Complex federation architectures: stakes, tricks & issues

In this article, we expose the basics of distributed identity management systems and characterize what makes an identity federation architecture a singular one. We depict the evolutions and current trends of the interconnection of information systems by exposing what could be a global identity management system issued from the convergence of multiple identity federations. Thereby, we expose the expected functionalities of such an architecture and we also describe the basic distributed identity management mechanisms necessary for their deployment. Then, we discuss about privacy concerns and why some of these functionalities should be implemented carefully.

[1]  Jan De Clercq,et al.  Single Sign-On Architectures , 2002, InfraSec.

[2]  Birgit Pfitzmann,et al.  Privacy in Enterprise Identity Federation - Policies for Liberty Single Signon , 2003, Privacy Enhancing Technologies.

[3]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[4]  Ahmad-Reza Sadeghi,et al.  Proving a WS-federation passive requestor profile with a browser model , 2005, SWS '05.

[5]  Jonathan D. Moffett,et al.  Delegation of authority using domain-based access rules , 1990 .

[6]  John Linn,et al.  Trust Models Guidelines , 2004 .

[7]  Thomas Groß,et al.  Security analysis of the SAML single sign-on browser/artifact profile , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..