skip to main content
10.1145/1314403.1314409acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

On identity assurance in the presence of federated identity management systems

Published: 02 November 2007 Publication History

Abstract

In this paper we address the appropriate management of risk in federated identity management systems by presenting an identity assurance framework and supporting technologies. We start by discussing the risk mitigation framework that should be part of any identity assurance solution. We then demonstrate how our model based assurance technologies can be used to report success of an identity assurance programme. We discuss how this approach can be used to gain trust within a federated identity management solution both by communicating the nature of the assurance framework and that risks are successfully being mitigated. Finally, we show the importance of automation of controls in easing operational costs (and we describe related approaches developed at HP Labs and PRIME project); providing improved audit information and changing the risk mitigation landscape.

References

[1]
IACC, IAAC Position paper on ''Identity Assurance (IdA): Towards a policy framework for electronic Identity'', available from http://www.iaac.org.uk, October 2005
[2]
A. Baldwin, Y. Beres, and S. Shiu, Using Assurance Models to aid the risk and governance lifecycle. BT Technology Journal. Vol. 25 No 1. January, 2007
[3]
M. Casassa Mont, R. Thyne, P. Bramhall, Privacy Enforcement with HP Select Access for Regulatory Compliance, HP Labs Technical Report, HPL-2005-10, 2005
[4]
M. Casassa Mont, Dealing with Privacy Obligations in Enterprises, HP Labs Technical Report, HPL-2004-109, 2004
[5]
M. Casassa Mont, P. Bramhall, J. Pato, On Adaptive Identity Management: The next generation of Identity Management Technolgies, HP Labs Technical Report, HPL-2003-149, 2003
[6]
ITGI, Control Objectives for Information and Related Technologies (COBIT), Fourth Edition, 2005
[7]
V. Lloyd, Planning to implement service management (IT Infrastructure Library), The Stationery Office Books http://www.itil.co.uk/publications.htm, 2007
[8]
ISO, ISO 27000 Series of Standards (Supersedes ISO17799) - http://www.27000.org, 2007
[9]
Liberty Alliance Project, The Liberty Alliance Specs, http://www.projectliberty.org/, 2007
[10]
N. Murison, A. Baldwin, Secure Distributed audit for shared customer environments, To be issued as Technical Report, 2006
[11]
A. Baldwin, S. Shiu, Enabling shard audit data. Int. Journal of Information Security 4. Springer, 2005
[12]
12.CCM, Continuous Control Monitoring: Enabling rapid response to control breakdowns, in research findings of Audit Director Roundtable, http://www.audit.executiveboard.com/ADR/, 2004
[13]
Proposed Auditing Standard, An audit of internal control over financial reporting that is integrated with an audit of financial statements - and related proposals", PCAOB Release No. 2006-007 PCAOB Rulemaking Docket Matter No. 021 Available from PCAOB website http://www.pcaobus.org/, 2006
[14]
PRIME Project, Privacy and Identity Management for Europe, https://www.prime-project.eu/, 2007

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
DIM '07: Proceedings of the 2007 ACM workshop on Digital identity management
November 2007
98 pages
ISBN:9781595938893
DOI:10.1145/1314403
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 2007

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. assurance
  2. audit
  3. control
  4. identity
  5. models
  6. risk

Qualifiers

  • Article

Conference

CCS07
Sponsor:

Acceptance Rates

Overall Acceptance Rate 16 of 34 submissions, 47%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)11
  • Downloads (Last 6 weeks)4
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Authentication TechnologyDiscovering Cybersecurity10.1007/978-1-4842-9560-1_2(27-60)Online publication date: 11-Aug-2023
  • (2021)A Review on Risk Management in Information Systems: Risk Policy, Control and Fraud DetectionElectronics10.3390/electronics1024306510:24(3065)Online publication date: 9-Dec-2021
  • (2021)A model of digital identity for better information security in e-learning systemsThe Journal of Supercomputing10.1007/s11227-021-03981-4Online publication date: 23-Jul-2021
  • (2017)The Tragedy of the Identity Assurance CommonsProceedings of the 2017 ACM on Web Science Conference10.1145/3091478.3098882(397-398)Online publication date: 25-Jun-2017
  • (2015)A Practical Trust FrameworkProceedings of the Second International Conference on Security Standardisation Research - Volume 949710.1007/978-3-319-27152-1_11(203-217)Online publication date: 15-Dec-2015
  • (2015)Identity Management in Platforms Offering IoT as a ServiceInternet of Things. User-Centric IoT10.1007/978-3-319-19656-5_40(281-288)Online publication date: 26-Jun-2015
  • (2013)Identity management lifecycle - exemplifying the need for holistic identity assurance frameworksProceedings of the 2013 international conference on Information and Communication Technology10.1007/978-3-642-36818-9_38(343-352)Online publication date: 25-Mar-2013
  • (2012)Wireless Identity ManagementSimulation in Computer Network Design and Modeling10.4018/978-1-4666-0191-8.ch013(284-296)Online publication date: 2012
  • (2010)Multimodal Biometrics and Multilayered IDM for Secure AuthenticationGlobal Security, Safety, and Sustainability10.1007/978-3-642-15717-2_11(87-95)Online publication date: 2010

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media