计算机工程2012,Vol.38Issue(10):18-21,4.DOI:10.3969/j.issn.1000-3428.2012.10.005
基于IBAS的SAML路径验证协议
SAML Path Verification Protocol Based on IBAS
摘要
Abstract
To resolve the problem that signature mechanisms based on Public Key Infrastructure(PKI) reduce the SOAP message transmission efficiency when protecting the Security Assertion Markup Language(SAML) assertion transport significantly in Web service authentication call process. This paper proposes Identity-based SAML Path Verification(IBSPV), which improves the transmission efficiency of the SOAP message by shortening the length of the signature value and the public key. Based on random oracle model, IBSPV can ensure the integrity of the SAML assertion and source unforgeability, protect the transmission path which can not be tampered with, and can prevent anti-replay attacks. By comparing the assertion length of IBSPV and PKI, it proves that IBSPV protocol improves the transmission efficiency.关键词
安全声明标记语言/断言/基于身份的聚合签名/XML签名/抗重放攻击/Web服务组合Key words
Security Assertion Markup Language(SAML)/assertion/Identity-based Aggregate Signature(IBAS)/XML signature/anti-replay attack/Web service composition分类
信息技术与安全科学引用本文复制引用
王曦,张斌,杨艳,王娜..基于IBAS的SAML路径验证协议[J].计算机工程,2012,38(10):18-21,4.基金项目
国家"863"计划基金资助项目(2009AA01Z438) (2009AA01Z438)
