This paper proposes a new federated authentication platform based on the Lock-Keeper system, which is a simple implementation of the high level security concept, “Physical Separation”. An integrated federated authentication gateway is realized within the Lock-Keeper components and deployed on the border between different security domains, which enables users to use their own digital identities for accessing services provided by external collaborating partners. User identities, credentials and all kinds of security tokens required by the authentication can be handled well by being physically isolated with outside. All the direct network connections to the target security domain are disabled by the Lock-Keeper''s inherent sluice principle as well as normal electronic transactions and businesses can still be performed through the corresponding Lock-Keeper application modules. A number of known standards related to Web Service security are implemented and can be reliably enforced in the isolated environment of the proposed framework.
展开▼
