Your search keyword '"Federated identity"' showing total 55 results

1. Personal identifiable information privacy model for securing of users’ attributes transmitted to a federated cloud environment

Author

Afolayan A. Obiniyi, Maria Abur, and Sahalu B. Junaidu

Subjects

Computer Networks and Communications, business.industry, Computer science, Applied Mathematics, Privacy policy, Advanced Encryption Standard, Cryptography, Cloud computing, Computer security, computer.software_genre, Encryption, Identity management, Computer Science Applications, Computational Theory and Mathematics, Artificial Intelligence, Federated identity, Electrical and Electronic Engineering, business, Personally identifiable information, computer, Information Systems

Abstract

One of the security issues affecting Federated Cloud Environment users is privacy. It is the ability to secure and control the Personal Identifiable Information (PII) of a user during and after being communicated to the Cloud. Existing studies addressed the problem using techniques such as: uApprove, uApprove.jp, enhanced privacy and dynamic federation in Identity Management (IdM), privacy-preserving authorization system, end-to-end Privacy Policy Enforcement in Cloud Infrastructure, multi-tenancy authorization system with federated identity, and a Cryptography Encryption Key and Template Data Dissemination (CEKTTDD). Users’ PIIremains vulnerable as existing researches lack efficient control of user's attributes in the Cloud. This paper proposes a PIIPrivacy model for protecting user’s attributes on transit to the Federated Cloud Environment. The approach used, combined Advanced Encryption Standard (AES 128) and Discrete Cosine Transform Modulus three (DCTM3) steganography to improve CEKTTDD technique. This was achieved by techniques to encrypt user’s PIIs. The model was implemented using Matrix Laboratory (MATLAB) and evaluated using undetectability, robustness, match (%), encryption time and decryption time. Chi-square attack was applied to prove the security of the proposed model. Results obtained showed that the proposed model was stronger in robustness with values of ((59.10 dB) and (55.45 dB) than the existing model of values ((55.76 dB) and (54.15 dB)). Similarly, the proposed system successfully minimizes undetectability than the former model, while evaluation for match (%) yielded 17% increase better than the existing system. This study has achieved a state-of-the-art model for a secured user’s attributes in the cloud.

Published

2021

2. Can We Create a Cross-Domain Federated Identity for the Industrial Internet of Things without Google?

Author

Hyoungshick Kim, Seok Hyun Kim, Woojoong Ji, Simon S. Woo, Eunsoo Kim, Youngseob Cho, and Bedeuro Kim

Subjects

Authentication, Blockchain, Computer science, business.industry, Authorization, Service provider, Identity management, World Wide Web, Identity provider, Next-generation network, Federated identity management, Identity (object-oriented programming), The Internet, Federated identity, business

Abstract

Providing a cross-domain federated identity is essential for next-generation Internet services because information about user identity should be seamlessly exchanged across different domains for authentication and authorization. Federated identity can enable users to use various services through a single account. However, conventional federated identity management systems necessarily require a trustworthy identity provider who stores user identity information and presents it to other service providers. Unfortunately, this requirement may not be acceptable in Industrial Internet of Things (IIoT) applications, which often require interacting and authenticating with users and devices across different domains. Who will take full responsibility for managing and issuing all digital identities for IIoT devices? Can we really trust one superpower organization to manage all the identities and credentials of IIoT devices? In this article, we provide an overview of centralized and decentralized identity management methods and examine the feasibility of those methods for IIoT applications. To overcome the inherent limitations of existing approaches, we are specifically interested in designing decentralized cross-domain federated identity management using blockchain. Our Copernican idea brings new and important perspectives in establishing universal cosmopolitan cross-domain federated identity management in a secure and fair manner.

Published

2020

3. Toward Educational Virtual Worlds: Should Identity Federation Be a Concern?

Author

Cruz, Gonçalo, Costa, António, Martins, Paulo, Gonçalves, Ramiro, and Barroso, João

Subjects

*VIRTUAL reality in education, *EDUCATIONAL technology, *INNOVATION adoption, *CLASSROOM management, *ONLINE identities, *INTERNETWORKING

Abstract

3D Virtual Worlds are being used for education and training purposes in a cross-disciplinary way. However, its widespread adoption, particularly in formal learning contexts, is far from being a reality due a broad range of technological challenges. In this reflection paper, our main goal is to argue why and how identity federation should be discussed and adopted as a solution to several barriers that educators and institutions face when using Virtual Worlds. By presenting a clear set of scenarios within different dimensions of the educational process, as classroom management, content reuse, learning analytics, accessibility, and research, we consider identity, traceability, privacy, accountability, and interoperability as main concerns in order to support our argument. Finally, we conclude the paper by presenting paths to a proposal for a workable solution, through the analysis and reflection of different and current efforts that has been made by other teams, towards future technological developments. [ABSTRACT FROM AUTHOR]

Published

2015

4. An identity-matching process to strengthen trust in federated-identity architectures

Author

Nesrine Kaaniche, Mikaël Ates, Maryline Laurent, Paul Marillonnet, Entr'ouvert (.), Département Réseaux et Services de Télécommunications (RST), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Institut Polytechnique de Paris (IP Paris), Réseaux, Systèmes, Services, Sécurité (R3S-SAMOVAR), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP)-Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), and University of Sheffield [Sheffield]

Subjects

Matching (statistics), Process (engineering), Computer science, Identity (social science), 020206 networking & telecommunications, Trust enforcement, 02 engineering and technology, 16. Peace & justice, Federated-identity architecture, World Wide Web, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Identity management, 0202 electrical engineering, electronic engineering, information engineering, Citizen-relationship management, 020201 artificial intelligence & image processing, Federated identity, Identity matching

Abstract

International audience; To smoothly counteract privilege escalation in federated-identity architectures, the cross-checking of asserted Personally Identifiable Information (PII) among different sources is highly recommended and advisable. Identity matching is thus a key component for supporting the automated PII cross-checking process. This paper proposes an efficient identity-matching solution, adapted to a chosen User-Relationship Management (URM) platform, relying on a French Territorial Collectivities and Public Administrations (TCPA) use case. The originality of the paper is threefold. (1) It presents an original solution to identity-matching issues raised by a concrete use case from the Territorial Collectivities and the Public Administration (TCPA), formalizing concepts such as information completeness, PII normalization and Levenshtein-distance matrix generation. (2) Implementation guidelines are given to deploy the solution on an operational Publik platform. (3) A precise security analysis is provid ed, relying on an original attacker model.

Published

2020

5. The Case for Federated Identity Management in 5G Communications

Author

Mahdi Aiash, Ed Kamya Kiyemba Edris, and Jonathan Loo

Subjects

Authentication, Computer science, business.industry, Service provider, Computer security, computer.software_genre, Identity management, User experience design, Network service, Cellular network, Single sign-on, Federated identity, business, computer

Abstract

The heterogeneous nature of fifth generation mobile network (5G) makes the access and provision of network services very difficult and raises security concerns. With multi-users and multi-operators, Service-Oriented Authentication (SOA) and authorization mechanisms are required to provide quick access and interaction between network services. The users require seamless access to services regardless of the domain, type of connectivity or security mechanism used. Hence a need for Identity and Access Management (IAM) mechanism to complement the improved user experience promised in 5G. Federated Identity Management (FIdM) a feature of IAM, can provide a user with use Single Sign On (SSO) to access services from multiple Service Providers (SP). This addresses security requirements such as authentication, authorization and user’s privacy from the end user perspectives, however 5G networks access lacks such solution. We propose a Network Service Federated Identity (NS-FId) model that address these security requirements and complements the 5G Service-\ud Based Architecture (SBA). We present different scenarios and applications of the proposed model. We also discuss the benefits of identity management in 5G.

Published

2020

6. Cloud-based federated identity for the Internet of Things

Author

Benjamin Aziz and Paul Fremantle

Subjects

IoT, Exploit, Computer Networks and Communications, Computer science, Cloud computing, identity management, security, 02 engineering and technology, privacy, Computer security, computer.software_genre, 01 natural sciences, Identity management, 0202 electrical engineering, electronic engineering, information engineering, Isolation (database systems), Electrical and Electronic Engineering, Authentication, business.industry, 010401 analytical chemistry, Computing, 020206 networking & telecommunications, 0104 chemical sciences, Personal cloud, Identity (object-oriented programming), authentication, Federated identity, business, computer

Abstract

The Internet of Things (IoT) has significant security and privacy risks. Recent attacks have shown that not only are many IoT devices at risk of exploit, but those devices can be successfully used to attack wider systems and cause economic damage. Currently, most devices connect to a cloud service that is provided by the manufacturer of the device, offering no choice to move to more secure systems. We outline a proposed model for IoT that allows the identity of users and devices to be federated. Users and devices are issued with secure, random, anonymised identities that are not shared with third-parties. We demonstrate how devices can be connected to third-party applications without inherently de-anonymising them. Sensor data and actuator commands are federated through APIs to cloud services. All access to device data and commands is based on explicit consent from users. Each user’s data is handled by a personal cloud instance providing improved security and isolation, as well as providing a trusted intermediary for both devices and cloud services. We demonstrate this model is workable with a prototype system that implements the major features of the model. We present experiment results including performance, energy usage, capacity and cost metrics from the prototype. We compare this work with other related work, and outline areas for discussion and future work.

Published

2018

7. Vertrauen und Identitätsnachweis im Internet.

Author

Reichl, W., Wimmreuter, W., Malleck, H., and Ruhle, E.-O.

Published

2009

8. CILogon: Enabling Federated Identity and Access Management for Scientific Collaborations

Author

Terry Fleury, Scott Koranda, Jim Basney, Heather Flanagan, Benn Oshrin, and Jeff Gaynor

Subjects

World Wide Web, Collaborative software, Service (systems architecture), Computer science, business.industry, Component-based software engineering, Federated identity, business, Access management, Shibboleth, OpenID Connect, Identity management

Abstract

CILogon provides a software platform that enables scientists to work together to meet their identity and access management (IAM) needs more effectively so they can allocate more time and effort to their core mission of scientific research. CILogon builds on open source Shibboleth and COmanage software to provide an integrated IAM platform for science, federated worldwide via eduGAIN. CILogon serves the unique needs of research collaborations, namely to dynamically form collaboration groups across organizations and countries, sharing access to data, instruments, compute clusters, and other resources to enable scientific discovery. We operate CILogon via a software-as-a-service model to ease integration with a variety of science applications, while making all CILogon software components publicly available under open source licenses to enable re-use. Since CILogon operations began in 2010, our service has expanded from a federated X.509 certification authority (CA) to an OpenID Connect provider, SAML Attribute Authority, and multi-tenant collaboration platform. In this article, we describe the current CILogon system.

Published

2019

9. Federación de identidades: estado del arte e implementación de un caso real

Author

García de Marina Martín, Alejandro and Guijarro Olivares, Jordi

Subjects

seguretat de la informació, Seguridad informática -- TFM, information security, gestió d'identitats, federated identity, gestión de identidades, identitat federada, identidad federada, identity management, Seguretat informàtica -- TFM, Computer security -- TFM, seguridad de la información

Abstract

La gestión de identidades (IdM, por sus siglas en ingles Identity Management) es el área que se ocupa de manejar las diversas identidades y su información relacionada, a lo largo de diversos dominios y/o servicios, garantizando así la seguridad y privacidad de los usuarios. Los sistemas de gestión de identidades han ido evolucionando notablemente a lo largo de los años pasando por las listas de control de accesos, sistemas con arquitectura SILO, sistemas con arquitectura centralizada y sistemas con arquitectura federada. Estos últimos (federados) han sido el objeto principal de estudio. A lo largo del presente trabajo, se ha realizado un análisis en profundidad de las peculiaridades y los principales estándares desarrollados para cada uno de estos sistemas. Así, por ejemplo se puede ver en detalle estándares como LDAP, Kerberos o radius para los sistemas con arquitectura centralizada y estándares como SAML, OAuth, OpenID Connect y Mobile Connect para los sistemas con arquitectura federada. El presente trabajo por lo tanto se puede definir con un estado del arte de los sistemas de gestión de identidades focalizado mayormente en los sistemas federados. Además, para poder ahondar en estos últimos, se ha desarrollado una implementación de un sistema de gestión de identidades federado para poner en práctica el uso de OpenID Connect en un entorno de laboratorio lo más fidedigno posible con la realidad. La gestió d'identitats (IdM) és l'àrea que s'ocupa de gestionar les diverses identitats i la seva informació relacionada, al llarg de diversos dominis i / o serveis, garantint així la seguretat i privacitat de les usuaris. Els sistemes de gestió d'identitats han anat evolucionant notablement al llarg dels anys passant per les llistes de control d'accessos, sistemes amb arquitectura SILO, sistemes amb arquitectura centralitzada i sistemes amb arquitectura federada. Aquests últims (federats) han estat l'objecte principal d'estudi. Al llarg del present treball, s'ha realitzat una anàlisi en profunditat de les peculiaritats i els principals estàndards desenvolupats per a cada un d'aquests sistemes. Així, per exemple es pot veure en detall estàndards com LDAP, Kerberos o radius per als sistemes amb arquitectura centralitzada i estàndards com SAML, OAuth, OpenID Connect i Mobile Connect per als sistemes amb arquitectura federada. El present treball per tant es pot definir amb un estat de l'art dels sistemes de gestió d'identitats focalitzat majorment en els sistemes federats. A més, per poder aprofundir en aquests últims, s'ha desenvolupat una implementació d'un sistema de gestió d'identitats federat per posar en pràctica l'ús d'OpenID Connect en un entorn de laboratori el més fidedigne possible amb la realitat. Identity Management (IdM) is the area that handles the various identities and their related information, across various domains and / or services, thus ensuring the security and privacy of users. users Identity management systems have evolved markedly over the years through access control lists, systems with SILO architecture, systems with centralized architecture and systems with federated architecture. The latter (federated) have been the main object of study. Throughout this work, an in-depth analysis of the peculiarities and the main standards developed for each of these systems has been carried out. Thus, for example, you can see in detail standards such as LDAP, Kerberos or radius for systems with centralized architecture and standards such as SAML, OAuth, OpenID Connect and Mobile Connect for systems with federated architecture. The present work can therefore be defined with a state of the art of identity management systems focused mainly on federated systems. In addition, in order to delve into the latter, an implementation of a federated identity management system has been developed to implement the use of OpenID Connect in a laboratory environment as reliable as possible with reality.

Published

2019

10. Kipper – a Grid bridge to Identity Federation

Author

Andrea Manzi, Oliver Keeble, and Andrey Kiryanov

Subjects

World Wide Web, Iota, Computer science, Interface (Java), Identity (object-oriented programming), Federated identity, Grid, JavaScript, Credential, computer, Identity management, Computing and Computers, computer.programming_language

Abstract

Identity Federation (IdF, aka Federated Identity) is the means of interlinking people's electronic identities stored across multiple distinct identity management systems. This technology has gained momentum in the last several years and is becoming popular in academic organisations involved in international collaborations. One example of such a federation is eduGAIN, which interconnects European educational and research organisations, and enables trustworthy exchange of identity-related information. In this work we will show an integrated Web-oriented solution code-named “Kipper” with a goal of providing access to WLCG resources using a user's IdF credentials from their home institute with no need for user-acquired X.509 certificates. Kipper achieves “X.509-free” access to Grid resources with the help of two additional services: STS and IOTA CA. STS allows credential translation from the SAML2 format used by Identity Federation to the VOMS-enabled X.509 used by most of the Grid, and the IOTA CA is responsible for automatic issuing of short-lived X.509 certificates. Kipper comes with a JavaScript API considerably simplifying development of rich and convenient “X.509-free” Web-interfaces to Grid resources, and also encouraging adoption of IOTA-class CAs among WLCG sites. We will describe a working prototype of IdF support in the WebFTS interface to the FTS3 data transfer engine, enabled by integration of multiple services: WebFTS, CERN SSO (member of eduGAIN), CERN IOTA CA, STS, and VOMS.

Published

2017

11. TECHNOLOGY OF FEDERATED IDENTITY AND SECURE LOGGINGS IN CLOUD COMPUTING

Author

Takashi Shitamichi and Ryoichi Sasaki

Subjects

Authentication, business.industry, SOAP, computer.internet_protocol, Computer science, Services computing, Cloud computing, computer.software_genre, Computer security, Identity management, Computer Science Applications, Audit trail, Federated identity, Web service, business, computer

Abstract

Federated services are becoming widely implemented at many sites in multiple domain networks for cloud computing across many industry segments. New technology is required not only for federated authentication, but also for services operating distributed attributes, which are both static and dynamic. In addition to the technology, the sites that provide services across multiple domain networks are required to store every log as audit trails. This paper focuses on SAML and ID-WSF, which are the technology and the architecture for identity management and secure web services, discusses deployments and problems in the real world, then proposes a fast and safe technology that extends the ID-WSF for services and logs. To verify the effectiveness of the proposed technology and architecture, the latencies of SAML SSO that exchange SOAP messages are measured and considered in a cloud computing environment.

Published

2014

12. Federated Identity and Access Management in IoT systems

Author

Paul Fremantle

Subjects

World Wide Web, Computer science, business.industry, Server, Access control, Federated identity, business, Internet of Things, Access management, Web API, Identity management, Domain (software engineering)

Abstract

In this chapter, we look at how identity and access management work in the Internet of Things (IoT). In particular, we propose approaches to apply Federated Identity and Access Management (FIAM) techniques to work with IoT devices, networks and servers. We first look at the motivation for using FIAM with IoT. We then look at the previous work and approaches to identity management and access control for IoT systems. We look at how Web-based approaches to FIAM translate into the world of IoT where non-Web protocols are more common. We outline two separate phases of research where we created new FIAM approaches for IoT systems, and we include a performance analysis of the latter system. One emerging area of interest for FIAM is within the domain of Web API Management, and we explore how this also affects the IoT domain. Finally, we conclude with the outcomes of this research, open questions and propose avenues for further research.

Published

2016

13. PRIMA: Privacy-Preserving Identity and Access Management at Internet-Scale

Author

Michael Backes, Muhammad Rizwan Asghar, and Milivoj Simeonovski

Subjects

FOS: Computer and information sciences, 021110 strategic, defence & security studies, Authentication, Computer Science - Cryptography and Security, business.industry, Computer science, Internet privacy, 0211 other engineering and technologies, 02 engineering and technology, Service provider, Computer security, computer.software_genre, Credential, Identity management, Identity provider, 0202 electrical engineering, electronic engineering, information engineering, Identity (object-oriented programming), Federated identity management, 020201 artificial intelligence & image processing, The Internet, Federated identity, business, Private information retrieval, computer, Cryptography and Security (cs.CR)

Abstract

The management of identities on the Internet has evolved from the traditional approach (where each service provider stores and manages identities) to a federated identity management system (where the identity management is delegated to a set of identity providers). On the one hand, federated identity ensures usability and provides economic benefits to service providers. On the other hand, it poses serious privacy threats to users as well as service providers. The current technology, which is prevalently deployed on the Internet, allows identity providers to track the user's behavior across a broad range of services. In this work, we propose PRIMA, a universal credential-based authentication system for supporting federated identity management in a privacy-preserving manner. Basically, PRIMA does not require any interaction between service providers and identity providers during the authentication process, thus preventing identity providers to profile users' behavior. Moreover, throughout the authentication process, PRIMA provides a mechanism for controlled disclosure of the users' private information. We have conducted comprehensive evaluations of the system to show the feasibility of our approach. Our performance analysis shows that an identity provider can process 1,426 to 3,332 requests per second when the key size is varied from 1024 to 2048-bit, respectively.

Published

2016

14. Solving the legal challenges of trustworthy online identity

Author

Thomas J. Smedinghoff

Subjects

Authentication, Online identity management, Computer Networks and Communications, business.industry, Internet privacy, Identity (social science), Online identity, General Business, Management and Accounting, Credential, Identity management, Digital identity, Business, Federated identity, Law

Abstract

Digital identity management is fundamental to the further development of the Internet economy. It is a foundational requirement for most substantive e-commerce transactions and other online activities. The critical importance of online identity management has led numerous governments, inter-governmental groups, and private organizations to begin work on development of viable and scalable business, technical, and legal frameworks to address the challenge of online identity. The focus of this work is on the emerging “federated” approach to identity, where an enterprise engages in online transactions in reliance on identity credentials issued by any one of several third parties, and individuals can use the same identity credential to engage in transactions with multiple organizations. This article examines this key requirement for online transactions, and explores the legal challenges that businesses must address to reap the benefits of federated identity. It begins with a general overview of digital identity management – what it is, why it is important, and generally how it works. Then, focusing on the federated identity approach, it examines the need for operating rules to ensure that such an identity system functions properly and in a manner deemed trustworthy by the participants. To that end, it identifies the key legal challenges that must be addressed to make identity systems work, and highlights some of the key issues of structuring an appropriate identity system legal framework.

Published

2012

15. Evaluation of Unified Security, Trust and Privacy Framework (UnifiedSTPF) for Federated Identity and Access Management (FIAM) Mode

Author

Suziah Sulaiman, Zubair AhmadKhattak, and Jamalul-lail Ab Manan

Subjects

Authentication, business.industry, Computer science, Internet privacy, Authorization, Access control, Trusted Computing, Access management, Computer security, computer.software_genre, Shibboleth, Identity management, Direct Anonymous Attestation, Federated identity, business, computer

Abstract

identity and access management systems such as Shibboleth may symbolize a boost: (i) to bring the efficiency and effectiveness in collaboration for governments, enterprises and academia, and (iii) conserve the home domain user's identity privacy in a privacy-enhanced fashion. However, the consternation is about the absence of a trusted computing based mutual trust and security establishment in the Shibboleth infrastructure. The Trusted Computing based mutual attestation notion may assist to add-on the mutual trust and security but raises bidirectional platform privacy concerns. Therefore, to enjoy effectively the federated identity and resource (service) access by the home and foreign domain organizations it is necessary to provide an access control that may coalesced at least some security, trust and privacy aspects in a cohesive fashion. The objective of the work appearing in this paper is to provide a viable and feasible unified security, trust and privacy framework access control solution for federated identity and access management systems by fusing the Shibboleth authentication and authorization access control with the trusted computing based trustworthy mutual attestation.

Published

2012

16. Architecting a Cloud-Scale Identity Fabric

Author

E Olden

Subjects

Cloud computing security, General Computer Science, business.industry, Computer science, Authorization, Access control, Cloud computing, Computer security, computer.software_genre, Application software, Identity management, World Wide Web, Scalability, Identity (object-oriented programming), Federated identity, business, computer

Abstract

The cloud has not kept pace with the enormous volume of user identities that network administrators must manage and secure. An identity fabric that links multiple applications to a single identity would address this problem, enabling full-scale cloud adoption.

Published

2011

17. Challenges to Supporting Federated Assurance

Author

P. Madsen and H. Itoh

Subjects

Information privacy, Authentication, General Computer Science, Transaction processing, business.industry, Computer science, Authorization, Access control, Login, Computer security, computer.software_genre, Identity management, World Wide Web, Identity (object-oriented programming), Message authentication code, The Internet, Federated identity, business, Database transaction, computer

Abstract

Federation is an identity management model in which various tasks associated with an identity transaction are distributed among the actors involved in the transaction. This model works from the premise that distributing tasks among the actors can achieve usability and privacy advantages for the user, as well as business efficiencies for businesses or applications. Typically, federated identity manifests itself as transferring some aspect of a user's identity from one entity to another. Web single sign-on is an archetypical example of a federated transaction, in which a user authenticates to one Web site and can then access another with the same login.

Published

2009

18. Trust Negotiation in Identity Management

Author

Anna Squicciarini, Elisa Bertino, and Abhilasha Bhargav-Spantzel

Subjects

Information privacy, Authentication, Computer Networks and Communications, business.industry, Computer science, Collaborative network, Internet privacy, Authorization, Access control, Information security, Identity management, Identity (object-oriented programming), Federated identity management, Federated identity, Electrical and Electronic Engineering, business, Law, Personally identifiable information

Abstract

Most organizations require the verification of personal information before providing services, and the privacy of such information is of growing concern. The authors show how federated identity management systems can better protect users' information when integrated with trust negotiation. In today's increasingly competitive business environment, more and more leading organizations are building Web-based infrastructures to gain the strategic advantages of collaborative networking. However, to facilitate collaboration and fully exploit such infrastructures, organizations must identify each user in the collaborative network as well as the resources each user is authorized to access. User identification and access control must be carried out so as to maximize user convenience and privacy without increasing organizations1 operational costs. A federation can serve as the basic context for determining suitable solutions to this issue. A federation is a set of organizations that establish trust relationships with respect to the identity information-the federated identity information-that is considered valid. A federated identity management system (idM) provides a group of organizations that collaborate with mechanisms for managing and gaining access to user identity information and other resources across organizational boundaries

Published

2007

19. Identity and access management- a comprehensive study

Author

Sarita Sharma, Anuja Sharma, and Meenu Dave

Subjects

Authentication, business.industry, Computer science, Internet privacy, Security as a service, Service provider, Computer security, computer.software_genre, Identity management, Identity (object-oriented programming), Single sign-on, Federated identity, business, OpenID, computer

Abstract

With advent of cloud computing and web 2.0, both users and organizations have benefitted. But security still remains a major concern. Identity and access management provides a solution to manage user credentials, authenticate and authorize users. Concept of federated identity based on trust relationship among various identity providers and service providers has made it possible for user to access multiple services without the need of providing passwords to various service providers. Single Sign On has solved the problem of maintaining multiple passwords for different services. In this paper we have briefly discussed what is Identity and access management, its services and popular standards like SAML2.0, OAuth, OpenID.

Published

2015

20. Federated identity in real-life applications

Author

Marcin Niemiec and Weronika Kolucka-Szypula

Subjects

World Wide Web, Service (systems architecture), Authentication, Service quality, Computer science, Single sign-on, Federated identity, Computer security, computer.software_genre, Login, Credential, computer, Identity management

Abstract

This paper describes scenarios and services based on Federated Identity technology. The authors emphasize the Single Sign On mechanism, in which a user's single authentication credential is used to log in once without being prompted to authenticate again to other systems. The overview of Federated Identity and a Federated Identity Management System is presented first. Next, federation approaches used in different fields of human activity are discussed. A few examples of such domains are presented: E-health, E-government, E-learning, and E-business. Also, two different use cases were proposed: a federated approach for tourism which provide a better service for customers, and in the health care sector, which improves medical service quality and reduces treatment costs. The last section describes the prototype which was implemented and tested in network environment.

Published

2015

21. Challenges in federated identity management in the aviation domain

Author

Victor Brown and Paul Comitz

Subjects

Engineering, business.industry, Aviation, Computer security, computer.software_genre, Security token, Identity management, Domain (software engineering), World Wide Web, Audit trail, Federated identity management, Identity (object-oriented programming), Federated identity, business, computer

Abstract

About Federated Identity Management (FIM) • FIM — provides cross-organizational, role-based access controls — transformation of local user credentials into standards-based security token that a remote system can trust • Exchange some token to establish user identity on a remote system — Can use attributes in token to determine user roles and privileges • How can identity federation be useful? — Don't have to replicate or synchronize local user repositories — Users need to remember/maintain fewer logon credentials — Dynamic access improves efficiency and security • 2 Parts — Business agreement and technical implementation — Federated identity ensures that a user's or system's trusted identity provides a secure means of identifying all entities across systems and enterprises regardless of where the data flows. It also provides and audit trail on what people and systems accessed the data.

Published

2015

22. OpenID connect as a security service in Cloud-based diagnostic imaging systems

Author

Weina Ma, Kamran Sartipi, David Koff, Hassan Sharghi, and Peter Bak

Subjects

Cloud computing security, Computer science, business.industry, Provisioning, Cloud computing, Computer security, computer.software_genre, OpenID Connect, Identity management, Security service, Federated identity, OpenID, business, Mobile device, computer

Abstract

The evolution of cloud computing is driving the next generation of diagnostic imaging (DI) systems. Cloud-based DI systems are able to deliver better services to patients without constraining to their own physical facilities. However, privacy and security concerns have been consistently regarded as the major obstacle for adoption of cloud computing by healthcare domains. Furthermore, traditional computing models and interfaces employed by DI systems are not ready for accessing diagnostic images through mobile devices. RESTful is an ideal technology for provisioning both mobile services and cloud computing. OpenID Connect, combining OpenID and OAuth together, is an emerging REST-based federated identity solution. It is one of the most perspective open standards to potentially become the de-facto standard for securing cloud computing and mobile applications, which has ever been regarded as “Kerberos of Cloud”. We introduce OpenID Connect as an identity and authentication service in cloud-based DI systems and propose enhancements that allow for incorporating this technology within distributed enterprise environment. The objective of this study is to offer solutions for secure radiology image sharing among DI-r (Diagnostic Imaging Repository) and heterogeneous PACS (Picture Archiving and Communication Systems) as well as mobile clients in the cloud ecosystem. Through using OpenID Connect as an open-source identity and authentication service, deploying DI-r and PACS to private or community clouds should obtain equivalent security level to traditional computing model.

Published

2015

23. A Proposal and Implementation of an ID Federation that Conceals a Web Service from an Authentication Server

Author

Yuto Iso and Takamichi Saito

Subjects

Challenge-Handshake Authentication Protocol, Authentication, business.industry, Computer science, Internet privacy, Multi-factor authentication, Authentication server, Computer security, computer.software_genre, NTLMSSP, Identity management, Chip Authentication Program, Security Assertion Markup Language, Identity provider, Generic Bootstrapping Architecture, Authentication protocol, Lightweight Extensible Authentication Protocol, Single sign-on, Federated identity, Challenge–response authentication, Web service, OpenID, business, computer, Data Authentication Algorithm

Abstract

Recently, it is becoming more common for a website to authenticate its users with an external identity provider by using Open ID Authentication or Security Assertion Markup Language. However, such authentication schemes tell the identity provider where the user is going. Consequently, for instance, an identity provider can track its users and refuse access to services offered by competitors. In this paper, we propose an authentication method whereby an identity provider cannot track users.

Published

2015

24. User identity and Access Management trends in IT infrastructure- an overview

Author

Rahul Gaikwad and Manav A. Thakur

Subjects

Computer access control, Computer science, business.industry, Access control, Computer security, computer.software_genre, Access management, Security information and event management, Identity management, World Wide Web, Identity management system, The Internet, Federated identity, business, computer

Abstract

Nowadays, people around the world completely depend and mostly use the Internet to maintain communication, contact with family, friends and with people around the world, access and exchange information, and enjoy multimedia communication. As the use of internet increase then users those who use internet and Access the information using internet in the organization or outside organization also increase. User Data security is very tedious and important part of IT system and its user lifecycle control system. Because of this the reason user data security is always consider while designing security systems for an organization. Modern approaches are to maintain the track of users and records of user access, Identity management systems and Access Management Systems are used. Identity management system help to provide a super-set of user provisioning systems that provide easy management of user credentials and their identity information to users and others those who need that information. Similarly Access Management Systems provide strong authentication and authorization solution using SSO, WebSEAL, and policy-based approach to identify who can access the resource at what level. The new research and approaches provide such a new functions base on organization policies that help to re-engine the access of user base on security procedures to the resources which are available. This paper provides an overview of the Identity Management Systems Access Management System and Federated Identity Manager that how they are use to manage the user security and also the challenges or risks in implementing a Secure system.

Published

2015

25. Digital Identity Management

Author

Philip J. Hallin, Thomas C. Jones, David B. Cross, and Matthew W. Thomlinson

Subjects

World Wide Web, Application programming interface, Computer science, Management system, Process (computing), Federated identity, Layer (object-oriented design), Identity management, Digital identity

Abstract

One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.

Published

2015

26. Virtual organisations in computer grids and identity management

Author

Yuri Demchenko

Subjects

Service (systems architecture), Computer Networks and Communications, Computer science, Enterprise information security architecture, Computer security, computer.software_genre, Security token, Identity management, World Wide Web, Identity provider, Key (cryptography), Federated identity, Safety, Risk, Reliability and Quality, computer, Software, Open Grid Services Architecture

Abstract

This paper provides insight into one of the key concepts of Open Grid Services Architecture (OGSA) Virtual Organisations (VO) and analyses problems related to Identity management in VOs and their possible solution based on using WS-Federation and related WS-Security standards. This paper provides basic information about OGSA, OGSA Security Architecture and analyses VO security services. A detailed description is provided for WS-Federation Federated Identity Model and operation of basic services such as Security Token Service or Identity Provider, Attribute and Pseudonym services for typical usage scenarios.

Published

2004

27. Securing Cloud Users at Runtime via a Market Mechanism: A Case for Federated Identity

Author

Rami Bahsoon, Carlos Joseph Mera Gomez, and Giannis Tziakouris

Subjects

Computer science, business.industry, Distributed computing, Provisioning, Cloud computing, Computer security, computer.software_genre, Identity management, Identity (object-oriented programming), Resource allocation, Resource management, Federated identity, business, computer, Anonymity

Abstract

Securing users in the federated cloud environment is a challenging problem. We motivate the need for a dynamic and adaptive framework for securing identities at runtime. The solution explores the link between Identity Security Goals, the features they require (e.g. Anonymity, Integrity) and the provisioned underlying computational resources (e.g. Memory, CPU) in federated environments. We report on an economics inspired approach, which utilizes an auction procedure for dynamic allocation of resources for adaptively securing identities at runtime. The solution is realized as a simulation and tested on the cloud specific area of federated identity management.

Published

2014

28. Surveing the challenges and requirements for identity in the cloud

Author

Naoufal Ben Bouazza, Mouad Lemoudden, and Bouabid El Ouahidi

Subjects

Cloud computing security, Emerging technologies, business.industry, Identity (object-oriented programming), Cloud computing, Federated identity, Business, Cloud service provider, Computer security, computer.software_genre, computer, Identity management

Abstract

Cloud technologies are increasingly important for IT department for allowing them to concentrate on strategy as opposed to maintaining data centers; the biggest advantages of the cloud is the ability to share computing resources between multiple providers, especially hybrid clouds, in overcoming infrastructure limitations. User identity federation is considered as the second major risk in the cloud, and since business organizations use multiple cloud service providers, IT department faces a range of constraints. Multiple attempts to solve this problem have been suggested like federated Identity, which has a number of advantages, despite it suffering from challenges that are common in new technologies. The following paper tackles federated identity, its components, advantages, disadvantages, and then proposes a number of useful scenarios to manage identity in hybrid clouds infrastructure.

Published

2014

29. Identity management, access specs are rolling along

Author

G. Goth

Subjects

Computer Networks and Communications, business.industry, Computer science, FCAPS, Computer security, computer.software_genre, Access management, Identity management, Systems management, Element management system, Single sign-on, The Internet, Federated identity, business, computer

Abstract

The concept of streamlined single-sign-on network identity and access management moved forward, with product announcements from prominent vendors, advances in protocol agreements by industry and standards groups, and more visibility among enterprise users. A certain amount of long-term uncertainty remains about which identity-management technology will fit into a given architecture as the applications underlying interorganizational communications depend less on Web browsers and become more capable of standalone interchange. However, the widespread adoption of federated identity - in which users receive trusted access to more than their home network's resources without having to sign on to each new site separately - is reaching critical mass.

Published

2005

30. Federated identity to access e-government services

Author

Miguel Malheiros, Charlene Jennett, M. Angela Sasse, and Sacha Brostoff

Subjects

Authentication, business.industry, User journey, media_common.quotation_subject, Internet privacy, Usability, Federated identity, Small business, Service provider, business, Payment, Identity management, media_common

Abstract

Both the US & UK government have decided that citizens will to authenticate to government using Federated Identity (FedID) solutions: governments do not want to be Identity providers (IdPs), but leverage accounts that citizens have with other service providers instead. We investigated how citizens react to their first encounter FedID authentication in this context. We performed 2 studies using low fidelity prototypes with: in study 1, 44 citizen participants, & in study 2, 22 small business owners, employees & agents. We recorded their reactions during their user journey authenticating with 3rd party providers they already had accounts with. In study 1, 50% of participants said they would not continue to use the system on reaching the hub page, & 45% believed they were being asked to make a payment. 25% of those continuing said they would stop when they reached the consent page, where they were asked by their IdP to authorise the release of their identifying information to the government service. 34% of the participants felt threatened rather than reassured by the privacy protection statement. With study 2's improved prototype, only 14% of participants said they would not continue on reaching the hub page, & 6% abandoned at the consent page. Our results show that usability & acceptance of FedID can be greatly improved by the application of standard HCI techniques, but trust in the ID Provider is essential. We finally report results from a survey of which ID providers UK citizens would trust, & found significant differences between age groups.

Published

2013

31. Federated Identity Access Broker Pattern for Cloud Computing

Author

Qing Tan, Phil Abraham, and Tim Reimer

Subjects

Cloud computing security, Computer science, business.industry, Software as a service, Cloud computing, Computer security, computer.software_genre, Identity management, World Wide Web, Identity provider, Utility computing, Cloud testing, Federated identity, business, computer

Abstract

With the adoption of cloud computing, a multitude of front-end mobile devices are emerging that require access to services in the cloud. Applications in the cloud are now commonly deployed as software as a service (SaaS). However, with the introduction of SaaS new security challenges need to be addressed. The challenge is to provide a single sign-on environment for services through an identity provider plus sufficient authorization granularity for backend services for the client applications to access. Through detailed discussion of the two standards (SAML 2.0 and OAuth 2.0) this paper presents a study how the two standards can provide a single sign-on solution for cloud computing. Furthermore, by outlining a case study/scenario of the two standards, the Federated Identity Access Broker Pattern for cloud computing is developed to present a solution for these security issues.

Published

2013

32. Federation Technology and Virtual Worlds for Learning: Research Trends and Opportunities Towards Identity Federation

Author

Gonçalo Cruz, Antonio Costa, Ramiro Gonçalves, João Barroso, and Paulo Martins

Subjects

Service (systems architecture), Knowledge management, Computer science, business.industry, Interoperability, Identity (social science), Context (language use), Federated identity, Metaverse, business, Identity management, Formal learning

Abstract

Currently, Virtual Worlds technology is used for educational purposes in a cross-disciplinary way. However, particularly in formal learning institutions, its widespread adoption is far from being a reality due a broad range of technological challenges. This paper addresses identity federation systems as possible solutions to some of the interoperability, security and user management problems. Our major goal is to present what systems, architectures and standards are standing out, how the research area is moving toward identity federation, and why educational institutions need to address it. We consider identity, privacy, security- assurance, and interoperability as main concerns within our analysis, in order to interconnect digital identities with physical identities, and create a unique federated identity system that can act independently from the service in use. Thus, VWs technologies will be able to scale and evolve independently without compromising user's identity.

Published

2013

33. Towards a Federated Identity as a Service Model

Author

Klaus Stranacher, Bernd Zwattendorfer, and Arne Tauber

Subjects

Service (business), Authentication, Computer science, business.industry, Cloud computing, Service provider, Computer security, computer.software_genre, Identity management, World Wide Web, Broker Pattern, Identity (object-oriented programming), Federated identity, business, computer

Abstract

Identity management plays a key role in e-Government. Giving the increasing number of cloud applications, also in the field of e-Government, identity management is also vital in the area of cloud computing. Several cloud identity models have already emerged, whereas the so-called "Identity as a Service"-model seems to be the most promising one. Cloud service providers currently implement this model by relying on a central identity broker, acting as a hub between different service and identity providers. While the identity broker model has a couple of advantages, still some disadvantages can be identified. One major drawback of the central identity broker model is that both the user and the service provider must rely on one and the same identity broker for identification and authentication. This heavily decreases flexibility and hinders freedom of choice for selecting other identity broker implementations. We bypass this issue by proposing a federated identity as a service model, where identity brokers are interconnected. This federated identity as a service model retains the benefits but eliminates the drawbacks of the central cloud identity broker model.

Published

2013

34. Enabling the Autonomic Management of Federated Identity Providers

Author

David W. Chadwick, Kristy W. S. Siu, Rogério de Lemos, and Christopher Bailey

Subjects

QA75, Process management, Computer science, Control (management), Privilege (computing), Service provider, Computer security, computer.software_genre, Identity management, QA76, Autonomic computing, Identity provider, Identity (object-oriented programming), Federated identity, computer

Abstract

The autonomic management of federated authorization infrastructures (federations) is seen as a means for improving the monitoring and use of a service provider's resources. However, federations are comprised of independent management domains with varying scopes of control and data ownership. The focus of this paper is on the autonomic management of federated identity providers by service providers located in other domains, when the identity providers have been diagnosed as the source of abuse. In particular, we describe how an autonomic controller, external to the domain of the identity provider, exercises control over the issuing of privilege attributes. The paper presents a conceptual design and implementation of an effector for an identity provider that is capable of enabling cross-domain autonomic management. The implementation of an effector for a SimpleSAMLphp identity provider is evaluated by demonstrating how an autonomic controller, together with the effector, is capable of responding to malicious abuse.

Published

2013

35. Federated Identity Technologies

Author

Derrick Rountree

Subjects

World Wide Web, Authentication, Cover (telecommunications), Computer science, Identity (object-oriented programming), Federated identity, Computer security, computer.software_genre, computer, Identity management

Abstract

This chapter covers different technologies and programming structures used to facilitate federated identity. We cover the components of identity, authentication, and the security of federated identity.

Published

2013

36. A survey on security issues of federated identity in the cloud computing

Author

Jamalul-lail Ab Manan, Mazdak Zamani, Abolghasem Pashang, and Eghbal Ghazizadeh

Subjects

Authentication, Cloud computing security, business.industry, Computer science, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Cloud computing, Trusted Computing, Computer security, computer.software_genre, Identity management, World Wide Web, Identity theft, Identity (object-oriented programming), Federated identity, OpenID, business, computer

Abstract

Cloud computing is a new generation of the technology that has been designed to cater for commercial necessities and to run suitable applications or solve IT management issues. While cost and ease of use are two top benefits of cloud, trust and security are the two top concerns of cloud computing users. Federated identity as a useful feature for user management and Single Sign-on (SSO) has also become an important part of federated identity environment. Misuse of the identity, identity theft, and platform trustworthiness are some of the problems in the federated identity environment. OAuth, OpenID, SAML are three main concept in cloud authentication and federated environment. This paper overviews the security issues of federated identity in the cloud authentication and highlights the proposed models to solve identity theft in the federated environment.

Published

2012

37. On federated single sign-on in e-government interoperability frameworks

Author

Enzo Veltri, Donatello Santoro, Michele Santomauro, and Giansalvatore Mecca

Subjects

Service (systems architecture), Public Administration, Sociology and Political Science, computer.internet_protocol, Computer science, business.industry, Interoperability, Legacy system, 02 engineering and technology, Service-oriented architecture, Service provider, computer.software_genre, Identity management, Computer Science Applications, World Wide Web, 020204 information systems, Middleware (distributed applications), 0202 electrical engineering, electronic engineering, information engineering, Federated identity, Software engineering, business, computer

Abstract

We consider the problem of handling digital identities within service-oriented architecture (SOA) architectures. We explore federated, single sign-on (SSO) solutions based on identity managers and service providers. After an overview of the different standards and protocols, we introduce a middleware-based architecture to simplify the integration of legacy systems within such platforms. Our solution is based on a middleware module that decouples the legacy system from the identity-management modules. We consider both standard point-to-point service architectures, and complex government interoperability frameworks, and report experiments to show that our solution provides clear advantages both in terms of effectiveness and performance.

Published

2016

38. Identity federations: A new perspective for Bangladesh

Author

Morshed Chowdhury, Md. Moniruzzaman, Md. Sadek Ferdous, Farida Chowdhury, and Mohammad Jabed

Subjects

Service (business), Government, business.industry, Internet privacy, Identity (social science), Services computing, ComputingMilieux_LEGALASPECTSOFCOMPUTING, computer.software_genre, Identity management, Electronic mail, Federated identity, Web service, business, computer

Abstract

With a view to provide more effective, enhanced and accessible services to their citizens, Governments around the globe have started different web services under the initiative of e-Government. Many such services extensively utilise the Federated Identity framework due to its huge number of benefits. This paper analyses how different e-initiatives in Bangladesh can take advantage of this technology by illustrating use-cases in two different domains. As the online service and the e-Governance paradigm in Bangladesh are relatively new and evolving rapidly, we believe that this is the high-time to consider the benefits this technology can bring for the Government as well as the citizen.

Published

2012

39. Device Token Protocol for Persistent Authentication Shared across Applications

Author

John A. Trammel, L. Umit Yalcinalp, Andrei Kalfas, James Boag, and Daniel C. Brotsky

Subjects

Challenge-Handshake Authentication Protocol, Authentication, Otway–Rees protocol, Computer science, Authentication protocol, Operating system, Federated identity, Security token, computer.software_genre, Host (network), computer, Identity management

Abstract

This paper describes a protocol for enabling shared persistent authentication for desktop applications that comprise a common suite by extending the OAuth2.0 protocol. OAuth2.0 is the de facto standard for developing and deploying federated Identity. Our extension enables the users to authenticate and authorize on devices that host a suite of applications that are connected to backend services and systems at Adobe. It is the backbone of our subscription and licensing infrastructure for the Adobe Creative Suite® 6 and Adobe Creative CloudTM. The extended protocol works without storing users credentials on a per application basis but rather uses device identities that are managed on a centralized server to enable increased security and management capabilities for a set of applications on the device. We describe the protocol is in detail, its inherent characteristics, how it extends OAuth2.0, and how it is used in practice.

Published

2012

40. Identities Evolve: Why Federated Identity is Easier Said than Done

Author

Stephen J. Wilson

Subjects

Password, Engineering, Authentication, business.industry, Identity (social science), Service provider, Computer security, computer.software_genre, Identity management, Digital identity, Federated identity, business, Social identity theory, computer

Abstract

Why does digital identity turn out to be such a hard problem? People are social animals with deep seated intuitions and conventions around identity, but exercising our identities online has been hugely problematic. In response to cyber fraud and the password plague, there has been a near universal acceptance of the idea of Federated Identity. All federated identity models start with the intuitively appealing premise that if an individual has already been identified by one service provider, then that identification should be made available to other services, to save time, streamline registration, reduce costs, and open up new business channels. It’s a potent mix of supposed benefits, and yet strangely unachievable. True, we can now enjoy the convenience of logging onto multiple blogs and social networks with an unverified Twitter account, but higher risk services like banking, e-health and e-government have steadfastly resisted federation, maintaining their own identifiers and sovereign registration processes. This paper shows that federated identity is really a radical and deeply problematic departure from the way we do routine business. Federation undoes and complicates long standing business arrangements, exposing customers and service providers alike to new risks that existing contracts are unable to deal with. Identity federations tend to overlook that identities are proxies for relationships we have in different contexts. Business relationships don’t easily “interoperate." They can’t be arbitrarily tweaked to suit different contexts, because each relationship has evolved to fit a particular niche. While the term identity “ecosystem” is fashionable, genuine ecological thinking has been lacking in contemporary identity theory. The alternative presented here is to conserve business contexts and replicate existing trusted identities when we go from real world to digital, without massively re-engineering traditional business practices. The password plague and ‘token necklace’ have elicited a sort of broad moral panic, yet they are essentially just human factors engineering problems. Traditional access control was devised for and by technicians; consumer authentication demands better user interfaces. The real problem lies not in identity issuance processes but rather in the way perfectly good identities once issued are taken ‘naked’ online where they’re vulnerable to takeover and counterfeiting. If we focused on conserving context and replicating existing real world identities in non-replayable forms, most routine transactions could take place safely online, without the incalculable cost of re-engineering proven business arrangements.

Published

2011

41. User requirement model for federated identities threats

Author

Zubair Ahmad, Jamalul-lail Ab Manan, and Suziah Sulaiman

Subjects

Information privacy, business.industry, Computer science, Internet privacy, Usability, Cryptography, User requirements document, Computer security, computer.software_genre, Identity management, Identity theft, Trusted Platform Module, Federated identity, business, computer

Abstract

Federated identity management system interconnects distributed island of identity management systems with federated identity standards with single sign-on facility. In an open environment, such as those of a federated identity management system a user single sign-on credentials, can easily fall prey to identity theft, or unlawful information gathering. It may use either existing account or new account fraud. In this paper, we present scenarios related to identity theft, unlawful information gathering and tracking. We show the main issue of lack of platform trust in platforms involve in federated systems and discussed the consequences of respective threats on them. In an effort to present a holistic approach to handle security, trust and privacy, we propose a user requirement model involving these core issues for federated identities. These requirements include system trustworthiness, hardware protected key generations, usability, efficiency, identity information validity, privacy, accountability and system robustness. In our proposed model, Trusted Platform Module (TPM), is the fundamental component which ties and binds all communicating platforms together in authentication, verification and trustworthiness of the platform.

Published

2010

42. GlobaliD - Privacy Concerns on a Federated Identity Provider Associated with the Users' National Citizen's Card

Author

Cláudio Teixeira, Frank Pimenta, and Joaquim Sousa Pinto

Subjects

Information privacy, Privacy software, business.industry, Privacy policy, Internet privacy, Computer security, computer.software_genre, Identity management, Digital identity, Business, Federated identity, Personally identifiable information, computer, Anonymity

Abstract

Personal information sharing is one of the most common online activities. Most of the times we feel forced to give up about some privacy in order to share a piece of information with others. This paper reflects on the anonymity, integrity, privacy of users’ personal information and it’s scattering across the Web by taking an approach to digital identity management concept. Consequently it also reflects on the users’ information certification and accountability. In this paper we purpose a Federated Identity Management solution for the Web to decrease the privacy issues and avoid the lost of anonymity that may occur when users exchange their particular information within web contexts. We will use a collection of publicly available strong identification mechanisms, such as the users (Portuguese) National Electronic Citizen Identity Card, and a Federated Identity initiative to create the GlobaliD, a Federated Identity Provider to address the previously mentioned reflections. Our aim with the development of GlobaliD is to take a step further in the digital identity management and therefore in the privacy and anonymity safety of the users identity Online by making it more versatile, responsible, trustworthy, integrity and privacy safe, anonym and thus secure.

Published

2010

43. Addressing the Legal Challenges of Federated Identity Management

Author

Thomas J. Smedinghoff and David A. Wheeler

Subjects

Authentication, business.industry, Internet privacy, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Information security, Computer security, computer.software_genre, Identity management, Work (electrical), Key (cryptography), Federated identity management, Business, Federated identity, Obligation, computer

Abstract

A company's legal duty to provide appropriate information security includes an obligation to properly authenticate persons seeking to access its networks or services. This article identifies some of the key legal issues raised by the authentication model receiving the most attention - federated identity management - and focuses on the need to develop an appropriate legal infrastructure necessary to make it work.

Published

2008

44. Enabling Federated Identity for E-Government

Author

Paul Madsen and Tanya Candia

Subjects

E-Government, business.industry, Internet privacy, Identity (social science), Single sign-on, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Federated identity, Sociology, Web service, computer.software_genre, business, computer, Identity management

Abstract

Today’s administrative and business environment calls for information sharing on an unprecedented scale, from government to business to citizen. Sharing and interoperating among agencies, businesses, and governments around the world create opportunities to simplify processes and unify work, as well as improve the overall performance of government. Secure interoperability, based on identity management solutions, enables substantial cost savings, streamlined processes and faster communication of vital information to the benefit of governments and citizens of all nations. At the core of this revolution is the concept of federated identity management and the need for standards that are open, interoperable and decentralized. In addition, such standards must allow for privacy safeguard across all sectors. The Liberty Alliance Project (Liberty Alliance, n.d.) was established to address this need and tackle the twin issues of standards and trust.

Published

2008

45. Attribute Aggregation and Federated Identity

Author

N. Klingenstein

Subjects

World Wide Web, Service (business), Transaction processing, Computer science, Principal (computer security), Identity (object-oriented programming), Context (language use), Session (computer science), Federated identity, Identity management

Abstract

A principal sometimes needs to present a combination of attributes from multiple identities from distinct organizations to fully identify itself This problem is rarely encountered in non-federated identity transactions because services operate within the context of a single identity domain. Federated identity allows for data about one entity to be scattered across multiple identities throughout the distributed system. These data must be unified through attribute aggregation to fully identify an entity. In order to do so, the identities must be associated in some fashion, the user must have a session with a service, and the service must have all the information it needs to process the attributes it receives

Published

2007

46. Service Oriented Federated Identity System Framework

Author

Jiaxun Chen, Xiao-Qiang Liu, Min Wu, and Yongsheng Ding

Subjects

Knowledge management, computer.internet_protocol, business.industry, Computer science, Service-oriented architecture, Ontology (information science), Computer security, computer.software_genre, Semantics, Identity management, Identity (object-oriented programming), System framework, Federated identity, Web service, business, computer

Abstract

The rapid evolution of network and distributed computing, such as Service Oriented Architecture (SOA), is increasing the challenge of securely controlling access to enterprise IT resources. As gaining access to distributed resources becomes increasingly vital, the ability to make sure that the right people have secure access to the right information at the right time becomes a critical requirement. Leading enterprises have deployed identity federation to be closer to partners, accelerate execution of business partnerships, cut cost and complexity of integrating outsourced services. This paper discusses the requirements of federated identity system. A Services Oriented Federated Identity System Framework is proposed, which emphasizes flexible identity management and dynamic discovery. Furthermore, How to use ontology to describe the semantics of identity information is discussed. .

Published

2006

47. Federated identity management for protecting users from ID theft

Author

Kenji Takahashi, Paul Madsen, and Yuzo Koga

Subjects

business.industry, Internet privacy, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Online identity, Computer security, computer.software_genre, Phishing, Identity management, Identity theft, Federated identity management, Strong authentication, Federated identity, Business, computer

Abstract

Federated identity management is sometimes criticized as exacerbating the problem of online identity theft, based as it is on the idea of connecting together previously separate islands of identity information. This paper explores this conjecture, and argues that, while such linkages do undeniably increase the potential scope of a successful theft of identity information, this risk is more than offset by the much greater value federated identity, in combination with strong authentication, offers in preventing such theft in the first place.

Published

2005

48. Organising federated identity in Finnish higher education

Author

Mikael Linden

Subjects

Service (systems architecture), Early adopter, Knowledge management, Higher education, business.industry, Political science, General Medicine, Federated identity, business, Shibboleth, Identity management

Abstract

Finnish higher education has been an early adopter of federated identity in Europe. The Finnish Haka federation is deploying Shibboleth, federating software by Internet2. This paper describes the federation as an organisational entity and explains how privacy issues are taken into account in its policy. Differences between the Haka federation and some other federations are pointed out. The main service areas for federated identity in Finnish higher education are also presented.

Published

2005

49. A modeling approach to federated identity and access management

Author

Martin Gaedke, Johannes Meinecke, and Martin Nussbaumer

Subjects

World Wide Web, Authentication, medicine.medical_specialty, Computer science, System integrity, Authorization, medicine, Federated identity, Reuse, Access management, Web modeling, Identity management, Task (project management)

Abstract

As the Web is increasingly used as a platform for heterogeneous applications, we are faced with new requirements to authentication, authorization and identity management. Modern architectures have to control access not only to single, isolated systems, but to whole business-spanning federations of applications and services. This task is complicated by the diversity of today's specifications concerning e.g. privacy, system integrity and distribution in the web. As an approach to such problems, in this paper, we introduce a solution catalogue of reusable building blocks for Identity and Access Management (IAM). The concepts of these blocks have been realized in a configurable system that supports IAM solutions for Web-based applications.

Published

2005

50. Identity management for improved organisational efficiency and e-business growth: managing enterprise knowledge

Author

Satinder Bhatia and Anshu Saxena

Subjects

Engineering, Knowledge management, Computer Networks and Communications, business.industry, Data management, Identity management, Computer Science Applications, Digital identity, Mobile identity management, Hardware and Architecture, Personal knowledge management, Federated identity, business, Digital firm, Software, Content management

Abstract

Identity Management is the creation, management and use of online, or digital identities. Millions of people around the world now use the internet daily at home and at work, facing a multiplicity of corporate applications and e-business interfaces. Many such applications and interfaces require a unique user name and as a result, an individual typically possesses not one but several digital identities. The importance of digital identity management for building trust relationships and the next generation e- and m-business services is becoming all the more evident with the proliferation of ubiquitous, pervasive and mobile computing systems, all of which require advanced, automated identity management systems for their effective and efficient operation. Indeed, growth of internet commerce (both wired and wireless) has been hindered by the lack of trust between consumers and service providers. As an organisation trying to meet the challenges of today's economy while at the same time trying to maintain a secure network environment, starting with the right e-business foundation is critical. A new perspective on knowledge management in organisations is being created. Knowledge Management is description, organisation, sharing and development of knowledge in the firm and even across firms. Organisations are viewed as bodies of knowledge, and knowledge management is considered as an increasingly important source of competitive advantage for organisations. This paper applies the knowledge-based view of the firm that has established itself as an important perspective in identity management. Identity Management has proven to be the right foundation for companies around the globe. Convergence in Information Technology means that there is no difference between Knowledge Management, e-business, Content Management, Community and Collaboration. When Knowledge Management is combined with Identity Management, inter and intra-organisational interaction is possible in a secure, reliable, and effective manner. This innovative and collaborative approach to business will have a significant impact on the way businesses operate. In this paper, we tackle the technical aspects of identity management, approaches and challenges of managing identities in knowledge-oriented organisations for the benefit of the users and businesses. The importance of mobile identity management is illustrated in the emerging field of ubiquitous computing. The paper highlights an important concept of managing identity information known as "Federated Identity Management", an important tool for managing knowledge within and among organisations.

Published

2005