The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.05 - May (2009 vol.42)
pp: 33-40
David W. Chadwick , University of Kent
George Inman , University of Kent
ABSTRACT
Most federated identity management systems are limited by users' ability to choose only one identity provider per service session. A proposed linking service lets users securely link their various identity provider (IdP) accounts, enabling the system to aggregate attributes from multiple authoritative sources automatically without requiring users to authenticate separately to each IdP.
INDEX TERMS
Identity management systems, Attribute aggregation, Linking service, SAML, Liberty Alliance, CardSpace, Security & privacy
CITATION
David W. Chadwick, George Inman, "Attribute Aggregation in Federated Identity Management", Computer, vol.42, no. 5, pp. 33-40, May 2009, doi:10.1109/MC.2009.143
REFERENCES
1. R.L. Morgan et al., "Federated Security: The Shibboleth Approach," EDUCAUSE Quarterly, vol. 27, no. 4, 2004; http://net.educause.edu/ir/library/pdfEQM0442.pdf .
2. W. Johnston, S. Mudumbai, and M. Thompson, "Authorization and Attribute Certificates for Widely Distributed Access Control," Proc. 7th Workshop Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 98), IEEE CS Press, 1998, pp. 340-345.
3. Liberty Alliance ID-FF 1.2 Specifications, Liberty Alliance Project; www.projectliberty.org/liberty/resource_center/ specificationsliberty_alliance_id_ff_1_2_specifications .
4. D. Chadwick, "Authorisation Using Attributes from Multiple Authorities," Proc. 15th IEEE Int'l Workshops Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 06), IEEE CS Press, 2006, pp. 326-331.
5. J. Gemmill et al., "Cross-Domain Authorization for Federated Virtual Organizations Using the myVocs Collaboration Environment," Concurrency and Computation: Practice and Experience,22 July 2008; www3.interscience.wiley.com/journal/120780040 abstract.
6. N. Klingenstein, "Attribute Aggregation and Federated Identity," Proc. 2007 Int'l Symp. Applications and the Internet Workshops (SAINT-W 07), IEEE CS Press, 2007, p. 26.
7. D. Chadwick, G. Inman, and N. Klingenstein, "Authorisation Using Attributes from Multiple Authorities—A Study of Requirements," Proc. HCSIT Summit—ePortfolio Int'l Conf., 2007; www.cs.kent.ac.uk/pubs/2007/2794content.pdf .
8. W.E. Burr et al., "Electronic Authentication Guideline," special publication 800-63-1, 8 Dec. 2008, NIST; http://csrc.nist.gov/publications/drafts/ 800-63-rev1SP800-63-Rev1_Dec2008.pdf.
9. Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) v2.0, 15 Mar. 2005, OASIS; http://docs.oasis-open.org/security/saml/ v2.0saml-core-2.0-os.pdf.
10. J. Hodges et al., eds., "Liberty ID-WSF Authentication, Single Sign-On, and Identity Mapping Services Specification," v2.0, Liberty Alliance Project; www.projectliberty.org/liberty/content/download/ 3439/22943/fileliberty-idwsf-authn-svc-2.0-errata-v1.0.pdf .
11. C. Cahill and J. Hodges eds., "Liberty ID-WSF Discovery Service Specification," v2.0, Liberty Alliance Project; www.projectliberty.org/liberty/content/download/ 3449/22973/fileliberty-idwsf-disco-svc-2.0-errata-v1.0.pdf .
24 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool