engleski

Security of Web Level User Identity Management

The changing trends in the usage of contemporary Web technologies and Web design have led to the Web 2.0 concept. Web 2.0 has introduced variety of new possibilities for both Internet service providers and users. The rapid evolution of services like e-banking, e-commerce, social-networking sites, blogs, and video-sharing sites have arisen. The nature of these services requires for users to be digitally identified. The identification process is conducted on the Web services level and each service has its own user identity control system, which makes usage of services more difficult for users and raises development costs for service providers. In Web 2.0 era, instead of having the identity on the Web services level, identification process should be conducted on the Web level. This concept is known as Identity 2.0 and it represents a federated identity model in which users are in full control of their online identities. In this paper we discuss security risks of federated identity model. Furthermore, we review OpenID, the most popular protocol that implements federated identity model. Finally, we describe how OpenID responds to the security issues of federated identity model. As a potential solution to those problems, we discuss related protocols and interoperability between them.

Web security; Identity 2.0; federated identity model; OpenID

nije evidentirano