This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Attribute Aggregation in Federated Identity Management
May 2009 (vol. 42 no. 5)
pp. 33-40
David W. Chadwick, University of Kent
George Inman, University of Kent
Most federated identity management systems are limited by users' ability to choose only one identity provider per service session. A proposed linking service lets users securely link their various identity provider (IdP) accounts, enabling the system to aggregate attributes from multiple authoritative sources automatically without requiring users to authenticate separately to each IdP.

1. R.L. Morgan et al., "Federated Security: The Shibboleth Approach," EDUCAUSE Quarterly, vol. 27, no. 4, 2004; http://net.educause.edu/ir/library/pdfEQM0442.pdf .
2. W. Johnston, S. Mudumbai, and M. Thompson, "Authorization and Attribute Certificates for Widely Distributed Access Control," Proc. 7th Workshop Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 98), IEEE CS Press, 1998, pp. 340-345.
3. Liberty Alliance ID-FF 1.2 Specifications, Liberty Alliance Project; www.projectliberty.org/liberty/resource_center/ specificationsliberty_alliance_id_ff_1_2_specifications .
4. D. Chadwick, "Authorisation Using Attributes from Multiple Authorities," Proc. 15th IEEE Int'l Workshops Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 06), IEEE CS Press, 2006, pp. 326-331.
5. J. Gemmill et al., "Cross-Domain Authorization for Federated Virtual Organizations Using the myVocs Collaboration Environment," Concurrency and Computation: Practice and Experience,22 July 2008; www3.interscience.wiley.com/journal/120780040 abstract.
6. N. Klingenstein, "Attribute Aggregation and Federated Identity," Proc. 2007 Int'l Symp. Applications and the Internet Workshops (SAINT-W 07), IEEE CS Press, 2007, p. 26.
7. D. Chadwick, G. Inman, and N. Klingenstein, "Authorisation Using Attributes from Multiple Authorities—A Study of Requirements," Proc. HCSIT Summit—ePortfolio Int'l Conf., 2007; www.cs.kent.ac.uk/pubs/2007/2794content.pdf .
8. W.E. Burr et al., "Electronic Authentication Guideline," special publication 800-63-1, 8 Dec. 2008, NIST; http://csrc.nist.gov/publications/drafts/ 800-63-rev1SP800-63-Rev1_Dec2008.pdf.
9. Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) v2.0, 15 Mar. 2005, OASIS; http://docs.oasis-open.org/security/saml/ v2.0saml-core-2.0-os.pdf.
10. J. Hodges et al., eds., "Liberty ID-WSF Authentication, Single Sign-On, and Identity Mapping Services Specification," v2.0, Liberty Alliance Project; www.projectliberty.org/liberty/content/download/ 3439/22943/fileliberty-idwsf-authn-svc-2.0-errata-v1.0.pdf .
11. C. Cahill and J. Hodges eds., "Liberty ID-WSF Discovery Service Specification," v2.0, Liberty Alliance Project; www.projectliberty.org/liberty/content/download/ 3449/22973/fileliberty-idwsf-disco-svc-2.0-errata-v1.0.pdf .

Index Terms:
Identity management systems, Attribute aggregation, Linking service, SAML, Liberty Alliance, CardSpace, Security & privacy
Citation:
David W. Chadwick, George Inman, "Attribute Aggregation in Federated Identity Management," Computer, vol. 42, no. 5, pp. 33-40, May 2009, doi:10.1109/MC.2009.143
Usage of this product signifies your acceptance of the Terms of Use.