Global ETD Search

11	En säkerhetsanalys och jämförelse av SAML och OAuth P Svensson, Gustav, Eriksson, Filip January 2020 (has links) Vi har utfört en jämförelse av två populära SSO protokoll, OAuth och SAML. Detta för att göra valet av protokoll enklare för företag. Två simplistiska SSO-implementationer har utvecklats för att testa säkerheten av de två protokollen. En simplistisk SSO-implementation betyder i detta fallet att inga säkerhetsfunktioner har lagts till utöver vad protokollen kräver. Tre attacker har utförts: 307 redirect attack, Man in the middle och Replay attack. Resultatet visar att en simplistisk SAML implementation är säkrare än en simplistisk OAuth implementation. Vidare arbete krävs dock för att få en bättre bild av säkerheten för de olika protokollen. SAML OAuth SSO Single sign on säkerhet Other Engineering and Technologies Annan teknik
12	Systém Excalibur - implementace SSO / Excalibur System - SSO Implementation Chripko, Juraj January 2021 (has links) Cieľom systému Excalibur je presunúť autentifikáciu od hesiel používaných v súčastnosti ku bezheslovej budúcnosti. Zámerom tejto práce je integrácia systému Excalibur s webovými bezheslovými protokolmi SAML a FIDO2. Štandard SAML bol integrovaný do systému Excalibur a úspešne otestovaný s niekoľkými známymi aplikáciami. Excalibur má na starosti samotnú autentifikáciu a manažment používateľov a SAML je použitý na predanie týchto informácii aplikáciam tretích strán. FIDO2 je, na druhú stranu, kompletný autentifikačný štandard, ktorý môže byť do systému Excalibur integrovaný viacerými spôsobmi. Ako najsľubnejší spôsob sa javí výmena autentifikačného mechanizmu systému Excalibur za FIDO2, ale slabá podpora štandardu a chýbajúce funkcie to zatiaľ nedovoľujú.
13	Integrace Národní identitní autority k platformě poskytující (důvěryhodné) služby dle nařízení eIDAS Neckař, Dušan January 2020 (has links) The thesis is focused on the integration of the National Identity Authority into a trustworthy archive system belonging to a Brno company. The work deals with the clarification of the legislative framework of the eIDAS regulation and related laws and introduces services creating trust. The thesis proposes a solution of NIA integration using UML diagrams and TOGAF framework.
14	Choosing authentication protocol for digital signatures : A comparison between SAML and OIDC / Val av autentisieringsprotokoll för digitala signaturer Kågström, Pontus January 2023 (has links) More and more companies are working toward digitizing their workflow and this has increased the necessity of digital signatures.An important part of digital signatures is the authentication process which is heavily regulated for Swedish government agencies by DIGG, DIGG only allows the use of Security Assertion Mark-up Language(SAML) for authentication but are looking into also allowing OpenID Connect(OIDC) and together with Swedish OIDC working group produce a specification.This thesis is looking into this preliminary specification and exploring if OIDC can do everything that SAML can do in regards of digital signatures, and if the inclusion of OIDC would render SAML obsolete.This is explored by implementing OIDC in twoday's services that follow DIGG's specifications to see if there are needs that OpenID Connect cannot meet.From the restriction in the thesis there was nothing that SAML could do that OIDC could not do, On the contrary their are features in OIDC that SAML could not match.The inclussion of OIDC would not make SAML obsolete unless customers use-cases evolve to include the features that SAML could not match. Software Engineering Programvaruteknik
15	Browser-Based Trust Negotiation Morris, Cameron 21 March 2006 (has links) (PDF) Trust negotiation allows two parties on the Internet to establish trust in each other according to the digital credentials thateach other possesses. Traditionally, trust negotiation uses certificates as digital credentials. However, certificates make trust negotiation difficult to use since people rarely have certificates available to them, and they must physically possess and secure all needed certificates in order to negotiate. To avoid these problems, this thesis proposes that credential authorities negotiate on behalf of the user. This thesis defines BrowserBased Trust Negotiation (BBTN) as a method for negotiating with credential authorities using the Secure Assertion Markup Language (SAML). Trust Negotiation Internet Security Computer Security SAML Single Sign-on Computer Sciences
16	Evaluation of Single Sign-On Frameworks, as a Flexible Authorization Solution : OAuth 2.0 Authorization Framework / Esnek Yetkilendirme Çözümü Olarak, Tek Oturum Açma Çerçevelerinin Değerlendirilmesi : OAuth 2.0 Yetkilendirme Çerçevesi Odyurt, Uraz January 2014 (has links) This work introduces the available authorization frameworks for the purpose of Single Sign-On functionality within an enterprise, along with the fundamental technicalities. The focus of the work is on SAML 2.0 and OAuth 2.0 frame- works. Following the details related to available protocol flows, supported client profiles and security considerations, the two frameworks are compared in accordance with a set of factors given in a criteria. The report discusses the possibilities provided by a Microsoft Windows based infrastructure, as well as different scenarios and their feasibility in an enterprise environment. The preferred framework, OAuth 2.0, is selected according to the given criteria and the comparative discussions. Single Sign-On (SSO) Authorization SAML 2.0 OAuth 2.0 OAuth 2.0 flow Federated authentication Delegated authorization Tek Oturum Açma (TOA) Yetkilendirme SAML 2.0 OAuth 2.0 OAuth 2.0 akımı Birleşik kimlik doğrulama Devredilmiş yetkilendirme Computer Sciences Datavetenskap (datalogi)
17	Security, Privacy, Identity And Patient Consent Management Across Healthcare Enterprises Inintegrated Healthcare Enterprises (ihe) Cross Enterprise Document Sharing (xds) Affinity Domain Namli, Tuncay 01 June 2007 (has links) (PDF) Integrated Healthcare Enterprise (IHE) is an initiative by industry and healthcare professionals to improve knowledge sharing and interoperability between healthcare related enterprises. IHE publishes Integration Profiles on several Healthcare Fields to define how systems can use existing standards and technologies to execute a specific use case in healthcare. Cross Enterprise Document Sharing (XDS) is such a profile which defines the way of sharing Electronic Health Records (EHR) between healthcare enterprises. In this thesis, IHE Cross Enterprise User Authentication, IHE Node Authentication and Audit Trail, IHE Basic Patient Privacy Consent profiles are implemented based on the IHE XDSimplementation by National Institute of Standards, USA. Furthermore, some of the unspecified issues related with these profiles are clarified and new techniques are offered for their implementations. One of the contribution of the thesis is to use OASIS Extensible Access Control Markup Language (XACML) to define patient consent policies and manage access control. Other technologies and standards that are used in the implementation are as follows / OASIS Security Assertion Markup Language (SAML), XML Signature, Mutual Transport Layer Security (TLS), RFC 3195 Reliable Delivery for Syslog, RFC 3881 Security Audit and Access Accountability Message XML Data Definitions.
18	A secure web service : Specification on how to implement a secure Web service in a health care environment Bill, Andreas, Persson, Robert January 2005 (has links) <p>Background: With Web service growing popularity more and more companies chose to apply Web service in their organisation. With the rising usage of the concept the demands rise with it. For companies that deal with vulnerable information for example hospitals, there needs to be strong security measures taken.</p><p>Purpose: The aim of the report is to examine different security functions that can help developers to secure Web service applications. The report will be written so that organisations such as health care organisation can get insight on how to use a secure Web services in their line of work.</p><p>Method: One of the main methods used in this report is a qualitative hermeneutic way of thinking. The research process will apply Wallace’s model. The theoretical study is achieved with research on the subject through literature studies and published articles. Interviews that are used to gain knowledge are structured as quality orientated science surveys with semistandardised questions.</p><p>Conclusions: We believe the time has come for hospitals to investigate if Web service can help their organization. In case they choose to use Web services, we advise them to follow Web service Security’s recommendations to produce a web service that is adapted to their security needs.</p> Web service Security XML SOAP UDDI WSDL Web service security XML signature and XML encryption SAML Informatics Informatik
19	Genus, klass och sexualitet : Om genus, jämställdhet, sexualitet och samlevnadsundervisning vid några gymnasiers individuella program / Gender, social class and sexuality : About gender, equity, sexuality and sex education for school drop-outs Sundbaum, Bengt January 2005 (has links) Unga människors sexualitet utvecklas till stor del i samklang med den egna könsspecifika kamratgruppen. Det bidrar till att göra mötet med det motsatta könet sårbart och präglat av den egna kamratgruppens förväntningar. En angelägen uppgift för skolans sex- och samlevnadsundervisning är därför att ge utrymme för samtal mellan pojkar och flickor i frågor som rör sexualitet samt att medverka till att bryta könsstereotypa föreställningar. Elever, som efter obligatoriska skolan ej antagits till gymnasieskolans nationella program, erbjuds plats på ett så kallat individuellt program (IV). Fler elever vid individuella programmet än gymnasieskolans övriga elever tycks ha ett riskbeteende med avseende på sexuell och reproduktiv hälsa. Syftet med denna studie var att undersöka skillnader efter kön och födelseland avseende IV-elevers attityder i könsrollsfrågor, deras förmåga att kommunicera i frågor rörande sexualitet samt att utvärdera en tidsbegränsad sex- och samlevnadsundervisning. En enkät besvarades av 345 elever på individuella programmet vid 13 olika gymnasieskolor. Vid sex av skolorna genomförde därefter lärarna undervisning av livskunskapskaraktär med fokus på attityder och kommunikation kopplat till sex- och samlevnad. Vid de återstående sju skolorna genomfördes ingen liknande sex- och samlevnadsundervisning. Cirka en månad efter försöksundervisningen delades samma enkät ut till eleverna vid försöks- och kontrollskolorna. Den inledande enkäten visade att pojkar och gruppen utomnordiskt födda eleverhade en mer fördomsfull syn i frågor som rör sexualitet, arbetsfördelningen i hemmet samt hade svårare att tala med partnern om preventivmedel jämfört med flickor respektive elever födda i Norden. Pojkar hade svårare än flickor att säga nej till sex även då de inte ville ha sex. Några effekter av försöksundervisningen på ungdomarnas attityder, preventivmedelsanvändning eller förmåga att tala om sexualitet kunde ej konstateras. Det behövs ett långsiktigt och brett arbete för att påverka attityder och beteende inom området sexualitet och samlevnad. Inte bara undervisningen är viktig utan också alla de övriga könsrelaterade budskap som möter eleverna under en skoldag. Det behövs mer kunskap om hur olika samhällsaktörer i samverkan kan bidra till att ungdomar – i synnerhet de mest riskutsatta –ska bli bättre rustade att göra egna hälsosamma val / For most young people their sexual identities are primarily shaped by interaction with the same-sex peers which easily leads to misunderstandings and difficulties in communicating issues about sexuality with the opposite sex. Pupils leaving nine year compulsory school in Sweden without the qualifications required for admittance to the standard national programmes at the upper secondary school are offered to attend an “individual programme”. These individual programme attenders, or drop-outs from the national programmes, seem to have a higher risk behaviour compared to young people attending a theoretical or vocational programme at upper secondary school level. The objective of this study was to examine differences in gender role thinking and communication skills between the sexes and to relate the results to sex and ethnicity. Furthermore to evaluate a time limited sex education programmefocusing on gender role attitudes and communication skills. The result of a questionnaire, administrated to 345 pupils at 13 individual programmes, showed that males and young people born outside a Nordic country expressed a higher degree of double standards and had more difficulties in communicating with their partner about contraceptives compared to the female pupils and those pupils born in a Nordic country. Men had more difficulties compared to women in refusing undesired sex. The individual programme attenders were divided into an intervention group and a control group. The intervention consisted of about 15 lessons of sex education focusing on gender role attitudes. Both groups answered the same questionnaire one month after the sex education intervention. The analyses of the result of the questionnaires showed no statistically significant differences between the intervention and the control group.In order to influence young people’s attitudes and behaviour in the field of sexuality and gender roles, a comprehensive work is a precondition. Not only the teaching is important but also gender related messages which confront the pupils all over the day. There is also a need for more collaboration between local organisations in order to convey appropriate education, counselling and individual support to make young people at risk better equipped to make their own choices healthier / <p>ISBN 91-7997-089-3</p> Gender Drop-outs Young people Sexuality Sex Education Genus sexualitet sex- och saml evnadsundervisning ungdomar skolan Public health science Folkhälsovetenskap
20	A secure web service : Specification on how to implement a secure Web service in a health care environment Bill, Andreas, Persson, Robert January 2005 (has links) Background: With Web service growing popularity more and more companies chose to apply Web service in their organisation. With the rising usage of the concept the demands rise with it. For companies that deal with vulnerable information for example hospitals, there needs to be strong security measures taken. Purpose: The aim of the report is to examine different security functions that can help developers to secure Web service applications. The report will be written so that organisations such as health care organisation can get insight on how to use a secure Web services in their line of work. Method: One of the main methods used in this report is a qualitative hermeneutic way of thinking. The research process will apply Wallace’s model. The theoretical study is achieved with research on the subject through literature studies and published articles. Interviews that are used to gain knowledge are structured as quality orientated science surveys with semistandardised questions. Conclusions: We believe the time has come for hospitals to investigate if Web service can help their organization. In case they choose to use Web services, we advise them to follow Web service Security’s recommendations to produce a web service that is adapted to their security needs. Web service Security XML SOAP UDDI WSDL Web service security XML signature and XML encryption SAML Information Systems

Search results