A User-centric Federated Single Sign-on System

There is a lack of built-in privacy mechanisms within the current identity management systems. The guarantee a user has about their privacy is merely the 'trust' that the service providers will enforce their privacy requirements. The contribution of this paper is a proposal for the extension of existing Federated Single Sign-On (FSSO) systems to adopt the beneficial properties of the User-Centric Identity Management (UCIM) model to provide an identity management system that allows the users to control and enforce their privacy requirements while still retaining the convenient features of FSSO. By having an identity management system that respects user's privacy in a concrete manner as opposed to a simple 'trust', users will trust the current electronic communication medium more and hence allows more services to grow in this field.

[1]  Siddharth Bajaj,et al.  Web Services Federation Language (WS- Federation) , 2003 .

[2]  Jeff Hodges,et al.  Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2. 0 , 2001 .

[3]  Abhi Shelat,et al.  Privacy and identity management for everyone , 2005, DIM '05.

[4]  Robert Valette,et al.  Proceedings of the 15th International Conference on Application and Theory of Petri Nets , 1994 .

[5]  Abhilasha Bhargav-Spantzel,et al.  User centricity: a taxonomy and open issues , 2006, DIM '06.

[6]  Gert Scheschonk,et al.  Simulation and Analysis of a Document Storage System , 1994, Application and Theory of Petri Nets.

[7]  A. Jøsang,et al.  User Centric Identity Management , 2005 .

[8]  Paul Ashley,et al.  Future Standardization Areas for Identity Management Systems , 2007 .

[9]  Audun Jøsang,et al.  Usability and Privacy in Identity Management Architectures , 2007, ACSW.

[10]  Richard F. Vidale,et al.  Analysis of an Ada System Using Coloured Petri Nets and Occurrence Graphs , 1992, Application and Theory of Petri Nets.

[11]  Kurt Jensen,et al.  Proceedings of the 13th International Conference on Application and Theory of Petri Nets , 1992 .

[12]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[13]  Peter Thompson,et al.  Liberty ID-FF Architecture Overview , 2003 .

[14]  Kurt Jensen,et al.  Coloured Petri Nets: Basic Concepts, Analysis Methods and Practical Use. Vol. 2, Analysis Methods , 1992 .

[15]  Jonathan Billington,et al.  A Coloured Petri Net Approach to Protocol Verification , 2003, Lectures on Concurrency and Petri Nets.

[16]  Wolfgang Reisig,et al.  Proceedings of the 17th International Conference on Application and Theory of Petri Nets , 1996 .

[17]  Jan Camenisch,et al.  A General Certification Framework with Applications to Privacy-Enhancing Certificate Infrastructures , 2006, SEC.

[18]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[19]  Lars Michael Kristensen,et al.  The practitioner’s guide to coloured Petri nets , 1998, International Journal on Software Tools for Technology Transfer.

[20]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[21]  Jan Camenisch,et al.  A Cryptographic Framework for the Controlled Release of Certified Data , 2004, Security Protocols Workshop.

[22]  Salah A. Aly,et al.  Protocol Verification And Analysis Using Colored Petri Nets , 2003 .

[23]  Jonathan Billington,et al.  Designing and Verifying a Communications Gateway Using Coloured Petri Nets and Design/CPN , 1996, Application and Theory of Petri Nets.

[24]  Endre Bangerter,et al.  A Cryptographic Framework for the Controlled Release of Certified Data , 2004, Security Protocols Workshop.