpace to become widely deployed on the Internet and a popular target to attack. In this paper, we elaborate on the security of Microsoft’s identity metasystem and CardSpace.