This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
The Venn of Identity: Options and Issues in Federated Identity Management
March/April 2008 (vol. 6 no. 2)
pp. 16-23
Eve Maler, Sun Microsystems
Drummond Reed, Cordance Corporation
Digital identities can be associated with everything from people to software applications to entire companies, but human digital identities prove the most interesting and challenging. Human digital identities can simplify network usage and enable new classes of applications, but they also introduce security and privacy risks. Federated identity management addresses scenarios in both enterprise and consumer contexts by defining how to dynamically distribute identity information and delegate identity tasks across security domains. This article explains federated identity's components, discusses security and privacy risks and architectural challenges, surveys the SAML, OpenID, and InfoCard protocols, and reviews new developments in federated identity management.

1. Security Assertion Markup Language (SAML) V2.0, Oasis, 2007; http://docs.oasis-open.org/security/saml/ v2.0saml-conformance-2.0-os.pdf.
2. OpenID Authentication 2.0, OpenID Foundation, 2007; http://openid.net/specsopenid-authentication-2_0.html .
3. OpenID Attribute Exchange 1.0, OpenID Foundation, 2007; http://openid.net/specsopenid-attribute-exchange-1_0.html .
4. Identity Selector Interoperability Profile 1.0, Microsoft, 2007, http://download.microsoft.com/download/1/ 1/a/11ac6505-e4c0-4e05-987c-6f1d31855cd2 Identity-Selector-Interop-Profile-v1.pdf .
5. A. Pfitzmann and M. Hansen, Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management—A Consolidated Proposal for Terminology v0.31,15 Feb. 2008; http://dud.inf.tu-dresden.de/literaturAnon_Terminology_v0.31.pdf .
6. Extensible Resource Identifier (XRI) Syntax 2.0, Committee Specification, Oasis, 2005; www.oasis-open.org/committees/download.php 15377.
7. Identity Web Services Framework 2.0, Liberty Alliance, 2006; www.projectliberty.org/resource_center/specifications liberty_alliance_id_wsf_2_0_specifications_including_errata_v1_0_updates .
8. G. Wachob et al., eds., Extensible Resource Identifier (XRI) Resolution 2.0, Committee Draft, Feb. 2008; http://docs.oasis-open.org/xri/2.0/specs xri-resolution-V2.0.html.
9. J. Hodges, OpenID-SAML Lightweight Web Browser SSO Profile, IdentityMeme, 21 Sept. 2007; http://identitymeme.org/docdraft-hodges-saml-openid-profile-02.html .
10. A. Nadalin et al., eds., WS-Trust 1.3, Oasis Web Services Secure Exchange Technical Committee, 19 Mar. 2007; http://docs.oasis-open.org/ws-sx/ws-trust/ 200512ws-trust-1.3-os.html.
11. J. Hodges, Technical Comparison: OpenID and SAML, IdentityMeme, 17 Jan. 2008; http://identitymeme.org/docdraft-hodges-saml-openid-compare.html .
12. T. Abe, H. Itoh, and K. Takahashi, "Implementing Identity Provider on Mobile Phone," Proc. ACM Workshop on Digital Identity Management (ACM DIM), ACM Press, 2007, pp. 46–52.

Index Terms:
digital identity, federated identity management, access control, security and privacy, user authentication, distributed identity management, SAML, OpenID, InfoCard, Cardspace
Citation:
Eve Maler, Drummond Reed, "The Venn of Identity: Options and Issues in Federated Identity Management," IEEE Security & Privacy, vol. 6, no. 2, pp. 16-23, March-April 2008, doi:10.1109/MSP.2008.50
Usage of this product signifies your acceptance of the Terms of Use.