Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Development of Identity-Provider Discovery System leveraging Geolocation Information

위치정보 기반 식별정보제공자 탐색시스템의 개발

  • Jo, Jinyong (Division of Supercomputing, Korea Institute of Science and Technology Information) ;
  • Jang, Heejin (Division of Supercomputing, Korea Institute of Science and Technology Information) ;
  • Kong, JongUk (Division of Supercomputing, Korea Institute of Science and Technology Information)
  • Received : 2017.07.21
  • Accepted : 2017.08.10
  • Published : 2017.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Federated authentication (FA) is a multi-domain authentication and authorization infrastructure that enables users to access nationwide R&D resources with their home-organizational accounts. An FA-enabled user is redirected to his/her home organization, after selecting the home from an identity-provider (IdP) discovery service, to log in. The discovery service allows a user to search his/her home from all FA-enabled organizations. Users get troubles to find their home as federation size increases. Therefore, a discovery service has to provide an intuitive way to make a fast IdP selection. In this paper, we propose a discovery system which leverages geographical information. The proposed system calculates geographical proximity and text similarity between a user and organizations, which determines the order of organizations shown on the system. We also introduce a server redundancy and a status monitoring method for non-stop service provision and improved federation management. Finally, we deployed the proposed system in a real service environment and verified the feasibility of the system.

연합인증은 소속기관에서 이용하는 사용자 ID와 비밀번호를 이용해 타 기관에서 제공하는 연구자원에 접근할 수 있는 멀티도메인 간 사용자 인증 및 인가체계이다. 사용자는 연합인증 서비스에 참여하고 있는 다수의 기관들 중에서 자신의 소속기관을 선택해 로그인해야 한다. 탐색서비스는 연합인증이 가능한 기관들을 목록화해 화면 표시함으로써 사용자가 자신의 소속기관을 쉽게 찾을 수 있게 하는 서비스이다. ID 연합에 참여하는 기관이 증가할수록 소속기관 검색이 어렵기 때문에 탐색시스템에서 참여기관들을 효과적으로 목록화하는 방법이 필요하다. 본 논문은 사용자와 기관의 위치정보를 이용해 근접도를 계산하고 근접도에 따라 기관들의 목록 순서를 결정하는 식별정보제공자 탐색시스템을 제안한다. 또한 탐색시스템의 무중단 서비스를 위한 서버 이중화 방안과 연합인증 서비스의 관리편의성 재고를 위해 서비스현황 모니터링 기능을 구현한다. 마지막으로 개발된 탐색시스템을 연합인증 서비스 환경에 적용하고 제안한 위치정보 기반 탐색, 서버 이중화, 현황 모니터링 방법의 성능과 기능을 검증했다.

Keywords

References

  1. R. Bhatt, M. Gupta and R. Sharman, "Identity management systems: Models, standards, and COTS offerings," Handbook of Research on Emerging Developments in Data Privacy, pp. 1-26, 2014.
  2. I. M. Khalil, A. Khreishah and M. Azeem, "Cloud computing security: A survey," Computers, vol. 3, no. 1, pp. 1-35, Feb. 2014. https://doi.org/10.3390/computers3010001
  3. H. Jang, K. Lee, J. Kong and J. Jo, "Development of collaboration infrastructure to promote R&D collaboration," Journal of the Korea Institute of Information and Communication Engineering, vol. 19, no. 10, pp. 2429-2440, Oct. 2015. https://doi.org/10.6109/jkiice.2015.19.10.2429
  4. J. C. R. Ribon, L. J. G. Villalba and T. P. de Miguel Moro and T. H. Kim, "Solving technological isolation to build virtual learning communities," Multimedia Tools and Applications, vol. 74, no. 19. pp. 8521-8539, Oct. 2015. https://doi.org/10.1007/s11042-013-1542-5
  5. Daesung Lee, "Design of user integrated authentication systems in heterogeneous distributed cloud service brokerage environment," Journal of Korea Institute of Information and Communication Engineering, vol. 20, no. 11, pp. 2061-2066, Nov. 2016. https://doi.org/10.6109/jkiice.2016.20.11.2061
  6. E. Maler, P. Mishra and R. Philpott, Assertion and protocol for the OASIS security assertion markup language (SAML) V1.1, OASIS SSTC, Santa Clara, California, Sep. 2003.
  7. Research and Education FEDerations group, Federations, [Internet]. Available: https://refeds.org/federations.
  8. Korean Access Federation, What is KAFE?, [Internet]. Available: https://coreen.kreonet.net/kafe.
  9. L. Hammerle, "SWITCHaai: Shibboleth-based federated identity management in Switzerland," In Proceedings of CESNET 2006 Conference, pp. 1-12, 2006.
  10. SWITCHwayf download, SWITCH Forge, [Internet] https://forge.switch.ch/projects/wayf/files.
  11. GRNET, Shibboleth WayF/DS, [Internet] https://code.grnet.gr/projects/wayf.
  12. R. Widdowson and S. Cantor, Identity Provider Discovery Service Protocol and Profile, OASIS Committee Specification 1, Santa Clara, California, 2008.
  13. Shibboleth Embedded Discovery Service, [Internet] https://wiki.shibboleth.net/confluence/display/EDS10/Embedded+Discovery+Service.
  14. S. Cantor, I. J. Moreh, S. Philpott, and E. Maler, Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS SSTC, March 2005.
  15. Research and Education Federations group, Metadata Explorer Tool, [Internet] https://met.refeds.org/.
  16. DB-IP, Your ultimate resource of IP geoloation and network intelligence, [Internet] https://www.db-ip.com/.
  17. C. C. Robusto, "The conine-haversine formula," The American Mathematical Monthly, vol. 64, no. 1, pp.38-40, Jan. 1957. https://doi.org/10.2307/2309088
  18. Y. Lin, J. Jiang and S. Lee, "Similarity measures for text classification and clustering," IEEE transactions on knowledge and data engineering, vol. 26, no. 7, pp. 1575-1590, Jan. 2013. https://doi.org/10.1109/TKDE.2013.19
  19. W. Tarreau, HAproxy-the reliable, high-performance TCP/HTTP load balancer, [Internet] http://www.haproxy.org.
  20. J. W. Choi, "Implementation and fault-tolerance tests of load balanced and duplicated active-active web servers," Journal of Korea Institute of Information and Communication Engineering, vol. 18, no. 1, pp. 63-69, Jan. 2014. https://doi.org/10.6109/jkiice.2014.18.1.63
  21. D. Bartholomew, MariaDB cookbook, Packt Publishing Ltd., Birmingham, UK, 2014.
  22. A. Singh and M. Singh, "Analysis of host-based and network-based intrusion detection system," International Journal of Computer Network and Information Security, vol. 6, no. 8, pp. 41-47, Jul. 2014. https://doi.org/10.5815/ijcnis.2014.08.06
  23. Raptor, [Internet] http://iam.cf.ac.uk/trac/RAPTOR.
  24. G. S. Machado, P. Schnellmann, M. Corti, M. Waldburger, A. Vancea and B. Stiller, "AMAAIS Phase 2: Architecture design and implementation," Accounting and Monitoring of AAI Services Project, Tech. Rep. Deliverable D, Feb. 2011.
  25. D. Cicalese, J. Auge, D. Joumblatt, T. Friedman and D. Rossi, "Characterizing IPv4 anycast adoption and deployment," In Proceedings of the 11th ACM Conference on Emerging Networking Experiments and Technologies, no. 16, pp. 1-13, Dec. 2015.