The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.02 - March/April (2008 vol.6)
pp: 16-23
Eve Maler , Sun Microsystems
ABSTRACT
Digital identities can be associated with everything from people to software applications to entire companies, but human digital identities prove the most interesting and challenging. Human digital identities can simplify network usage and enable new classes of applications, but they also introduce security and privacy risks. Federated identity management addresses scenarios in both enterprise and consumer contexts by defining how to dynamically distribute identity information and delegate identity tasks across security domains. This article explains federated identity's components, discusses security and privacy risks and architectural challenges, surveys the SAML, OpenID, and InfoCard protocols, and reviews new developments in federated identity management.
INDEX TERMS
digital identity, federated identity management, access control, security and privacy, user authentication, distributed identity management, SAML, OpenID, InfoCard, Cardspace
CITATION
Eve Maler, "The Venn of Identity: Options and Issues in Federated Identity Management", IEEE Security & Privacy, vol.6, no. 2, pp. 16-23, March/April 2008, doi:10.1109/MSP.2008.50
REFERENCES
1. Security Assertion Markup Language (SAML) V2.0, Oasis, 2007; http://docs.oasis-open.org/security/saml/ v2.0saml-conformance-2.0-os.pdf.
2. OpenID Authentication 2.0, OpenID Foundation, 2007; http://openid.net/specsopenid-authentication-2_0.html .
3. OpenID Attribute Exchange 1.0, OpenID Foundation, 2007; http://openid.net/specsopenid-attribute-exchange-1_0.html .
4. Identity Selector Interoperability Profile 1.0, Microsoft, 2007, http://download.microsoft.com/download/1/ 1/a/11ac6505-e4c0-4e05-987c-6f1d31855cd2 Identity-Selector-Interop-Profile-v1.pdf .
5. A. Pfitzmann and M. Hansen, Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management—A Consolidated Proposal for Terminology v0.31,15 Feb. 2008; http://dud.inf.tu-dresden.de/literaturAnon_Terminology_v0.31.pdf .
6. Extensible Resource Identifier (XRI) Syntax 2.0, Committee Specification, Oasis, 2005; www.oasis-open.org/committees/download.php 15377.
7. Identity Web Services Framework 2.0, Liberty Alliance, 2006; www.projectliberty.org/resource_center/specifications liberty_alliance_id_wsf_2_0_specifications_including_errata_v1_0_updates .
8. G. Wachob et al., eds., Extensible Resource Identifier (XRI) Resolution 2.0, Committee Draft, Feb. 2008; http://docs.oasis-open.org/xri/2.0/specs xri-resolution-V2.0.html.
9. J. Hodges, OpenID-SAML Lightweight Web Browser SSO Profile, IdentityMeme, 21 Sept. 2007; http://identitymeme.org/docdraft-hodges-saml-openid-profile-02.html .
10. A. Nadalin et al., eds., WS-Trust 1.3, Oasis Web Services Secure Exchange Technical Committee, 19 Mar. 2007; http://docs.oasis-open.org/ws-sx/ws-trust/ 200512ws-trust-1.3-os.html.
11. J. Hodges, Technical Comparison: OpenID and SAML, IdentityMeme, 17 Jan. 2008; http://identitymeme.org/docdraft-hodges-saml-openid-compare.html .
12. T. Abe, H. Itoh, and K. Takahashi, "Implementing Identity Provider on Mobile Phone," Proc. ACM Workshop on Digital Identity Management (ACM DIM), ACM Press, 2007, pp. 46–52.
16 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool