Enhancing Claim-Based Identity Management by Adding a Credibility Level to the Notion of Claims

Claim-based identity management denotes an open identity model which uses the notion of claims to describe identity attributes. A claim is an identity attribute named with an abstract identifier (e.g. a URI), which applications and services can use to specify the attributes they need. Open and extensible formats for the exchange of identity attributes ensure interoperability among different identity systems. For this reason, claim-based identity management lays the ground for Identity Metasystems, which provide an identity layer on top of existing identity systems and promise an easier management of digital identities among the Internet.However, the Internet grew into an environment of mostly isolated domains for a good reason. Service providers find it hard to accept identity information from any other than the own domain. While claim-based identity management provides the means to specify identity information on a per-attribute basis, trust is usually defined in a general manner. Service providers state the issuers of identity information, they trust, but do not restrict for what. In this paper, we argue that for a truly decentralized management of identity information, trust should be defined on the same granular level as identity information. We propose a model which considers trust on a per-claim basis. In our model, trust into a claim is defined as the assumed correctness and integrity of a claim in dependence of the issuer. As a proof-of-concept, we implemented a small flight booking scenario which uses claims augmented with an expected trust level to show how we can achieve more flexibility for the user in his choice of an identity provider when considering not only whom to trust, but for what.