Universal Identity Management Model Based on Anonymous Credentials

The relationship-focused and credential-focused identity management are both user-centric notions in Service-oriented architecture (SOA). For composite services, pure user-centric identity management is inefficient because each sub-service may authenticate and authorize users and users need participate in every identity provisioning transaction. If the above two paradigms are unified into the universal identity management model where identity information and privileges are delegatable, user-centricity will be more feasible in SOA. This paper aims to extend WS-Federation to build a universal identity management model based on anonymous credentials, which provides the delegation of anonymous credentials and combines identity metasystem to support easy-to-use, consistent experience and transparent security. In addition, the concept of self-generated pseudonym is introduced to construct efficient anonymous delegation model.

[1]  Markulf Kohlweiss,et al.  Non-Interactive Anonymous Credentials , 2007, IACR Cryptol. ePrint Arch..

[2]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[3]  N. Asokan,et al.  Secure roaming with identity metasystems , 2008, IDtrust '08.

[4]  Abhilasha Bhargav-Spantzel,et al.  User centricity: a taxonomy and open issues , 2006, DIM '06.

[5]  Junliang Chen,et al.  A Delegation Solution for Universal Identity Management in SOA , 2011, IEEE Transactions on Services Computing.

[6]  Jim Basney,et al.  Grid Delegation Protocol , 2004 .

[7]  Ninghui Li,et al.  Distributed credential chain discovery in trust management: extended abstract , 2001, CCS '01.

[8]  Melissa Chase,et al.  On Signatures of Knowledge , 2006, CRYPTO.

[9]  Hovav Shacham,et al.  Delegatable Anonymous Credentials , 2008, IACR Cryptology ePrint Archive.

[10]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[11]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[12]  Pimjai Wesnarat,et al.  Identity Management im Liberty Alliance Project , 2003 .

[13]  Ivan Damgård,et al.  Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals , 1988, CRYPTO.

[14]  David Chaum,et al.  A Secure and Privacy-protecting Protocol for Transmitting Personal Information Between Organizations , 1986, CRYPTO.

[15]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[16]  Yang Zhang An Efficient Anonymous Authentication Protocol with Pseudonym Revocability , 2009, 2009 Fifth International Joint Conference on INC, IMS and IDC.

[17]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[18]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[19]  Lidong Chen Access with Pseudonyms , 1995, Cryptography: Policy and Algorithms.

[20]  Shigeru Hosono,et al.  A delegation framework for federated identity management , 2005, DIM '05.

[21]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[22]  K. Cameron,et al.  The Laws of Identity , 2005 .

[23]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[24]  Giovanni Della-Libera,et al.  Web Services Trust Language (WS-Trust) , 2002 .