Securing Digital Identities in the Cloud by Selecting an Apposite Federated Identity Management from SAML, OAuth and OpenID Connect Nitin Naik and Paul Jenkins Defence School of Communications and Information Systems Ministry of Defence, United Kingdom Email: [email protected] and [email protected] Abstract—Access to computer systems and the information this sensitive data over insecure channels poses a significant held on them, be it commercially or personally sensitive, is security and privacy risk. This risk can be mitigated by using naturally, strictly controlled by both legal and technical security the Federated Identity Management (FIdM) standard adopted measures. One such method is digital identity, which is used to authenticate and authorize users to provide access to IT in the cloud environment. Federated identity links and employs infrastructure to perform official, financial or sensitive operations users’ digital identities across several identity management within organisations. However, transmitting and sharing this systems [1], [2]. FIdM defines a unified set of policies and sensitive information with other organisations over insecure procedures allowing identity management information to be channels always poses a significant security and privacy risk. An transportable from one security domain to another [3], [4]. example of an effective solution to this problem is the Federated Identity Management (FIdM) standard adopted in the cloud Thus, a user accessing data/resources on one secure system environment. The FIdM standard is used to authenticate and could then access data/resources from another secure system authorize users across multiple organisations to obtain access without both systems needing individual identities for the to their networks and resources without transmitting sensitive single user. In this way, it avoids the transmission of sensitive information to other organisations. Using the same authentication information/credentials. For example, it is probable that users and authorization details among multiple organisations in one federated group, it protects the identities and credentials of users could possess several accounts with the service providers such in the group. This protection is a balance, mitigating security as Google, Amazon, eBay and AOL. These service providers risk whilst maintaining a positive experience for users. Three require the users’ identity to be confirmed by a trusted central of the most popular FIdM standards are Security Assertion policy framing authority in terms of scope and visibility [5], Markup Language (SAML), Open Authentication (OAuth), and [6], [7], [8]. This relieves the user of the burden of dealing with OpenID Connect (OIDC). This paper presents an assessment of these standards considering their architectural design, working, multiple credentials thereby improving usability and security security strength and security vulnerability, to cognise and ascer- [2], [7], [8]. The FIdM approach separates the authentication tain effective usages to protect digital identities and credentials. and authorization functions for the better management of both. Firstly, it explains the architectural design and working of these There are a number of FIdM standards available, some of standards. Secondly, it proposes several assessment criteria and the most popular and successful FIdM standards, are Security compares functionalities of these standards based on the proposed criteria. Finally, it presents a comprehensive analysis of their Assertion Markup Language (SAML), Open Authentication security vulnerabilities to aid in selecting an apposite FIdM. This (OAuth), and OpenID Connect (OIDC). SAML is an XML- analysis of security vulnerabilities is of great significance because oriented framework for transmitting user authentication, enti- their improper or erroneous deployment may be exploited for tlement and other attribute information [9]. OAuth is a scalable attacks. delegation protocol allowing a user to permit access to an Index Terms—Federated Identity Management; FIdM; SAML; OAuth; OpenID Connect; SSO; DoS; MITM; XSS application to accomplish authorized tasks on behalf of the user [10]. OpenID Connect is an emerging suite of lightweight specifications that provide a framework for communicating I. INTRODUCTION identity via RESTful APIs [11]. These three FIdM standards In cyberspace, digital identities are used to represent an virtually cover the entire FIdM cloud industry. individual, organization or electronic device, which controls This paper presents an assessment of these standards con- access to critical corporate information by the authentica- sidering their architectural design, working, security strength tion and authorization of their users providing access to and security vulnerability, to understand and ascertain effective organisational resources. Businesses are required to exchange usages to protect digital identities and credentials. Firstly, information both financial and personnel with government it explains the architectural design and working of these agencies and other businesses electronically. This collabora- standards. Secondly, it proposes several assessment criteria tive working and sharing of sensitive information is strictly and compares functionalities of these standards based on controlled and protected by legislation in the countries in the proposed criteria. FIdM standards offer the solution to which the organisation operates. However, the transmission of protect digital identities and personal information; however, their implementation requires thoughtful administration and carefully enforced security and privacy policies. The improper or erroneous deployment of the FIdM standard could have serious consequences and open several security vulnerabili- ties, which can be easily exploited for attacks. Therefore, it is essential to understand various message flows and their associated security vulnerabilities, which is comprehensively covered in the final section to aid in selecting an apposite FIdM. The rest of the paper is organised as follows: Section II presents the detailed architectural design and working analysis of the three FIdM standards SAML, OAuth and OIDC; Section III presents the comparative analysis of the three FIdM standards SAML, OAuth and OIDC based on the Fig. 1. SAML Assertion Structure [13] proposed evaluation criteria; Section IV elucidates potential vulnerabilities of FIdM standards due to their improper or • User is an entity that initiates a sequence of protocol erroneous deployment; Section V concludes the paper and messages and consumes the service provided by the SP. suggests some future work. At the end of this paper, a list A user may be an application program that is requesting of acronyms and their full forms are presented to simplify the access to a resource. discipline specific terminologies. The latest version of the SAML specifications is SAML 2.0, which describes the following components [13]: II. ARCHITECTURAL DESIGN AND WORKING OF PREDOMINANT FEDERATED IDENTITY MANAGEMENT • Assertions state how identities are represented. (FIDM) STANDARDS • Protocols represent a sequence of XML messages de- signed to achieve a single goal. This section explains the three predominant FIdM standards • Bindings describe how protocol messages are transported SAML, OAuth and OpenID Connect and their working in over a lower-level protocol such as HTTP. details. All these standards have a commonality, and they • Profiles combine a number of bindings to describe a use security tokens for their services. Security Tokens are a solution for a use case. key concept in FIdM as they are the device of choice for The SAML assertion is the main notion in SAML. It is authenticating and authorizing a users identity or “digital iden- a claim, statement, or declaration of a digital identity which tity”. They are also known as Identity Tokens, Authentication is made by the IDP and trusted by the SP. The identity Tokens and Authorization Tokens [12]. information required by the SP, is usually agreed in advance by the IDP and SP [14]. However, there is a provision after A. Security Assertion Markup Language (SAML) the initial transaction to request additional information. The Security Assertion Markup Language (SAML) was devel- structure of a SAML assertion is shown in Fig. 1. There oped by the Security Services Technical Committee of OASIS are three types of assertions: authentication, attribute, and (Organization for the Advancement of Structured Informa- authorization. Authentication assertion validates the user’s tion Standards) [9]. SAML is an XML-oriented framework identity. Attribute assertion contains specific information about for transmitting user authentication, entitlement, and other the user. Authorization assertion identifies what the user is attribute information [9]. This framework provides two fed- authorized to do [3]. eration partners to select and share identity attributes using a A typical SAML use case example is illustrated in Fig. 2 SAML assertion/message payload, on the condition that these and its corresponding steps are described below: attributes can be expressed in XML [11]. SAML assumes 1) User tries to access a hosted application on the SP’s three key roles in any transaction Identity Provider (IDP/IdP), cloud Service Provider (SP) and User: 2) SP generates a SAML request • Identity Provider (IDP/IdP) is a trusted organisation 3) Browser redirects the SAML request to the IDP’s cloud that authenticates and authorizes