May 24, 2009 to May 28, 2009
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICIW.2009.85
Over the past years web applications increased in number and complexity (driven by “Web 2.0” paradigm). Users need to manage different passwords to authenticate at these applications. Modern Web-based Single Sign-On solutions that reduce the complexity for usage and management of the users’ credentials can be categorized in federated (typically SAML) or user-centric identity management (e.g., OpenID). On the one hand federated identity management is secure and most prevalent (especially in scientific communities). On the other hand user-centric approaches offer better usability and maintainability. While establishing federated identities for the Max Planck Society using the SAML-based Shibboleth system several extensions have been made to support the integration in different federations and allowing various authentication mechanisms being used by the 80 autonomous institutes. This paper describes the extensions by introducing an “IdP Proxy” that combines advantages of both federated and user-centric identity management functions.
Identity Management, Shibboleth, OpenID, SAML, Web-based Single Sign-On
Sebastian Rieger, "User-Centric Identity Management in Heterogeneous Federations", ICIW, 2009, Internet and Web Applications and Services, International Conference on, Internet and Web Applications and Services, International Conference on 2009, pp. 527-532, doi:10.1109/ICIW.2009.85