Abstract
Identity management plays a crucial role in many application contexts, including e-government, e-commerce, business intelligence, investigation, and homeland security. The variety of approaches to and techniques for identity management, while addressing some of the challenges, has introduced new problems especially concerning interoperability and privacy. As such, any attempt to consolidate such diverse views and approaches to identity management in a systematic fashion requires a precise and rigorous unifying semantic framework. We propose here a firm semantic foundation for the systematic study of identity management and improved accuracy in reasoning about key properties in identity management system design. The proposed framework is built upon essential concepts of identity management and serves as a starting point for bringing together different approaches in a coherent and consistent manner.
Everything is vague to a degree you do not realize
till you have tried to make it precise.
Bertrand Russell, 1918
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
This research project is funded by the Ministry of Labour & Citizens’ Services of British Columbia, Canada.
- 2.
According to a 2007 report, identity theft loss in the United States declined to $49.3 billion in 2006, due to an increased vigilance among consumers and businesses [13].
- 3.
In reality, one commonly uses combinations of characteristics in order to distinguish an entity from other entities, so that it becomes identifiable based on a certain set of attributes; however, it seems virtually impossible to find any such set that is generally suitable as a placeholder for an entity’s identity in an absolute sense as assumed here.
- 4.
For the purpose of the first abstract model we do not distinguish between personal identifiers and pseudonyms.
- 5.
Several contexts may come together under the umbrella of a domain. For instance, several contexts exist within the health domain, including hospital records, health care providers, etc.
- 6.
It is important to note that the oracle is not necessarily a function.
- 7.
We define here a more general case with n identities/partial identities.
- 8.
- 9.
For a comprehensive list of references on ASM theory and applications, we refer the reader to the ASM Research Center at http://www.asmcenter.org.
- 10.
10 Courtesy of S. Sproule and N. Archer.
- 11.
We are not concerned with the authentication of the attribute set and assume the attributes are authenticated.
- 12.
Note that if matching results in several identities, a logical inconsistency exists (see Case 2 in Fig. 2), which has to be resolved separately. Hence, we restrict here to one identity only.
- 13.
Other factors, such as the specific context where identification occurs, should also be considered in authorization. However, for simplicity we use this broader definition of authorization.
References
E. Börger and R. Stärk. Abstract State Machines: A Method for High-Level System Design and Analysis. Springer-Verlag, Berlin, 2003.
K. Cameron. The Laws of Identity [online], December 2005. Available: http://www.identityblog.com/?p=354.
J. L. Camp. Digital identity. Technology and Society Magazine, IEEE, 23:34–41, 2004.
L. J. Camp, et al. Identity in Digital Government: a research report of the Digital Government Civic Scenario Workshop, 2003. Research Report.
A. Cavoukian. 7 Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age, 2006.
S. Clauß and M. Köhntopp. Identity Management and its Support of Multilateral Security. Computer Networks, 37(2):205–219, 2001.
E. Damiani, S. D. C. di Vimercati, and P. Samarati. Managing multiple and dependable identities. Internet Computing, IEEE, 7:29–37, 2003.
R. Farahbod, U. Glässer, and M. Vajihollahi. An Abstract Machine Architecture for Web Service Based Business Process Management. International Journal of Business Process Integration and Management, 1:279–291, 2007.
Future of Identity in the Information Society – FIDIS (January 2008 – last visited) Website. [online]. Available: http://www.fidis.net.
U. Glässer and M. Vajihollahi. Identity Management Architecture. Technical Report SFU-CMPT-TR-2008-02, Simon Fraser University, February 2008.
J. Harper. Identity Crisis: How Identification Is Overused and Misunderstood. Cato Institute, 2006.
Independent Centre for Privacy Protection Schleswig-Holstein, Germany and Studio Genghini & Associati, Italy. Identity Management Systems (IMS): Identification and Comparison Study, 2003.
Javelin Strategy and Research, 2007 Identity Fraud Survey Report, February, 2007.
J. Jonas. Threat and fraud intelligence, Las Vegas style. Security & Privacy Magazine, IEEE, 4:28–34, 2006.
Liberty Alliance. Liberty Alliance Identity Federation Framework (ID-FF) 1.2 Specifications, December 2007.
Liberty Alliance Project (January 2008 – last visited) Website. [online]. Available: http://www.projectliberty.org
J. Phiri and J. Agbinya. Modelling and Information Fusion in Digital Identity Management Systems. In Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies, 2006. ICN/ICONS/MCL 2006, 181–187, 2006.
PISA – Privacy Incorporated Software Agent. Information Security, Privacy and Trust. (February 2008 – last visited) [online]. Available: http://www.iit-iti.nrc-cnrc.gc.ca/projectsprojets/pisa e.html.
PRIME – Privacy and Identity Management for Europe. (January 2008 – last visited) Website. [online]. Available: http://www.prime-project.eu.
Public Safety and Emergency Preparedness Canada. Report on Identity Theft, October 2004.
C. D. Raab. Perspectives on ‘personal identity’. BT Technology Journal, 23:15–24, 2005.
C. Satchell, G. Shanks, S. Howard, and J. Murphy. Beyond security: Implications for the future of federated digital identity management systems. In OZCHI’06: Proceedings of the 20th Conference of the Computer–Human Interaction Special Interest Group (CHISIG) of Australia on Computer–Human Interaction: Design: Activities, Artefacts and Environments, ACM, New York, 313–316, 2006.
S. Sproule and N. Archer. Defining identity theft. In Eighth World Congress on the Management of eBusiness (WCMeB 2007), 20–31, 2007.
G. van Blarkom, J. Borking, J. Giezen, R. Coolen, and P. Verhaar. Handbook of Privacy and Privacy-Enhancing Technologies – The Case of Intelligent Software Agents. College bescherming persoonsgegevens, 2003.
G. Wang, H. Chen, J. Xu, and H. Atabakhsh. Automatically detecting criminal identity deception: an adaptive detection algorithm. IEEE Transactions on Systems, Man and Cybernetics, Part A, 36:988–999, 2006.
G. A. Wang, H. Atabakhsh, T. Petersen, and H. Chen. Discovering identity problems: A case study. In LNCS: Intelligence and Security Informatics. Springer, Berlin/Heidelberg, 2005.
G. A. Wang, H. Chen, and H. Atabakhsh. A probabilistic model for approximate identity matching. In J. A. B. Fortes and A. Macintosh, editors, Proceedings of the 7th Annual International Conference on Digital Government Research, DG.O 2006, San Diego, CA, May 21–24, 2006, 462–463. Digital Government Research Center, 2006.
W. Wang, Y. Yuan, and N. Archer. A contextual framework for combating identity theft. Security & Privacy Magazine, IEEE, 4:30–38, 2006.
P. J. Windley. Digital Identity, chapter Federating Identity. O’Reilly, Sebastopol, CA, 118–142, 2005.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Glässer, U., Vajihollahi, M. (2010). Identity Management Architecture. In: Yang, C., Chau, M., Wang, JH., Chen, H. (eds) Security Informatics. Annals of Information Systems, vol 9. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-1325-8_6
Download citation
DOI: https://doi.org/10.1007/978-1-4419-1325-8_6
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-1324-1
Online ISBN: 978-1-4419-1325-8
eBook Packages: Computer ScienceComputer Science (R0)