论文信息 - Enabling SAML for Dynamic Identity Federation Management

Enabling SAML for Dynamic Identity Federation Management

Federation in identity management has emerged as a key concept for reducing complexity in the companies and offering an improved user experience when accessing services. In this sense, the process of trust establishment is fundamental to allow rapid and seamless interaction between different trust domains. However, the problem of establishing identity federations in dynamic and open environments that form part of Next Generation Networks (NGNs), where it is desirable to speed up the processes of service provisioning and deprovisioning, has not been fully addressed. This paper analyzes the underlying trust mechanisms of the existing frameworks for federated identity management and its suitability to be applied in the mentioned environments. This analysis is mainly focused on the Single Sign On (SSO) profile. We propose a generic extension for the SAML standard in order to facilitate the creation of federation relationships in a dynamic way between prior unknown parties. Finally, we give some details of implementation and compatibility issues.

Andrés Marín López | Daniel Díaz Sánchez | Patricia Arias Cabarcos | Florina Almenárez Mendoza

[1] Andreas Matheus,et al. How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[2] Eve Maler,et al. The Venn of Identity: Options and Issues in Federated Identity Management , 2008, IEEE Security & Privacy.

[3] Frank Stajano. Security in Pervasive Computing , 2003, SPC.

[4] Phillip Hallam-Baker,et al. Web services security: soap message security , 2003 .

[5] Leif Johansson,et al. Dynamic Security Assertion Markup Language: Simplifying Single Sign-On , 2008, IEEE Security & Privacy.

[6] Andrés Marín López,et al. TrustAC: Trust-Based Access Control for Pervasive Devices , 2005, SPC.

[7] David Cooper,et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[8] Geoff Simons. Options and Issues , 1998 .

[9] Audun Jøsang,et al. A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..