Journal of Broadcast Engineering (방송공학회논문지)

The Korean Institute of Broadcast and Media Engineers (한국방송∙미디어공학회)
권호 표지
DOI QR코드

DOI QR Code

XML-based Single Sign-On Scheme for Internet Protocol TV(IPTV)Services

IPTV 서비스 제공을 위한 XML 기반의 단일인증 구조

  • Lee, Seung-Hun (Department of Computer Science & Engineering at Sejong University in Korea) ;
  • Shin, Dong-Il (Department of Computer Science & Engineering at Sejong University in Korea) ;
  • Shin, Dong-Kyoo (Department of Computer Science & Engineering at Sejong University in Korea)
  • Published : 2009.07.30
Download PDF
⟨ Previous Next ⟩

Abstract

By employing the subscriber concept in broadcasting services, IPTV (Internet Protocol Television) operators provide various grades of services to subscribers based on the billing level of the subscribers. With the income from subscribers for a basis, IPTV operators plan to provide high quality services. Since Web browser-based IPTV provides T-commerce and E-commerce services as well as television services, users may frequently visit other service domains to buy goods or content. To provide the user with charged or private services, these service domains request authentication of user. The existing authentication system is not appropriate for the IPTV service environment because the environment unavoidably forces the user to cross from one authentication-based service domain to another. Single sign-on provides a user with transparent authentication services by enabling an authenticated user to move between authentication-based service domains without any re-authentication. Like this distributed environment, since the IPTV service environment also provides a variety of authentication-based services, transparent authentication service needs to be provided to subscribers who want to access charged or private services. In this paper, we propose a new user authentication scheme for the IPTV environment. This scheme integrates the Security Assertion Markup Language (SAML), which is a standard for XML-based single sign on. We validate this scheme using a simple use case scenario.

방송 서비스에 가입자 개념을 채택함으로써, IPTV 사업자는 가입자의 결제수준을 기반으로 다양한 등급의 서비스를 제공한다. 가입자로 부터의 수입을 기반으로 하여 IPTV 사업자는 고품질의 서비스를 제공 할 수 있게 된다. 웹 브라우저 기반의 IPTV는 TV 서비스와 더불어 T-커머스 및 E-커머스 서비스도 제공하므로, 사용자는 자주 인터넷 쇼핑이나, 서비스 콘텐츠를 구입하기위해 다른 서비스 도메인에 접속하게 된다. 사용자가 구매한 서비스나 개인적인 서비스를 제공하기위하여 해당 서비스 도메인은 사용자 인증을 요구하게 된다. 현존하는 인증시스템은 한 도메인에서 다른 도메인으로 사용자가 이동했을 경우 재인증 절차를 요구하므로, IPTV 환경에 적절하지 않다. SSO(Single sign-on)구조는 한번 인증된 사용자가 다른 서비스 도메인으로 이동했을 경우 재인증 절차를 요구하지 않는 투명한 인증 서비스를 제공한다. IPTV에서 인증이 필요한 다양한 서비스가 제공되므로, 결제가 필요한 도메인이나 개인 도메인으로 이동시에 이러한 투명한 인증 서비스가 제공되어야 한다. 본 논문에서는 IPTV 환경에 대한 새로운 사용자 인증 구조를 제시하며, 이 구조는 XML 기반의 SSO 표준인 SAML(Security Assertion Markup Language)을 통합한다. 사용자-사례 시나리오를 이용하여 제안된 구조를 검증하였다.

Keywords

References

  1. Rittwik Jana and Serban Jora, “From IPTV to Mobile TV to IMS-TV?: Implications and standards for a network operator”, 15th International World Wide Web Conference 2006 (WWW2006), Edinburgh, Scotland, May, 2006
  2. A. Volchkov, “Revisiting single sign-on: a pragmatic approach in a new context,” IT Professional, Volume: 3 Issue: 1, Jan/Feb, 2001, pp. 39-45 https://doi.org/10.1109/6294.899932
  3. T.A. Parker, “Single sign-on systems-the technologies and the products,” European Convention on Security and Detection, Brighton UK, May. 16-18, 1995, pp. 151-155
  4. Bindings and Profiles for the OASIS Security Assertion Markup Language (SAML) http://www.oasis-open.org/committees/security/
  5. Torbjorn Cagenius, Andreas Fasbender, Johan Hjelm, Uwe Horn, Ignacio Mas Ivars and Niclas Selberg, “Evolving the TV experience: Anytime, anywhere, any device,” Ericsson Review, No: 3, 2006, pp. 16-18
  6. A Benjamin, I want my IPTV:Internet Protocol television predicted a winner, IEEE DISTRIBUTED ONLINE Computer Society Vol.6, No.2, 2005 https://doi.org/10.1109/MDSO.2005.10
  7. H. Junqiang, Q. Dayou, Y. Haijun, W. Ting, S. Weinstein, M. Cvijetic, S. Nakamura, Triple play services over a converged optical_wireless network
  8. FG IPTV-DOC-0188, Output Document: IPTV Security Aspect at 7thFGIPTVmeeting,Qawra, St Paul’s Bay, Malta, 11-18 December 2007
  9. OpenCable Applications Platform (OCAP): http://www.opencable.com/ocap/
  10. Advanced Common Application Platform (ACAP): http://www.atsc.org/standards/a101.html
  11. T. Pilioura, A. Tsalgatidou, S. Hadjiefthymiades, “Scenarios of using Web Services in M-Commerce, ACM SIGecom Exchanges,” Vol.3,No.4,January 2003, 28-36 https://doi.org/10.1145/844351.844356
  12. B. Pfitzmann, B. Waidner, "Token-based web Single Signon with Enabled Clients", IBMResearchReportRZ3458(#93844),November 2002
  13. J.I. Jeong, D.K. Shin, D.I. Shin, K.Y. Moon, “Java-Based Single Sign-On Library Supporting SAML (Security Markup Language) for Distributed Web Services,” LectureNotesinComputerScience3007, (2004)
  14. G. Ben, H. Whitney, H. Andre, J. Murali, D.V. Prasad, T. Ravi, W. "David, Professional Web Services Security, Wrox", 2002
  15. Birgit Pfitzmann. Privacy in enterprise identity federation | Policies for Liberty single sign on. In Proceedings: 3rd Workshop on Privacy Enhancing Technologies (PET 2003), Dresden, March 2003, Lecture Notes in Computer Science
  16. OASIS Standard, Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2.0: http://docs.oasis-open.org/security/saml/v2.0/
  17. B. Pfitzmann, B. Waidner, 'Token-based web Single Signon with Enabled Clients,' IBM Research Report RZ 3458 (#93844), November 2002
  18. J.I. Jeong, D.K. Shin, D.I. Shin, K.Y. Moon, “Java-Based Single Sign-On Library Supporting SAML (Security Markup Language) for Distributed Web Services,” Lecture Notes in Computer Science 3007, 2004