Title :
iAuth: HTTP Authentication Framework Integrated into HTML Forms
Author :
Inoue, Takeru ; Katayama, Yohei ; Sato, Hiroshi ; Takahashi, Noriyuki
Author_Institution :
NTT Network Innovation Labs., Yokosuka, Japan
Abstract :
Current Web authentication methods have well-known weaknesses. Forms and cookies, which are most commonly used, have the long-standing privacy issue raised by tracking. URI sessions, which are used in some mobile services like i-mode 1.0, cause session adoption vulnerability. HTTP provides an access authentication framework, but it is rarely used because it lacks presentational control. This paper proposes iAuth, which brings presentational control to the HTTP access authentication framework. iAuth enables servers to provide log-in forms. iAuth does not have its own authentication mechanism and can support any mechanism including Basic and Digest authentications. Since iAuth has backward compatibility with legacy systems, developers can freely introduce iAuth into their Web sites or browsers as needed. Experiments confirm its correct operation; an iAuth server is shown to support not only an iAuth client but major legacy browsers. We believe that iAuth will resolve the long-standing issues in Web authentication.
Keywords :
Internet; authorisation; hypermedia markup languages; message authentication; HTML forms; HTTP access authentication framework; Web authentication method; Web sites; authentication mechanism; i-mode 1.0; iAuth client; iAuth server; legacy browsers; legacy systems; log-in forms; mobile services; presentational control; session adoption vulnerability; Authentication; Conferences; Data mining; HTML; Humans; Laboratories; Privacy; Technological innovation; Usability; Web server; HTML; HTTP; authentication; cookie;
Conference_Titel :
Advanced Information Networking and Applications Workshops (WAINA), 2010 IEEE 24th International Conference on
Conference_Location :
Perth, WA
Print_ISBN :
978-1-4244-6701-3
DOI :
10.1109/WAINA.2010.124
