Abstract
In this paper, we propose a framework for identity management in a distributed environment. In addition to achieving convenience, which is the primary objective for identity management in most related work, we believe that user privacy and controlled information disclosure are equally important. Therefore, we look beyond the so-called single-sign-on (SSO) suitable mainly for a federated environment [2] because the requirement that a trust relationship be established between network applications and services so that a central authority can act on behalf of the applications and services in identity management and access authorization is not practical in the Internet where distributed control and management is the mainstream. We show how convenience can be achieved without the requirement for such a central authority in our framework. We also show how multiple identities can be managed for users to access network applications and services and how users can control the disclosure of identity information and hence ensure their privacy. Consequently, the framework can serve as the foundation for the development of the next generation of network identity management systems that are both practical and flexible.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bonatti, P., Samarati, P.: A Unified Framework for Regulating Service Access and Information Release on the Web. Journal of Computer Security 10(3), 241–272 (2003)
Buell, D., Sandhu, R.: Identity Management. IEEE Internet Computing 7(6), 26–28 (2003)
Claub, S., Kohntopp, M.: Identity Management and Its Support of Multilateral Security. Computer Networks 37, 205–219 (2001)
Damiani, E., De Capital di Vimercati, S., Samarati, P.: Managing Multiple and Dependable Identities. IEEE Internet Computing 7(6), 29–37 (2003)
Hallam-Baker, P., Malers, E. (eds.): Assertions and Protocol for the Oasis Security Assertion Markup Language (SAML). Oasis Standard (2002), www.oasis-open.org/committees/security/docs/cs-sstc-core-01.pdf
Kai, R.: Identity Management in Mobile Cellular Networks and Related Applications. Information Security Technical Report, Vol. 9, No. 1 (2004)
Millett, L., Holden, S.: Authentication and Its Privacy Effects. IEEE Internet Computing 7(6), 54–58 (2003)
Kormann, D., Rubin, A.: Risks of Passport Single Signon Protocol. Computer Networks 33, 51–58 (2000)
Liberty Alliance Project, “Liberty Architecture Overview,” v1.0 (2002), http://www.projectliberty.org
Mishra, P. (ed.): Bindings and Profiles for the Oasis Security Assertion Markup Language (SAML). Oasis Standard (2002), www.oasis-open.org/committees/security/docs/cs-sstcbindings-01.pdf
Pfitzmann, B., Waidner, M.: Analysis of Liberty Single-Sign-On with Enabled Clients. IEEE Internet Computing 7(6), 38–44 (2003)
Skogsrud, H., Benatallah, B., Casati, F.: Model-Driven Trust Negotiation for Web Services. IEEE Internet Computing 7(6), 45–52 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
He, J., Zhang, R. (2005). Towards a Formal Framework for Distributed Identity Management. In: Zhang, Y., Tanaka, K., Yu, J.X., Wang, S., Li, M. (eds) Web Technologies Research and Development - APWeb 2005. APWeb 2005. Lecture Notes in Computer Science, vol 3399. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31849-1_87
Download citation
DOI: https://doi.org/10.1007/978-3-540-31849-1_87
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25207-8
Online ISBN: 978-3-540-31849-1
eBook Packages: Computer ScienceComputer Science (R0)