Browse > Article
http://dx.doi.org/10.6109/jkiice.2017.21.9.1777

Development of Identity-Provider Discovery System leveraging Geolocation Information  

Jo, Jinyong (Division of Supercomputing, Korea Institute of Science and Technology Information)
Jang, Heejin (Division of Supercomputing, Korea Institute of Science and Technology Information)
Kong, JongUk (Division of Supercomputing, Korea Institute of Science and Technology Information)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.21, no.9, 2017 , pp. 1777-1787 More about this Journal
Abstract
Federated authentication (FA) is a multi-domain authentication and authorization infrastructure that enables users to access nationwide R&D resources with their home-organizational accounts. An FA-enabled user is redirected to his/her home organization, after selecting the home from an identity-provider (IdP) discovery service, to log in. The discovery service allows a user to search his/her home from all FA-enabled organizations. Users get troubles to find their home as federation size increases. Therefore, a discovery service has to provide an intuitive way to make a fast IdP selection. In this paper, we propose a discovery system which leverages geographical information. The proposed system calculates geographical proximity and text similarity between a user and organizations, which determines the order of organizations shown on the system. We also introduce a server redundancy and a status monitoring method for non-stop service provision and improved federation management. Finally, we deployed the proposed system in a real service environment and verified the feasibility of the system.
Keywords
Identity federation; Federated authentication; Identity-provider discovery service; Geo-location;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 D. Cicalese, J. Auge, D. Joumblatt, T. Friedman and D. Rossi, "Characterizing IPv4 anycast adoption and deployment," In Proceedings of the 11th ACM Conference on Emerging Networking Experiments and Technologies, no. 16, pp. 1-13, Dec. 2015.
2 R. Bhatt, M. Gupta and R. Sharman, "Identity management systems: Models, standards, and COTS offerings," Handbook of Research on Emerging Developments in Data Privacy, pp. 1-26, 2014.
3 H. Jang, K. Lee, J. Kong and J. Jo, "Development of collaboration infrastructure to promote R&D collaboration," Journal of the Korea Institute of Information and Communication Engineering, vol. 19, no. 10, pp. 2429-2440, Oct. 2015.   DOI
4 J. C. R. Ribon, L. J. G. Villalba and T. P. de Miguel Moro and T. H. Kim, "Solving technological isolation to build virtual learning communities," Multimedia Tools and Applications, vol. 74, no. 19. pp. 8521-8539, Oct. 2015.   DOI
5 Daesung Lee, "Design of user integrated authentication systems in heterogeneous distributed cloud service brokerage environment," Journal of Korea Institute of Information and Communication Engineering, vol. 20, no. 11, pp. 2061-2066, Nov. 2016.   DOI
6 E. Maler, P. Mishra and R. Philpott, Assertion and protocol for the OASIS security assertion markup language (SAML) V1.1, OASIS SSTC, Santa Clara, California, Sep. 2003.
7 Research and Education FEDerations group, Federations, [Internet]. Available: https://refeds.org/federations.
8 Korean Access Federation, What is KAFE?, [Internet]. Available: https://coreen.kreonet.net/kafe.
9 L. Hammerle, "SWITCHaai: Shibboleth-based federated identity management in Switzerland," In Proceedings of CESNET 2006 Conference, pp. 1-12, 2006.
10 SWITCHwayf download, SWITCH Forge, [Internet] https://forge.switch.ch/projects/wayf/files.
11 DB-IP, Your ultimate resource of IP geoloation and network intelligence, [Internet] https://www.db-ip.com/.
12 I. M. Khalil, A. Khreishah and M. Azeem, "Cloud computing security: A survey," Computers, vol. 3, no. 1, pp. 1-35, Feb. 2014.   DOI
13 GRNET, Shibboleth WayF/DS, [Internet] https://code.grnet.gr/projects/wayf.
14 R. Widdowson and S. Cantor, Identity Provider Discovery Service Protocol and Profile, OASIS Committee Specification 1, Santa Clara, California, 2008.
15 S. Cantor, I. J. Moreh, S. Philpott, and E. Maler, Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS SSTC, March 2005.
16 Research and Education Federations group, Metadata Explorer Tool, [Internet] https://met.refeds.org/.
17 C. C. Robusto, "The conine-haversine formula," The American Mathematical Monthly, vol. 64, no. 1, pp.38-40, Jan. 1957.   DOI
18 Y. Lin, J. Jiang and S. Lee, "Similarity measures for text classification and clustering," IEEE transactions on knowledge and data engineering, vol. 26, no. 7, pp. 1575-1590, Jan. 2013.   DOI
19 W. Tarreau, HAproxy-the reliable, high-performance TCP/HTTP load balancer, [Internet] http://www.haproxy.org.
20 J. W. Choi, "Implementation and fault-tolerance tests of load balanced and duplicated active-active web servers," Journal of Korea Institute of Information and Communication Engineering, vol. 18, no. 1, pp. 63-69, Jan. 2014.   DOI
21 D. Bartholomew, MariaDB cookbook, Packt Publishing Ltd., Birmingham, UK, 2014.
22 G. S. Machado, P. Schnellmann, M. Corti, M. Waldburger, A. Vancea and B. Stiller, "AMAAIS Phase 2: Architecture design and implementation," Accounting and Monitoring of AAI Services Project, Tech. Rep. Deliverable D, Feb. 2011.
23 Shibboleth Embedded Discovery Service, [Internet] https://wiki.shibboleth.net/confluence/display/EDS10/Embedded+Discovery+Service.
24 A. Singh and M. Singh, "Analysis of host-based and network-based intrusion detection system," International Journal of Computer Network and Information Security, vol. 6, no. 8, pp. 41-47, Jul. 2014.   DOI
25 Raptor, [Internet] http://iam.cf.ac.uk/trac/RAPTOR.