Evaluation Criteria for Future Identity Management

The importance of identity management grows hand in hand with online services. This growth presents demands to the current technologies that require new solutions and tools to satisfy. In order to enable these new approaches, comprehensive design and evaluation criteria for identity management systems are needed. This work proposes new design and evaluation criteria for future identity management system designs. These new criteria are achieved by first reviewing criteria presented in current literature and then proceeding to combine these to create a more comprehensive set of requirements. The resulting criteria were then successfully tested by evaluating the Shibboleth and OpenID approaches to identity management. This test also produced preliminary results on aspects of identity management that future systems should attempt to address such as trust management.

[1]  Fayez Al-Shraideh,et al.  Host Identity Protocol , 2006, International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies (ICNICONSMCL'06).

[2]  Spyros G. Denazis,et al.  Identity management directions in future internet , 2011, IEEE Communications Magazine.

[3]  Kyunghan Lee,et al.  Mobile Data Offloading: How Much Can WiFi Deliver? , 2013, IEEE/ACM Transactions on Networking.

[4]  Denis Royer,et al.  Assessing the Value of Enterprise Identity Management (EIdM) – Towards a Generic Evaluation Approach , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[5]  Michael B. Jones The Identity Metasystem : A User-Centric , Inclusive Web Authentication Solution , 2006 .

[6]  David W. Chadwick,et al.  Federated Identity Management , 2009, FOSAD.

[7]  Zheng Yan,et al.  Building up Trusted Identity Management in Mobile Heterogeneous Environment , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[8]  Jean-Marc Seigneur,et al.  A Survey of User-centric Identity Management Technologies , 2007, The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007).

[9]  Kyunghan Lee,et al.  Mobile data offloading: how much can WiFi deliver? , 2010, SIGCOMM 2010.

[10]  Gail-Joon Ahn,et al.  Managing privacy preferences for federated identity management , 2005, DIM '05.

[11]  Michael B. Jones,et al.  Design Rationale behind the Identity Metasystem Architecture , 2007, ISSE.

[12]  N. Asokan,et al.  Secure roaming with identity metasystems , 2008, IDtrust '08.

[13]  Christoph Meinel,et al.  Automated Security Service Orchestration for the Identity Management in Web Service Based Systems , 2011, 2011 IEEE International Conference on Web Services.

[14]  Deepak Goel,et al.  RATING: rigorous assessment of trust in identity management , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[15]  Marit Hansen,et al.  User-Centric Identity Management: New Trends in Standardization and Regulation , 2007, IEEE Security & Privacy.

[16]  Dirk Scheuermann,et al.  Security and privacy enablers for future Identity Management systems , 2010, 2010 Future Network & Mobile Summit.

[17]  Rachna Dhamija,et al.  The Seven Flaws of Identity Management: Usability and Security Challenges , 2008, IEEE Security & Privacy.

[18]  Jon Finke Identity Management , 2006, LISA.