Tutorial: Identity Management Systems and Secured Access Control

Identity Management has been a serious problem since the establishment of the Internet. Yet little progress has been made toward an acceptable solution. Early Identity Management Systems (IdMS) were designed to control access to resources and match capabilities with people in well-defined situations, Today’s computing environment involves a variety of user and machine centric forms of digital identities and fuzzy organizational boundaries. With the advent of interorganizational systems, social networks, e-commerce, m-commerce, service oriented computing, and automated agents, the characteristics of IdMS face a large number of technical and social challenges. The first part of the tutorial describes the history and conceptualization of IdMS, current trends and proposed paradigms, identity lifecycle, implementation challenges and social issues. The second part addresses standards, industry initia-tives, and vendor solutions. We conclude that there is disconnect between the need for a universal, seamless, trans-parent IdMS and current proposed standards and vendor solutions.

[1]  A. Pfitzmann,et al.  Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management – A Consolidated Proposal for Terminology , 2002 .

[2]  Mokdong Chung,et al.  Design and Implementation of an RFID-based Enterprise Application Framework based on Abstract BP and Kerberos , 2006, J. Inf. Process. Syst..

[3]  K. Cameron The Laws of Identity , 2005 .

[4]  Michael B. Jones,et al.  Design Rationale behind the Identity Metasystem Architecture , 2007, ISSE.

[5]  Gavenraj Sodhi User provisioning with SPML , 2004, Inf. Secur. Tech. Rep..

[6]  Anna Christina Nobre,et al.  Time is of the essence , 2004, Trends in Cognitive Sciences.

[7]  Wolfgang Wörndl,et al.  Community support and identity management , 2001, ECSCW.

[8]  Birgit Pfitzmann,et al.  Token-based Web Single Signon with Enabled Clients , 2002 .

[9]  S. Kellomki Liberty ID-SIS Employee Profile Service Specification , 2003 .

[10]  Michael T. Goodrich,et al.  Notarized federated ID management and authentication , 2008, J. Comput. Secur..

[11]  Andre Scedrov,et al.  Breaking and fixing public-key Kerberos , 2006, Inf. Comput..

[12]  Sabrina De Capitani di Vimercati,et al.  Managing Multiple and Dependable Identities , 2003, IEEE Internet Comput..

[13]  Peter Thompson,et al.  Liberty ID-FF Architecture Overview , 2003 .

[14]  Jigang Liu,et al.  A Framework for Enhancing Web Services Security , 2007, 31st Annual International Computer Software and Applications Conference (COMPSAC 2007).

[15]  Jeff Hodges,et al.  Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2. 0 , 2001 .

[16]  Ernesto Damiani,et al.  XML-based access control languages , 2004, Inf. Secur. Tech. Rep..

[17]  Wolfgang Prinz,et al.  Proceedings of the Seventh European Conference on Computer Supported Cooperative Work, 16-20 September 2001, Bonn, Germany , 2001, ECSCW.

[18]  Athanasios Karantjias,et al.  A Federated Privacy-Enhancing Identity Management System (FPE-IMS) , 2007, 2007 IEEE 18th International Symposium on Personal, Indoor and Mobile Radio Communications.

[19]  Herbert J. Mattord,et al.  Principles of Information Security , 2004 .

[20]  Nancy Davis Kho THE Changing Face OF IDENTITY MANAGEMENT , 2009 .

[21]  Chris J. Mitchell,et al.  A client-side CardSpace-Liberty integration architecture , 2008, IDtrust '08.