The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
현재 웹 인증 프레임워크에는 잘 알려진 약점이 있습니다. HTTP는 액세스 인증 프레임워크를 제공하지만 표현 제어가 부족하기 때문에 거의 사용되지 않습니다. 가장 일반적으로 사용되는 양식과 쿠키는 추적으로 인해 오랫동안 제기된 개인 정보 보호 문제를 안고 있습니다. i-mode 1.0과 같은 일부 모바일 서비스에서 사용되는 URI 세션은 의도치 않게 세션 식별자를 공개합니다. 본 논문에서는 기존 프레임워크의 더 나은 부분을 통합하고 문제를 해결하는 iAuth를 제안합니다. iAuth를 사용하면 서버가 로그인 양식을 제공할 수 있으며 서버 추적 및 의도하지 않은 공개를 방지하기 위해 세션 헤더를 도입합니다. iAuth는 주요 레거시 브라우저와 이전 버전과 호환되므로 개발자는 필요에 따라 웹 사이트나 브라우저에 iAuth를 자유롭게 도입할 수 있습니다. 실험을 통해 올바른 작동이 확인되었습니다. iAuth 서버는 iAuth 클라이언트뿐만 아니라 주요 레거시 브라우저도 지원하는 것으로 나타났습니다. 우리는 iAuth가 웹 인증의 오랜 문제를 해결할 것이라고 믿습니다.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Takeru INOUE, Yohei KATAYAMA, Hiroshi SATO, Noriyuki TAKAHASHI, "iAuth: An HTTP Authentication Framework Integrated into HTML Forms" in IEICE TRANSACTIONS on Communications,
vol. E94-B, no. 2, pp. 466-476, February 2011, doi: 10.1587/transcom.E94.B.466.
Abstract: Current Web authentication frameworks have well-known weaknesses. HTTP provides an access authentication framework, but it is rarely used because it lacks presentational control. Forms and cookies, which are most commonly used, have the long-standing privacy issue raised by tracking. URI sessions, which are used in some mobile services like i-mode 1.0, disclose session identifiers unintentionally. This paper proposes iAuth, which integrates better parts of the existing frameworks and fixes their problems; iAuth allows servers to provide log-in forms, and introduces a session header to avoid servers' tracking and unintentional disclosure. Since iAuth has backward compatibility with the major legacy browsers, developers can freely introduce iAuth into their Web sites or browsers as needed. Experiments confirm its correct operation; an iAuth server is shown to support not only an iAuth client but major legacy browsers. We believe that iAuth will resolve the long-standing issues in Web authentication.
URL: https://global.ieice.org/en_transactions/communications/10.1587/transcom.E94.B.466/_p
부
@ARTICLE{e94-b_2_466,
author={Takeru INOUE, Yohei KATAYAMA, Hiroshi SATO, Noriyuki TAKAHASHI, },
journal={IEICE TRANSACTIONS on Communications},
title={iAuth: An HTTP Authentication Framework Integrated into HTML Forms},
year={2011},
volume={E94-B},
number={2},
pages={466-476},
abstract={Current Web authentication frameworks have well-known weaknesses. HTTP provides an access authentication framework, but it is rarely used because it lacks presentational control. Forms and cookies, which are most commonly used, have the long-standing privacy issue raised by tracking. URI sessions, which are used in some mobile services like i-mode 1.0, disclose session identifiers unintentionally. This paper proposes iAuth, which integrates better parts of the existing frameworks and fixes their problems; iAuth allows servers to provide log-in forms, and introduces a session header to avoid servers' tracking and unintentional disclosure. Since iAuth has backward compatibility with the major legacy browsers, developers can freely introduce iAuth into their Web sites or browsers as needed. Experiments confirm its correct operation; an iAuth server is shown to support not only an iAuth client but major legacy browsers. We believe that iAuth will resolve the long-standing issues in Web authentication.},
keywords={},
doi={10.1587/transcom.E94.B.466},
ISSN={1745-1345},
month={February},}
부
TY - JOUR
TI - iAuth: An HTTP Authentication Framework Integrated into HTML Forms
T2 - IEICE TRANSACTIONS on Communications
SP - 466
EP - 476
AU - Takeru INOUE
AU - Yohei KATAYAMA
AU - Hiroshi SATO
AU - Noriyuki TAKAHASHI
PY - 2011
DO - 10.1587/transcom.E94.B.466
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E94-B
IS - 2
JA - IEICE TRANSACTIONS on Communications
Y1 - February 2011
AB - Current Web authentication frameworks have well-known weaknesses. HTTP provides an access authentication framework, but it is rarely used because it lacks presentational control. Forms and cookies, which are most commonly used, have the long-standing privacy issue raised by tracking. URI sessions, which are used in some mobile services like i-mode 1.0, disclose session identifiers unintentionally. This paper proposes iAuth, which integrates better parts of the existing frameworks and fixes their problems; iAuth allows servers to provide log-in forms, and introduces a session header to avoid servers' tracking and unintentional disclosure. Since iAuth has backward compatibility with the major legacy browsers, developers can freely introduce iAuth into their Web sites or browsers as needed. Experiments confirm its correct operation; an iAuth server is shown to support not only an iAuth client but major legacy browsers. We believe that iAuth will resolve the long-standing issues in Web authentication.
ER -