Skip to main content
SpringerLink
Log in

Universal Identity Management Based on Delegation in SOA

  • Chapter
  • First Online:
Advanced Web Services

  • 1693 Accesses

Abstract

Relationship-focused and credential-focused identity management are both user-centric notions in Service-oriented architecture (SOA). For composite services, pure user-centric identity management is inefficient because each sub-service may authenticate and authorize users and users need to participate in every identity provisioning transaction. If the above two paradigms are unified into universal identity management, where identity information and privileges are delegatable, user-centricity will be more feasible in SOA. The credential-focused system is a good starting point for constructing a universal identity management system. However, how to implement a practical delegation scheme is still a challenge although some delegatable anonymous credential schemes have been theoretically constructed. This paper aims to propose a practical solution for universal identity management. For this, a pseudonym-based signature scheme is firstly designed, where pseudonyms are self-generated and unlinkable for realizing user privacy. Next, a proxy signature is presented with the pseudonyms as public keys where delegation can be achieved through certificate chains. Finally, the WS-Federation is extended to build a universal identity management solution.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Cameron K (2005) Laws of identity http://www.identityblog.com. May 2005

  2. PRIME Consortium. Privacy and Identity Management for Europe (PRIME). http://www.prime-project.eu

  3. Identity-management. Liberty alliance project. http://www.projectliberty.org

  4. Kaler C, Nadalin A (2003) Web services federation language.

    Google Scholar 

  5. Bhargav-Spantzel A, Camenisch J (2006) User Centricity: A Taxonomy and Open Issues. In: The Second ACM Workshop on Digital Identity Management - DIM, 493–527.

    Google Scholar 

  6. Chaum D (1985) Security without identification: transaction systems to make big brother obsolete. Communications of the ACM, 28(10): 1030–1044.

    Google Scholar 

  7. Chaum D, Evertse JH (1986) A secure and privacy-protecting protocol for transmitting personal information between organizations. Advances in Cryptology-CRYPTO’86, p 118–167.

    Google Scholar 

  8. Damgard IB (1988) Payment systems and credential mechanisms with provable security against abuse by individuals. Advances in Cryptology-CRYPTO’88, p 328–335

    Google Scholar 

  9. Chen LD (1995) Access with pseudonyms. Lecture Notes in Computer Science, 1029: 232–243

    Google Scholar 

  10. Lysyanskaya A, Rivest R, Sahai A (1999) Pseudonym systems. In: Selected Areas in Cryptography, 6th Annual International, Workshop, SAC’99, p 184–199

    Google Scholar 

  11. Camenisch J, Lysyanskaya A (2001) Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In: Pfitzmann B (ed) EUROCRYPT 2001, vol 2045 of LNCS, Springer Verlag, p 93–118

    Google Scholar 

  12. Camenisch J, Lysyanskaya A (2002) A signature scheme with efficient protocols. In: SCN 2002, vol 2576 of LNCS, p 268–289

    Google Scholar 

  13. Camenisch J, Lysyanskaya A (2004) Signature schemes and anonymous credentials from bilinear maps. In: CRYPTO 2004, vol 3152 of LNCS, p 56–72

    Google Scholar 

  14. Belenkiy M, Chase M, Kohlweiss M (2008) Non-Interactive Anonymous Credentials. Theoretical Cryptography Conference (TCC) 2008. http:// eprint.iacr.org/2007/384.

    Google Scholar 

  15. Chase M, Lysyanskaya A (2006) On signatures of knowledge. In: Dwork C (ed) CRYPTO 2006, vol 4117 of LNCS, p 78C96

    Google Scholar 

  16. Belenkiy M, Camenisch J, Chase M, Kohlweiss M, Lysyanskaya A, Shacham H (2008) Delegatable Anonymous Credentials. http://eprint.iacr.org/2008/428.

  17. Camenisch J, Sommer D, Zimmermann R (2006) A General Certification Framework with Applica-tions to Privacy-Enhancing Certificate Infrastructures. IFIP International Federation for Information Processing, p 25–37

    Google Scholar 

  18. Mambo M, Usuda K, Okamoto E (1996) Proxy signatures: Delegation of the power to sign mes-sages. IEICE Transaction on Fundamentals, vol. E79-A, no. 9, p 1338–1354.

    Google Scholar 

  19. Kim S, Park S, Won D (1997) Proxy signatures revisited. Proceedings of ICICS97, LNCS 1334, Springer-Verlag, p 223–232

    Google Scholar 

  20. Okamoto T, Tada M, Okamoto E (1999) Extended proxy signatures for smart card. Proceedings of Information Security Workshop99, LNCS 1729. Springer-Verlag, p 247–258

    Google Scholar 

  21. Herranz J, Saez G (2004) Revisiting fully distributed proxy signature schemes. Proceedings of Indocrypt04, LNCS 3348. Springer-Verlag, p 356–370

    Google Scholar 

  22. Fiat A, Shamir A (1986) How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko AM (ed) Proceedings of Crypto 1986, vol 263 of LNCS. Springer-Verlag, p 186–194

    Google Scholar 

  23. Chaum D, van Heyst E (1991) Group signatures. In: Davies DW (ed) Proceedings of Eurocrypt 1991, vol 547 of LNCS. Springer-Verlag, p 257–265

    Google Scholar 

  24. Bellare M, Micciancio D, Warinschi B (2003) Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions. Eurocrypt 03, LNCS 2656. Springer-Verlag, p 614–629

    Google Scholar 

  25. Boneh D, Boyen X (2004) Short Signatures without Random Oracles. Eurocrypt04, LNCS 3027. Springer-Verlag, p 56–73

    Google Scholar 

  26. Bellare M, Shi H, Zhang C (2005) Foundations of Group Signatures: The Case of Dynamic Groups. In: CT C RSA05, LNCS 3376. Springer-Verlag, p 136–153

    Google Scholar 

  27. Delerablee C, Pointcheval D (2006) Dynamic Fully Anonymous Short Group Signatures. Progress in Cryptology - VIETCRYPT 2006, Hanoi, Vietnam, p 193–210

    Google Scholar 

  28. Brickell E, Camenisch J, Chen LQ (2004) Direct anonymous attestation. Proceedings of the ACM Conference on Computer and Communications Security, Washington, DC, p 132–145

    Google Scholar 

  29. Camenisch J (2006) Protecting (anonymous) credentials with the trusted computing groups trusted platform modules, vo1.2. In: Proceedings of the 21st IFIP International Information Security Confer-ence (SEC 2006)

    Google Scholar 

  30. Boneh D, Franklin M (2001) Identity-based encryption from the Weil pairing. In Proc. of CRYPTO’01, vol 2139, p 213–229

    Google Scholar 

  31. Barreto P, Kim H, Bynn B, Scott M (2002) Efficient algorithms for pairing-based cryptosystems. In Proc. CRYPTO’02, p 354–368

    Google Scholar 

  32. Mitsunari S, Sakai R, Kasahara M (2002) A new traitor tracing. IEICE Trans. Vol. E85-A, No.2, p 481–484

    Google Scholar 

  33. Hess F (2002) Efficient identity based signature schemes based on pairings. SAC 2002, LNCS 2595, p 310–324

    Google Scholar 

  34. Zhang F, Kim K (2002) ID-based blind signature and ring signature from pairings. Advances in Cryptology-Asiacrypt 2002.

    Google Scholar 

  35. Huang X, Mu Y, Susilo W, Zhang F, Chen X (2005) A short proxy scheme: efficient authentication in the ubiquitous world. In: EUC Workshops 2005, LNCS 3823, Berlin. Springer-Verlag, p 480–489

    Google Scholar 

  36. MICROSOFT (2005) A technical reference for InfoCard v1.0 in Windows

    Google Scholar 

  37. Higgins Trust Framework, 2006. http://www.eclipse.org/higgins/.

  38. Camenisch J, Herreweghen EV (2002) Design and implementation of the idemix anonymous cre-dential system. Proceedings of the 9th ACM Conference on Computer and Communications, Security, p 21–30

    Google Scholar 

  39. Camenisch J, Gross T, Sommer D (2006) Enhancing Privacy of Federated Identity Management Protocols. Proceedings of the 5th ACM workshop on Privacy in Electronic Society, p 67–72

    Google Scholar 

  40. IBM, Microsoft, Actional, BEA, Computer Associates, Layer 7, Oblix, Open Network, Ping Identity, Reactivity, and Verisign. Web Services Trust Language (WS-Trust). February 2005.

    Google Scholar 

  41. Segev A, Toch E (2009) Context-Based Matching and Ranking of Web Services for Composition. IEEE Transactions on Service Computing, vol 2(3): 210–222

    Google Scholar 

  42. OASIS (2005) Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005.

    Google Scholar 

  43. Liberty Alliance Project (2003) Liberty ID-FF Protocols and Schema Specification. Version 1.2, November 2003. http://www.projectliberty.org/specs.

  44. Gomi H, Hatakeyama M, Hosono S, Fujita S (2005) A Delegation Framework for Federated Identity Management. Proceedings of the 2005 Workshop on Digital Identity Management, p 94–103

    Google Scholar 

  45. Zhang Y, Chen JL (2011) A Delegation Solution for Universal Identity Management in SOA. IEEE Transactions on services computing, p 70–81

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, China

    Yang Zhang & Jun-Liang Chen

Authors
  1. Yang Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jun-Liang Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yang Zhang .

Editor information

Editors and Affiliations

  1. School of Computer Science and Information Technology, RMIT University, Melbourne, Victoria, Australia

    Athman Bouguettaya

  2. Engineering Auto-ID Lab, University of Adelaide School of Computer Science, Adelaide, South Australia, Australia

    Quan Z. Sheng

  3. dell'Informazione, Università di Trento Dipto. Ingegneria e Scienza, Povo, Trento, Italy

    Florian Daniel

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer Science+Business Media New York

About this chapter

Cite this chapter

Zhang, Y., Chen, JL. (2014). Universal Identity Management Based on Delegation in SOA. In: Bouguettaya, A., Sheng, Q., Daniel, F. (eds) Advanced Web Services. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-7535-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-7535-4_3

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-7534-7

  • Online ISBN: 978-1-4614-7535-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation