Skip to main content
SpringerLink
Log in

A survey on identity federation solutions

Un Panorama des Solutions de Fédération D’Identité

  • Published:
Annales Des Télécommunications Aims and scope Submit manuscript

Abstract

As Internet is a prime vehicle for business and personal interactions, more and more organizations provide their users with personalized online services. Identity Management is, therefore, a key component for these organizations to manage users’ accounts (i.e. identities) and secure access to their personal services and information. Today, however, users’personal information and authentication are confined to organizations’ boundaries. This brings to a situation where the users have multiple identities on the Internet preventing both users and organizations to benefit from registrations and authentications already done at other organizations. Identity federation becomes, therefore, a key component of identity management enabling authentications and personal information to pass through organizations’boundaries in a privacy-friendly way. This article focuses on Single Sign-On and attribute sharing, two of the main functions Identity Management systems provide. It gives an overview of the main solutions available today.

Résumé

Internet étant un support fondamental pour les interactions personnelles et commerciales, de plus en plus d’organisations proposent des services en ligne personnalisés à leurs utilisateurs. La gestion d’identité est donc un composant clé pour ces organisations pour gérer les comptes (ou identités) des utilisateurs et sécuriser l’accès à leurs informations et services personnels. Aujourd’hui, toutefois, Vauthentication et les informations personnelles des utilisateurs sont confinées aux frontières des organisations et ni les utilisateurs, ni les organisations ne peuvent bénéficier des enregistrements et des authentications déjà réalisés auprès d’autres organisations. La fédération devient donc un composant clé de la gestion d’identité en permettant aux organisations de partager authentifications et informations personnelles des utilisateurs tout en préservant leur vie privée. Cet article se focalise sur l’identification unique et le partage d’attributs, deux fonctions importantes des systèmes de gestion d’identité. Il donne un aperçu des principales solutions disponibles aujourd’hui.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Berners-Lee (T.),Fielding (R.),Frystyk Nielsen (H.),Rfc1945, “Hypertext Transfer Protocol —Http/1.0”,Internet Engineering Task Force, May 1996.

  2. Camp (L. J.),Osorio (C), “Privacy-Enhancing Technologies for Internet Commerce”, Trust in the Network Economy.Springer-Verlag, 2003.

  3. Cantor (S.),Kemp (J.), eds., “LibertyId-ff Bindings and Profiles Specification”, Version 1.2,Liberty Alliance Project, 12 November 2003.

  4. Claub (S.), Kohntopp (M.), “Identity Management and Its Support of Multilateral Security”,Computer Networks,37, 2001, pp. 205–219.

    Article  Google Scholar 

  5. Dierks (T.),Rescorla (E.),Rfc 2246. “TheTls Protocol — Version 1.1”,Internet Engineering Task Force, December 2004.

  6. Fielding (R.),Gettys (J.),Mogul (J.),Frystyk Nielsen (H.),Berners-Lee (T.),Rfc2068, “Hypertext Transfer Protocol —Http/1.1.”.Internet Engineering Task Force, January 1997.

  7. Franks (J.),Hallam-Baker (P.),Hostetler (J.),Leach (P.),Luotonen (A.),Sink (E.),Stewart (L.),Rfc2069. “An Extension toHttp: Digest Access Authentication”,Internet Engineering Task Force, January 1997.

  8. Freier (A. O.),Karlton (P.),Kocher (P. C), “TheSsl Protocol — Version 3.0.”,Internet Draft, March 1996.

  9. Herzberg (A.),Mihaeli (J.),Mass (Y.),Naor (D.),Ravid (Y.) “Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers”, Inieee Symposium on Security and Privacy, Oakland,Ca, May 2000.

  10. Ibm Corporation and Microsoft Corporation, “Security in a Web Services World: A Proposed Architecture and Roadmap”, A joint security whitepaper fromIbm Corporation and Microsoft Corporation, 7 April 2002.

  11. Johnson (W.),Mudumbai (S.),Thompson (M.), “Authorization and Attribute Certificates for Widely Distributed Access Control”, InIeee International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, 1998.

  12. Hickman (K.), “TheSsl Protocol”, Netscape Corp., February 1995.

  13. Kristol (D.),Montulli (L.),Rfc2965. “Http State Management Mechanism”,Internet Engineering Task Force, October 2000.

  14. Madsen (P.), “Liberty Alliance &Ws-Federation: A Comparative Overview”,Liberty Alliance Project, White Paper, 14 October 2003.

  15. Maler (E.),Mishra (P.),Philpott (R.), eds., “Assertions and Protocol for theOasis Security Assertion Markup Language (Saml)”,Oasis Standard, 2 September 2003.

  16. Microsoft Corporation, “Microsoft .Net Passport — Technical Overview”, October 2001.

  17. Pashalidis (A.), Mitchell (C), “A taxonomy of single sign-on systems”, InSafavi-Naini (R.) andSeberry (J.), eds, Information Security and Privacy, 8th Australasian Conference,Acisp 2003, Wollongong, Australia, July 9–11, 2003, Proceedings,2727, Lecture Notes in Computer Science, pages 249–264. Springer-Verlag, Berlin, July 2003.

    Google Scholar 

  18. Scavo (T.),Cantor (S.),Dors (N.), “Shibboleth Architecture — Technical Overview”, Working Draft 02, June 2005.

  19. Tourzan (J.), Koga (Y), eds., “LibertyId-wsf Web Services Framework Overview”,Liberty Alliance Project.

  20. Varney (C),Cole (P.),Duserick (W),Lesser (J.),Podorowsky (G.),Sibieta (P.),Thornby (C), “Privacy and Security Best Practices — Version 2.0”,Liberty Alliance Project, White Paper, November 2003.

  21. Wason (T.),Cantor (S.),Hodges (J.),Kemp (J.),Thompson (P.), “LibertyId-ff Architecture Overview — Version 1.2”,Liberty Alliance Project, November 2003.

  22. Yu (T.),Winslett (M.),Seamons (K. E.), “Automated Trust Negotiation over the Internet”,6th World Multiconference on Systemics, Cybernetics and Informatics, Orlando, July 2002.

Download references

Author information

Authors and Affiliations

  1. division R&D, France Télécom, 42, rue des Coutures, 14066, Caen cedex, France

    Eric Malville

  2. division R&D, France Télécom, 4, rue du Clos Courtel, 35512, Cesson Sévigné cedex, France

    Jean-Michel Crom

  3. division R&D, France Télécom, 2, ave Pierre Marzin, 22307, Lannion Cedex

    Gael Gourmelen

Authors
  1. Eric Malville
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean-Michel Crom
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gael Gourmelen
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Malville, E., Crom, JM. & Gourmelen, G. A survey on identity federation solutions. Ann. Télécommun. 61, 379–398 (2006). https://doi.org/10.1007/BF03219913

Download citation

  • Received:

  • Accepted:

  • Issue Date:

  • DOI: https://doi.org/10.1007/BF03219913

Key words

Mots clés

Search

Navigation