research-article

Towards dynamic trust establishment for identity federation

Authors:

Florina Almenárez,

Patricia Arias,

Andrés Marín,

Daniel DíazAuthors Info & Claims

EATIS '09: Proceedings of the 2009 Euro American Conference on Telematics and Information Systems: New Opportunities to increase Digital Citizenship

Article No.: 25, Pages 1 - 4

https://doi.org/10.1145/1551722.1551747

Published: 03 June 2009 Publication History

Get Access

Abstract

Federation has emerged as a key concept for identity management, as it is the basis to reduce complexity in the companies and improve user experience. However, the problem of establishing identity federations in dynamic open environments, where it is desirable to speed up the processes of service provisioning and deprovisioning, has not been fully addressed. This paper reviews the existing frameworks for identity federation, analyzing the underlying trust mechanisms and its suitability to be applied in the mentioned environments. Finally, we propose a generic extension for the Security Assertion Markup Language (SAML) standard in order to facilitate the creation of federation relationships in a secure dynamic way between prior unknown parties.

References

[1]

P. Harding, L. Johansson, and N. Klingenstein. Dynamic security assertion markup language: Simplifying single sign-on. IEEE Security & Privacy, 6(2):83--85, March/April 2008.

Digital Library

Google Scholar

[2]

D. Hardt, J. Bufu, and J. Hoyt. Openid attribute exchange 1.0.

Google Scholar

[3]

J. Hodges. Technical comparison: OpenID and SAML - Draft 06. January 2008.

Google Scholar

[4]

Internet2. Shibboleth architecture. Available in http://shibboleth.internet2.edu.

Google Scholar

[5]

A. Jøsang, R. Ismail, and C. Boyd. A survey of trust and reputation systems for online service provision. Decis. Support Syst., 43(2):618--644, 2007.

Digital Library

Google Scholar

[6]

LA. Liberty id-ff protocols and schema specification. Available in http://www.projectliberty.org.

Google Scholar

[7]

Liberty alliance single sign-on. Available in http://lasso.entrouvert.org/.

Google Scholar

[8]

E. Maler and D. Reed. Options and issues in federated identity management. IEEE Security & Privacy, 6(2):16--23, March/April 2008.

Digital Library

Google Scholar

[9]

OASIS. Security assertion markup language (saml) v. 2.0. technical overview. http://saml.xml.org.

Google Scholar

[10]

OpenID. Openid authentication 2.0. Available in http://www.openid.net.

Google Scholar

[11]

D. Recordon, M. Jones, J. Bufu, J. Daugherty, and N. Sakimura. Openid provider authentication policy extension 1.0. Available in http://www.openid.net.

Google Scholar

[12]

SymLabs. ZXID: Open SAML implementation in C. Available in http://www.zxid.org.

Google Scholar

[13]

H. Tschofenig, J. Hodges, J. Peterson, J. Polk, and D. Sicker. SIP SAML Profile and binding. Technical Report draft-ietf-sip-saml-06, March 2009.

Google Scholar

[14]

Web services federation language version 1.1, December 2006.

Google Scholar

Cited By

View all

Ibor AHooper MMaple CCrowcroft JEpiphaniou G(2024)Considerations for trustworthy cross-border interoperability of digital identity systems in developing countriesAI & SOCIETY10.1007/s00146-024-02008-9Online publication date: 7-Aug-2024
https://doi.org/10.1007/s00146-024-02008-9
Li MChi CDing CWong RShe Z(2018)A Multi-protocol Authentication Shibboleth Framework and Implementation for Identity FederationSecurity and Privacy in Communication Networks10.1007/978-3-030-01704-0_5(81-101)Online publication date: 29-Dec-2018
https://doi.org/10.1007/978-3-030-01704-0_5
Arias Cabarcos PAlmenárez FGómez Mármol FMarín A(2014)To Federate or Not To FederateWireless Personal Communications: An International Journal10.1007/s11277-013-1338-y75:3(1769-1786)Online publication date: 1-Apr-2014
https://dl.acm.org/doi/10.1007/s11277-013-1338-y
Show More Cited By

Index Terms

Towards dynamic trust establishment for identity federation
1. Applied computing
  1. Enterprise computing
2. Information systems
  1. Information systems applications

Recommendations

Establishing and protecting digital identity in federation systems
DIM '05: Proceedings of the 2005 workshop on Digital identity management

We develop solutions for the security and privacy of user identity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information ...
Identity federation and privacy: one step beyond
DIM '08: Proceedings of the 4th ACM workshop on Digital identity management

Providing Single Sign-On (SSO) between SPs and enabling SPs to share user personal attributes are critical for both users to benefit from a seamless access to their services, and SPs to realize new business opportunities. Today, however, the users have ...
Identity Federation for VoIP systems
Digital Identity Management (DIM 2007)

Identity Federation enables Users to effectively manage their multiple Identities spread across different administrative domains. It leverages trust between the Identity Providers to allow Users to federate and share their Identity information to ...

Comments

Information & Contributors

Information

Published In

EATIS '09: Proceedings of the 2009 Euro American Conference on Telematics and Information Systems: New Opportunities to increase Digital Citizenship

June 2009

207 pages

ISBN:9781605583983

DOI:10.1145/1551722

Conference Chair:
Miroslav Svitek,
Program Chair:
Tomas Zelinka

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 June 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

EATIS '09

EATIS '09: Euro American Conference on Telematics and Information Systems

June 3 - 5, 2009

Prague, Czech Republic

Acceptance Rates

Overall Acceptance Rate 17 of 64 submissions, 27%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
384
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Ibor AHooper MMaple CCrowcroft JEpiphaniou G(2024)Considerations for trustworthy cross-border interoperability of digital identity systems in developing countriesAI & SOCIETY10.1007/s00146-024-02008-9Online publication date: 7-Aug-2024
https://doi.org/10.1007/s00146-024-02008-9
Li MChi CDing CWong RShe Z(2018)A Multi-protocol Authentication Shibboleth Framework and Implementation for Identity FederationSecurity and Privacy in Communication Networks10.1007/978-3-030-01704-0_5(81-101)Online publication date: 29-Dec-2018
https://doi.org/10.1007/978-3-030-01704-0_5
Arias Cabarcos PAlmenárez FGómez Mármol FMarín A(2014)To Federate or Not To FederateWireless Personal Communications: An International Journal10.1007/s11277-013-1338-y75:3(1769-1786)Online publication date: 1-Apr-2014
https://dl.acm.org/doi/10.1007/s11277-013-1338-y
Chadwick DHibbert M(2013)Towards Automated Trust Establishment in Federated Identity ManagementTrust Management VII10.1007/978-3-642-38323-6_3(33-48)Online publication date: 2013
https://doi.org/10.1007/978-3-642-38323-6_3
Jensen J(2012)Federated Identity Management ChallengesProceedings of the 2012 Seventh International Conference on Availability, Reliability and Security10.1109/ARES.2012.68(230-235)Online publication date: 20-Aug-2012
https://dl.acm.org/doi/10.1109/ARES.2012.68
Jensen J(2011)Benefits of Federated Identity Management - A Survey from an Integrated Operations ViewpointAvailability, Reliability and Security for Business, Enterprise and Health Information Systems10.1007/978-3-642-23300-5_1(1-12)Online publication date: 2011
https://doi.org/10.1007/978-3-642-23300-5_1
Gomi H(2011)An Authentication Trust Metric for Federated Identity Management SystemsSecurity and Trust Management10.1007/978-3-642-22444-7_8(116-131)Online publication date: 2011
https://doi.org/10.1007/978-3-642-22444-7_8
Gomi H(2010)An authentication trust metric for federated identity management systemsProceedings of the 6th international conference on Security and trust management10.5555/2050149.2050157(116-131)Online publication date: 23-Sep-2010
https://dl.acm.org/doi/10.5555/2050149.2050157
Gao HYan JMu Y(2010)Dynamic Trust Model for Federated Identity ManagementProceedings of the 2010 Fourth International Conference on Network and System Security10.1109/NSS.2010.40(55-61)Online publication date: 1-Sep-2010
https://dl.acm.org/doi/10.1109/NSS.2010.40
Su ZBiennier F(2010)End-to-end security policy description and management for collaborative system2010 Sixth International Conference on Information Assurance and Security10.1109/ISIAS.2010.5604183(137-142)Online publication date: Aug-2010
https://doi.org/10.1109/ISIAS.2010.5604183

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Establishing and protecting digital identity in federation systems

Identity federation and privacy: one step beyond

Identity Federation for VoIP systems

Comments

Published In

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Establishing and protecting digital identity in federation systems

Identity federation and privacy: one step beyond

Identity Federation for VoIP systems

Comments

Information

Published In

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations