ABSTRACT
Interoperable Identity Management systems are prerequisite for novel user-centric services, which strongly rely on user identity attributes and security services. Future Identity Management systems have to include a discovery framework which will enable dynamic and automatic exchange of user identity attributes between services from different key-business areas, e.g. Internet, healthcare, e-government, e-banking, entertainment, etc. The framework should allow federating different user identities so that any of them would be sufficient to bootstrap trust relation between the user and any service. The first and fundamental step to achieve the two goals is the discovery of multiple user identities, usually unrelated to each other and hosted by a distributed environment of independent identifier domains. Current discovery mechanisms are intra-identifier domain oriented, i.e. they focus on discovering identity- and identity-based services for a given identity described by known identifier valid inside certain identifier domain. This paper proposes a discovery mechanism which overcomes this constraint and allows for inter-identifier domain (inter-federation) discovery of user identities. To the best of our knowledge, it is the first proposition that crosses the border of an identifier domain (and federation) and allows for discovery of completely unrelated identities of the user.
- R. Radhakrishnan, "Identity & Security. A Common Architecture & Framework for SOA and Network Convergence", Futuretext, 2007 Google ScholarDigital Library
- Liberty Alliance Project, "Liberty ID-WSF Discovery Service SpecificationGoogle Scholar
- Focus Group on Identity Management, "Report on Identity Management Use Cases and Gap Analysis", ITU-T, 2007Google Scholar
- P. Windley: "Digital Identity ", O'Reilly, 2005 Google ScholarDigital Library
- L. Jean Camp: Digital Identity, IEEE Technology and Society Magazine, Fall 2004Google ScholarCross Ref
- D.V. Thanh, I. Jorstadt, "The Ambiguity of Identity", Teletronikk, Vol.3, 2007Google Scholar
- Audun Jøsang, John Fabre, Brian Hay, James Dalziel , Simon Pope1, "Trust Requirements in Identity Management", Proceedings of the 2005 Australasian workshop on Grid computing and e-research -- Volume 44, 2005 Google ScholarDigital Library
- M. Dabrowski, P. Pacyna, "Generic and complete, three-level Identity Management Model", accepted for publication and presentation at The Second International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2008), August 25--31, 2008 -- Cap Esterel, France Google ScholarDigital Library
- Anonymous -- P2P.org, http://www.anonymous-p2p.org/Google Scholar
- Yadis Specification 1.0Google Scholar
- XRI 2.0 ResolutionGoogle Scholar
- Shibboleth Architecture -- Technical OverviewGoogle Scholar
- Liberty Alliance Project, "Access to Identity-Enabled Web Services in Cross-Border, Inter-Federation ScenariosGoogle Scholar
Index Terms
- Cross-identifier domain discovery service for unrelated user identities
Recommendations
Distributed identity discovery service for non-federated systems
MoMM '08: Proceedings of the 6th International Conference on Advances in Mobile Computing and MultimediaToday, multiple digital identities of a person are managed by independent identity providers. These identities are unlinked with each other, therefore existing identity discovery mechanisms are restricted to discovery by way of a known identifier, ...
OpenID identity discovery with XRI and XRDS
IDtrust '08: Proceedings of the 7th symposium on Identity and trust on the InternetThe work examines the identity discovery problems that needed to be addressed by the OpenID 2.0 protocol in order to enable a user-centric Internet identity layer. The paper illustrates how the OASIS XRI and XRDS specifications were applied to help ...
A framework for preserving privacy in cloud computing with user service dependent identity
ICACCI '12: Proceedings of the International Conference on Advances in Computing, Communications and InformaticsThe widespread focus on the Cloud Computing has necessitated the corresponding mechanisms to ensure privacy and security. Various attempts have been made in the past to safeguard the privacy of the individual or agency trying to utilize the services ...
Comments