Journal of Information Security
Vol.06 No.03(2015), Article ID:56785,12 pages
10.4236/jis.2015.63018

Evaluating the Efficiency and Effectiveness of a Federated SSO Environment Using Shibboleth

Parves Kamal1, Saad Mustafiz2, Faisal Md. Abdur Rahman1, Raihan Taher3

1University of Bedfordshire, Bedfordshire, UK

2Ahsanullah University of Science Technology, Dhaka, Bangladesh

3North South University, Dhaka, Bangladesh

Email: Parves.kamal@gmail.com, saadmustafiz@gmail.com, f.rahman.uob@gmail.com, Raihan.Taher@gmail.com

Copyright © 2015 by authors and Scientific Research Publishing Inc.

This work is licensed under the Creative Commons Attribution International License (CC BY).

http://creativecommons.org/licenses/by/4.0/

Received 10 March 2015; accepted 26 May 2015; published 29 May 2015

ABSTRACT

The notion of this project is derived from our practical use of user authentication system namely Shibboleth at the University of Bedfordshire. It has been found that the University of Bedfordshire controls its various services including student portal Breo, Learning Resources and Student Email Access and others through the Shibboleth. Like the University of Bedfordshire the other Universities in the UK are also implementing the Shibboleth system in their access management control. Therefore, the researchers of this project have found it important to evaluate its efficiency and effectiveness of Shibboleth from different perspectives. In the first part of this paper it tries to explain the features of Shibboleth as SSO services and compares it with other SSO services like Athens, Kerberos, etc. Then in the middle section, the authors go through the steps of installation and configuration of the Shibboleth. In the end of the paper, based on the survey of real users of Shibboleth at the University of Bedfordshire, the authors give its insights on the effectiveness of the Shibboleth as SSO service. Throughout this investigation, the authors have applied a triangulation to find out user and service provider viewpoint about Shibboleth. Although there were some problems persisted, the authors also implemented the Shibboleth system successfully to figure out different problems, efficiency and effectiveness. The recommendations and conclusion have been provided at the end of this project.

Keywords:

Shibboleth, SSO, Athens, Kerberos, Identity Provider (IdP), Service Provider (SP), Tomcat, Microsoft Passport

1. Introduction

In the age of information technology (IT), the tendency of higher education is moving towards Virtual Learning Environment (VLE) whilst information security (IS) over the internet has remained one of the pivotal issues for Higher Educational (HE) Institutions. There is a Federated Access Management system called Shibboleth that has placed Athens aiming to provide safe and secure network to the educational institutions in the UK (cen- sus.ac.uk). To give the general access to the repository, it is rather easy for this task [1] . The problem can be solved with a Single Sign-On system like the Shibboleth. Therefore, authors have selected the most recurrent, discussed topic in the access management system called Shibboleth in the educational institutions technically and evaluated efficiency and effectiveness of it from different facets. The rationale behind selecting the topic is because it is believed that the access management has up till now suffered from the limitations in the educational institutions where the users are diversified and resources need to be secured.

2. Aims and Objectives of the Research

2.1. Research Aims

The aim of this research is to evaluate efficiency and effectiveness of Shibboleth comparing to other Single Sign-on System. The scope of this paper is to compare the features of Shibboleth with other services offered by SSO, go through the installation process, experience any hiccups during the installation and configuration steps. The research is based on Shibboleth at the University of Bedfordshire.

2.2. Research Outcomes

The main objectives of the research are as follows:

・ Review available literature on Shibboleth and other Single Sign-on Systems including definitions, types, and comparison.

・ Investigate the security under Shibboleth system from the administrative and user perspectives.

・ Overview installation process of Shibboleth within a demo web interface with a view to figure out interaction between client and server.

・ Experience any problems during installation and configuration of Shibboleth and find the solution.

・ Summarize project and research findings, and provide recommendations to mitigate/minimize any limita- tions.

3. Research Methodology

There are three different methods applied to carry out this research which are as follows:

Firstly, for secondary data collection we will depend on different literatures on the subject. We will be look- ing into the structure of the Shibboleth systems and finding out its features relative to other similar services like Athens, Kerberos, Microsoft passport etc.

Secondly, for the primary research we will take a key informant interview who is a responsible person of Shibboleth at the UoB within the combination of qualitative and quantitative research methods (Triangulations).

Thirdly, to analyze the efficiency and effectiveness of Shibboleth we will oversee the installation process and configure Shibboleth 2.2 in a physical network.

Mixture of Qualitative and Quantitative Approach

Triangulation or combination of qualitative and quantitative methods has found an ideal application to achieve aims and objectives of the research. The logic behind adopting combination of qualitative and quantitative re- search methods is because the research would give opportunity to cross-check the results to figure out the effi- ciency and effectiveness of the Shibboleth at the University of Bedfordshire. Furthermore, it is also believed

that triangulation would give an accurate result to the researcher [2] .

Considering the nature of the project, the researchers determine to apply quantitative approach in this project. In definition, quantitative methods rely on the data collection through the survey methods to comprehend the people’s perceptions aiming to understand the events and behaviors. In this research, the quantitative research methods will look for the answers that are set in the objective two which is about investigating the security un- der Shibboleth system from the administrative and user perspectives.

4. Functions of Shibboleth at the University of Bedfordshire

By following the requirements of JISC (Joint Information Systems Committee) University of Bedfordshire in- troduced Shibboleth for an authentication to people who have access into the web resources and database like breo, sits e-vision are available at the University. The University of Bedfordshire employed Shibboleth to au- thenticate staffs and students when they access into the breo, sits e-vision, digital library, Email (Figure 1) and other services.

As it can be seen in the above Figure 1, the identity.beds.ac.uk lets users log in once and sub sequentially logging into other services automatically.

5. Shibboleth Architecture

Shibboleth Architecture [ShipProbt] has been defined by Scabo and Cantor (2005) as the SAML 1.1 SSO exten- sion with attributing exchange mechanisms. It specifies the SSO profile of service-provider-first with the ex- tended user privacy features. Along with these, there are some fixed Shibboleth building standards given by the authors. Architectural standards of Shibboleth are here:

・ Hypertext Transfer Protocol (HTTP).

・ Extensible Markup Language (XML).

・ XML Schema.

・ SML Signature.

・ SOAP.

・ Security Assertion Markup Language (SAML) [3] .

・ The architectural shape of Shibboleth with its attributes exchange communication is figured here:

In the above Figure 2, the WAYF, IdP and SP are the main core components of the shibboleth architecture.

Figure 1. UoB student gmail access.

Figure 2. Shibboleth architecture. Source: UK federation [4] .

5.1. Advantages and Disadvantages of the Shibboleth System

In a website or network, the function of the Single Sign-On is like the function of bridge to connect various software and programs. With a single signing on system, the user gets the access to different services. They do not need to get authorized differently to get the access again and again. We can cite here an example of top e-mail providers. After getting the access of the account with authorization, the user gets the access of different services like the web browsing, financial services, image service etc.

5.1.1. Advantages

1) Single sign-on

The Single Sign-On service authentication system is processed with a Virtual Organization in Shibboleth [5] . The present system requires the users to have the different access username and password and they need to sign-on using those different services using the previous access different authentication individually. But the single sign-on system allows getting all the access with single local identity. Services like the newsgroups, the e-mail service, and stock tracking etc. can be delivered. All the services must be under a single domain. Still people as well as the users keep the separate identities to access various services like e-mail services, banking, travel, billing, groups etc. The complexity of keeping lots of identities has a negative effect on users to use the services indeed. They need lots of information like the user ID, name, email-ID, passwords to input to get the access to different services repeatedly. Eventually, the users lose the interest to use the services on Web. Written in SAML (Security Assertion Markup Language), Shibboleth facilitates the definition of relationships between institutions as well as the exchange of pseudo-anonymous information about users [6] .

The problem of lots of sign-on is that it really affects the performance of web; people have started to treat this as a great drawback. The SSO circle trusted members took the benefits of SAML authentication assertions [7] .

2) Federated system

The capabilities of Identity-management service is expanded with the expansion of each organization have federated system. We can see there are different kinds and forms of relations of one organization to another. An example of any University can be cited. It needs access to various levels such as the students, stuffs, libraries, faculty etc.

The educated person can help the Shibboleth to make the whole management process easy to conduct. The auxiliary object class―“EduPerson” is designed with a purpose to access the information communication among the higher education institution campus directories. It is also treated as the bridge between the network website software and programs.

3) Protect data and user’s privacy

Shibboleth ensures the best data security and privacy protection to the users with the software based on SAML. Here, the authentication data forward in enough in case of university. The personal information also controls and protects by the use of Shibboleth.

4) International uptake of system

It is possible to configure the Identity Provider Server named login.jsp for the branding of the site of univer- sity. It ensures both on-campus and off-campus control of access to the university. The institution and user rela- tion also can be building up and defined through here. With the attribute service, the group-based and role- based authorization is also supported by this.

5) Play Well with Others

We already talked about the issue of Interoperability as one of the prime feature of Shibboleth. The federated world requires the Interoperability feature as a must, mentioned from Shibboleth (2010). It is now possible to interoperate with various commercial implementations with the support of multi-protocol service of Shibboleth. Above multi-protocols are Microsoft’s Active Directory, Card Space, OASIS and Federation service.

5.1.2. Disadvantages

We will find some disadvantages or drawbacks with the Shibboleth. The main problems are global log out, technology infancy, complexity and assumptions. Some explanations to these issues are given here:

1) No global log-out

The main problem regarding the Shibboleth is probably with the issue of global log out. To illustrate this, we can say that the problem is Shibboleth isn’t able to log out from all the service at a time.

2) Infancy of technology

As we know the modern system and architecture of the internet is upgrading at a very rapid speed. The Shib- boleth software cannot cope with this rapid technological advancement. There is an estimation which says that there are about 5 Shibboleth protected resources in contrast to 260 Athens protected resources.

3) Complexity

In case of Proxy Servers, the Shibboleth implementation is quite complex than that of normal server. It re- quires local machine based special environment for the process. And as we know, the special environment crea- tion is also a complex task. Generally, only expert XML Programmers know this language.

4) Assumptions

The high reliability on assumptions is also being treated as a problem to some authors. For an example, the web browser is enabled with the JavaScript. These assumptions is creating problem such as the minimum as- sumptions will not be supported for the administration requirements. Following problems related to the adminis- trative issues in the institution are some of the big problems indeed [8] .

5) Security risk

The risk of security is being considered as one of the biggest drawbacks of Shibboleth system. Actually the Single Sign-On interface creates the problem related to security as it is attached to both the manager and client’s side. The poor password system can be vulnerable for the clients. And using this weak access system, various threats like the malicious software’s, deviant, programs and bad-bots can be the cause of unwanted access to the secured resources. Both clients and managers would face problems in this way. According to CVE, one such vulnerability in Shibboleth is OpenSAML (2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2) [9] . Library allows remote attackers to forge messages and bypass authentication via an “XML Signature wrapping attack.

5.2. Different Sign-On System Currently Available in Financial and Education Sectors

The Single Sign-On system is now being considered as the “Holy Grail” of computer security [10] . By replacing the existing heterogonous enterprise security infrastructure, its goal is to bring a common security infrastructure, which is admirable. MIT’s Kerberos, Microsoft Active Directory and Public Key Infrastructure (PKI) based system, Open Group’s distributed computing environment (DCE) etc. are some of the leading vendors who are attempting with the Shibboleth. Only a few of these vendors could actually attain their goal. A common infrastructure is being established where all other present applications are changing. With this issue, the problem emerging in all systems, different proprietary and standard based solutions cannot be implemented. Single point of failure is also a related risk here. The risk of whole system is to become vulnerable if any user’s passwords are leaked.

1) Kerberos

In the field of financial organizations and Automated Teller Machine (ATM) security purpose, the Single Sign-On system, Kerberos is used in some cases. Windows 2000 based enterprises got the security like the bank- ing level by the Kerberos. The migration of Active Directory by the administrator has made the task of configu- ration and implementation very complex than that of other Single Sign-On system [11] .

2) Microsoft passport

Another banking sector based SSO system is the Microsoft Passport. It’s also called as the digital wallet. Vendors, Content Providers, Consumers and the Service Providers have showed less attraction to Microsoft Passport due to its limitations.

3) Athens account

Athens is a federated system. Online services security access management is the purpose to design it. In UK, the de facto standard system has been ruled out during late nineties and two thousand from health sectors and education sectors. There was an statistics by stating that there were two million users using Athens to access to 769 user sites, 51 service provider sites and 249 resources [12] . Sites like Elsevier, Oxford University Press 2002, Science Direct and Wiley are included here. This was treated as the most successful federated identity management. The Shibboleth has replaced the Athens on First day of August, 2008 due to its problem with efficiency and effectiveness. Some similarities and dissimilarities have been figured out in the following Table 1.

6. Anticipated Artifact

To implement Shibboleth 2.0 we will set up a virtual environment and oversee the interactions between Shibbo- leth Identity Provider (IdP) and Service Provider (SP) which are as follows:

Setting up virtual network.

We will be installing the identity provider (IdP) and the Service provider (SP) as depicted above in Figure 3, Figure 4 in our Virtual machine and go through the SSO service provided by the shibboleth.

7. Shibboleth Configuration and Implementation

7.1. Testing and Implementing

To evaluate the efficiency and effectiveness of Shibboleth we had to overview Shibboleth configuration and installation process in a Windows XP. Throughout the configuration and implementation process. We found that implementing Shibboleth is not only a difficult job but also implementer needs to have enormous technical knowledge. To bring success into this project in case of difficulties, we have sought the help from a professional who has helped us to configure Shibboleth and implement that at the end of this project. However, the aim of this chapter is to provide the information about how the researchers of this project carried out the configuration, implementation and analyzed the difficulties that the researcher faced during configuration and installation pro- cess and possible solutions are sought in both technical and professional manners.

Table 1. Similarity and differences between Athens and Shibboleth.

Figure 3. Anticipated artifice.

Figure 4. The installation of shibboleth Identity Provider (IdP) and Service Provider (SP).

7.2. Making Environment for Shibboleth Configuration

For installing Shibboleth IdP and SP, we had to make an environment with the following hardware and software requirements.

Hardware requirements

・ Intel Pentium IV (minimum requirement is Intel Pentium III).

・ 512 MB Random Access Memory (RAM).

・ 500 Mega Bite Spare Storage.

・ 20 Mega Bite Ethernet Card.

・ Software requirements.

・ Java 1.5.

・ Apache Tomcat 5.5.

To implement Shibboleth 2.0, the authors set up an environment considering the following:

・ Set up you Virtual Machine.

・ Install Java.

・ Install the Apache HTTPD Server.

・ Install Tomcat.

・ Install the Shibboleth identity Provider software.

7.3. The Problem in Shibboleth IdP Security Check

We, finally, managed to install and conjure Shibboleth SP and IdP. We also connected Apache with Tomcat though Shibboleth log in page error for this. (url:http://lc.sb.com/idp/j_security_check) still remaining.

But when we checked Shibboleth SP in shibboleth-sp\var\log\shibboleth\native.log, it generated following error message.

2011-08-29 00:15:47 ERROR Shibboleth. Listener [2760] shib_handler: remoted message returned an error: Missing key or ID parameters.

2011-08-29 00:15:47 ERROR Shibboleth. AssertionLookup [2760] shib_handler: error while processing request: Missing key or ID parameters.

There are also few problems:

1) When we wanted to check http://localhost/Shibboleth.sso/GetAssertion, this url shows this message: Assertion Lookup Failed.

2) May be Apache SSL did not work properly. We found it when we checked following url https://lc.sb.com/Shibboleth.sso/Status in lieu of http://lc.sb.com/Shibboleth.sso/Status and it shows “Unable to connect”.

Solutions to the above problems.

We found that there were error files in our native.log are probably due to you accessing GetAssertion (see below).

SSL needs to work. Does SSL work when you visit https://lc.sb.com/?

Hel also commented on our two points in the earlier problems:

1) Firstly, exportAssertion must be turned on when you protect your path, and secondly, you cannot just visit that URL without parameters―see https://wiki.shibboleth.net/confluence/display/SHIB2 Native SP Content Settings.

You should probably ignore GetAssertion until you have got things working.

2) Try https://localhost/Shibboleth.sso/Status.

7.4. Problems Shibboleth SP Configuration with Apache 2.2

Although there was a successful installation the problem arose from linking Shibboleth SP and Shibboleth IdP. To solve the problems, we had to seek technical support from Technical notes provided by Mr. Mark Gamble Notes. We tried to configure with it but we could not understand all the technical notes and commands that he mentioned in the Technical Notes.

But when we tried to configure with it, it had generated an error when we tried to start Apache 2.2. (But when we tried to start Apache 2.2 while trying to configure with it, it had generated an error). Error message was as follows:

There was a file remained in the location―D:/opt/shibboleth-sp/lib/shibboleth/mod_shib_13 which made us confused why the error arose when we tried to start Apache 2.2.

Solutions to the above problems.

Following the above problems, Professional had provided the solution and e-mailed us that mod_shib_13.so is a link to the Apache v1.3 module.

In your httpd.conf, you should Include the configuration for the appropriate module for your web server, which in your case is D:/opt/shibboleth-sp/etc/shibboleth/apache22.config, not D:/opt/shibboleth-sp/etc/shib- boleth/apache.config.

8. Shibboleth 2.4 SP on CentOS 5

This note outlines a basic installation and configuration of a Shibboleth 2 Service Provider on CentOS 5. It is assumed that a new installation of Apache 2.2 has been installed, with SSL.

These are quick-notes for Centos5. For any other operating system [13] .

It is preferable that the website is only accessible via HTTPS. To achieve this, put the following into /etc/ httpd/conf/httpd.conf:

#FORCE HTTPS

RewriteEngine on

RewriteCond %{HTTPS} !=on

RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [R,L]

Install Shibboleth

Add the shibboleth yum repository: cd /etc/yum.repos.d/

Wget http://download.opensuse.org/repositories/security://shibboleth/CentOS_5/security:shibbo leth.repo

Install:

yum install shibboleth or, for 64-bit:

yum install shibboleth.x86_64

Shibboleth configuration files will be placed at /etc/shibboleth/ and the Apache configuration in

/etc/httpd/conf.d/shib.conf. The Shibboleth daemon, shibd, will be installed to /usr/sbin and may/can be managed by using /sbin/service and /sbin/chkconfig. An appropriate version of mod_shib and other pluggable modules will be installed to /usr/lib/shibboleth/. Logs will be located in /var/log/httpd/native.log and /var/log/ shibboleth/.

To ensure that the native.log log file can be written to/ by the apache user, change the ownership of

/var/log/httpd/: chown apache /var/log/httpd or, for security reasons, one could touch the file itself, and just chown that, or you could touch the file somewhere else and chown it.

Tell shibd to start at system stRestart your website: service

shibd start

service httpd restart

Quick Test

Verify that you get a StatusHandler XML element back. Metadata

In order for users to successfully authenticate to your SP, the SP must have the metadata of the IdP which actually authenticates them, and the IdP must have your SP metadata.

The metadata for your SP is available by visiting /Shibboleth.sso/Metadata. For example: curl -k https://localhost/Shibboleth.sso/Metadata or use http if you are not using handlerSSL=•htrue•h. Wrap the metadata in these: and put it is in a file on the IdP (nice to put it in /opt/shibboleth-idp/metadata/sp-metadata.xml).

On the IdP, put the following in /opt/shibboleth/conf/relying-party.xml (find the

MetadataProvider example, and put it by there):

Get your IdP Metadata (the default one is in /opt/shibboleth-idp/metadata/idp-metadata.xml. but you need to modify it. the entityID and scope may be wrong), wrap it in the same way above, and put it in a file on the SP (nice to put it in /etc/shibboleth/partner-metadata.xml). On the SP, add the IdP metadata to your Shibboleth configuration by uncommenting the following line in shibboleth2.xml [14] :

Seeing What You Get

To see what attributes are being released to you, write a script that dumps the environment/headers etc, and put it into a protected path, and then visit it. For example

Now visit /secure on your SP, and see what you get. Consider resolving attributes and filtering them on your IdP. Review your SP /etc/shibboleth/attribute* configuration, but you will not normally need to modify them.

9. Survey Result

The questions were asked to acquire more information about the student access point to the ddigital library from which it is secured by single sign-on system such as Shibboleth.

Question: About Student

This question is represented for seeking information about respondent though small amount (45) of students were taken as sample from different department but still it bought significant result for our research.

Graph: 1

The aim of this question is to find out the main point of access into the Breo by the student of The University of Bedfordshire. The survey result revealed that the main access point to the Breo is from the Park Square IT Suit. The above Figure 5 shows that almost 62.22 percent undergraduate students from different subjects accessed into the Breo where 42.22 percent of postgraduates and 31.11 percent of computing students use PS IT Suit to access into the Breo.

In summary it can be said that most of the undergraduate students accessed in to the Breo compared to other two groups of students such as postgraduate business and computing students.

Graph: 2

Survey question like how flexible do the student find in terms of access in the Breo under Shibboleth. The survey result revealed that there were almost all types of students found good in flexibility in access to the Breo under Shibboleth system.

The above Figure 6 shows that 73.33% postgraduate, 93.33% computing and 86.66% undergraduate student said that they can access into the Breo under Shibboleth in a good condition without any problems.

Graph: 3

The question like digital library access under shibboleth were asked to know if the students found any difficulties under shibboleth authentication.

The Figure 7 depicts that most of the students found the digital library access under Shibboleth very good. Among the student, 73.33% computing students found digital library access very good compared to other two groups.

Figure 5. Breo access.

Figure 6. Flexibility of Breo under Shibboleth.

Figure 7. Digital Library access under Shibboleth.

10. Key Interviewee: Mr. Mark Gamble, University of Bedfordshire

Interviewer: What are the reasons for introducing Shibboleth at the University of Bedfordshire?

Interviewee: There are a number of reasons to introduce Shibboleth at the University of Bedfordshire and these are Federated Reason. It has become an obligation to the HE and FE institutions aiming to provide fast and quality education.

Under SSO, students can access various supports and services in one log in system which is not possible in multiple sign-on system.

Interviewer: What are the resources covered by Shibboleth?

Interviewee: Shibboleth, as a form of Single Sign-On system usually authenticates the resources like digital library, breo, printer, and calendar.

Interviewer: How are the costs related to the Shibboleth?

Interviewee: There is no cost associated with the Shibboleth whilst the system is completely free.

Interviewer: What is the security concern associated with the Shibboleth?

Interviewee: Shibboleth is fully a web based authentication system which has two layers security systems such as IdP (Identity Provider) and SP (Service Provider). Due to its nature, the Shibboleth is a fully secure authentication system.

Interviewer: What are the different authentication systems available in SSO and why Shibboleth is better than others?

Interviewee: The Shibboleth-Single Sign-On system is built for students, not to retype passwords. Shibboleth is a secured system (single sign system) authorized by the UK federation. There was a de facto system called Athens used by the UK universities. The Athens system was built to access to journals and library materials. Within Athens, account students needed to have their username and password to access the system.

11. Conclusions

The effectiveness of Shibboleth is much better than the other SSO-Athens in the field of higher education. Although Service Provider and Identity Provider are two different services, it still provides the same authentication to them. (The beauties lay behind effectiveness of Shibboleth as it provides two different services: Identity Provider and Service Provider.) Moreover, like the University of Bedfordshire, different enterprises or institutions could ensure their highest security by introducing CAS besides Shibboleth.

From the overall perspectives, it has been found that any organization ranges from small to large, can afford the Shibboleth system. It has been also revealed from this research that compared with the Shibboleth system, Athens is very much expensive to maintain and manage. However, there is a problem in executing shibboleth system which is not only vital but also a complex one. Through different analysis from secondary research, primary research, key informant interview and implementation process, it has been found that installation and configuration of Shibboleth held in-depth technical knowledge about the Shibboleth systems along with practical experiences to implement that correctly and efficiently. Most of the difficulties are derived from starting webapp, building relationship between apache and tomcat, installing Shibboleth SP provider and IdP and making relationship with them and starting up LDAP server.

The limitation could be minimized if any individual or organization follows the above guidelines on the basis of knowledge, skills and experiences gathered from this project.

12. Future Work

The Shibboleth could be implemented in the financial sector along with other business organizations if the organizations could develop some support and services to implement Shibboleth as an authentication system. Like CAS besides Shibboleth at the University of Bedfordshire, the Banking sector can use Smartcard besides Shibboleth to authenticate their users. By implementing Smartcard authentication systems, the financial organization could reinforce security for their organization as well as provide the best possible services to the customers. For this to achieve LDAP authentication Extension supports SSL authentication [15] .

References

  1. Ngo, L. and Apon, A. (2007) Using Shibboleth for Authorization and Authentication to the Subversion Version Control Repository System. IEEE Computer Society.
  2. Ghauri, P., Gronhaug, K. and Kristianslund, I. (1995) Research Methods in Business Studies: A Practical Guide. Hemel Hempstead, Prentice Hall.
  3. Scavo, T. and Cantor, S. (2005) Shibboleth Architecture Technical Overview: Working Draft 02.
  4. UK Federation Information Centre, Documents, How It Works Browse. http://www.ukfederation.org.uk/content/Documents/HowItWorks
  5. Rixon, G. (2005) Reviews of Shibboleth.
  6. Cary, A. A Discussion of Current Methods and a Vision for Digital Libraries. http://www.webjunction.org/documents/webjunction/Authentication_and_Authorization.html
  7. O’Neil, M. (2003) Web Service Security. McGraw-Hill, Osborne.
  8. Pollock, N. and Cornford, J. (2000) Theory and Practice of the Virtual University: Report on UK Universities Use of New Technologies. ARIADNE, No. 24. http://www.ariadne.ac.uk/issue24/virtual-universities/
  9. CVE-2011-1411. http://www.cvedetails.com/cve/CVE-2011-1411/
  10. Bidgoli, M. (2009) Handbook of Information Security. John Wiley & Sons Inc.
  11. TechRepublic (2003) Administor’s Guide to Active Directory. 2nd Edition, TechRepublic, KY.
  12. Aldini, A., Barteh, G. and Gorrieri, R. (2009) Foundation of Security Analysis and Design V. Springer, Germany.
  13. Shibboleth Installation. https://wiki.shibboleth.net/confluence/display/SHIB2/Installation
  14. UK Access Management Federation. http://www.ukfederation.org.uk/content/Documents/Setup2SP
  15. LDAP Authentication/Smartcard. http://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Smartcard_Configuration_Examples