Integrating user Identity Management systems with the Host Identity Protocol

Identity Management (IdM) on the application layer improves the usability and security for end users by offering features like Single Sign-On and attribute provisioning. Unrelated approaches on the network layer introduce identity concepts to solve mobility problems and support multihoming. This paper describes a novel approach to the integration of IdM on the application layer with identity concepts introduced by the Host Identity Protocol (HIP). We propose an integrated architecture combining the advantages of both domains. In this scope, we tackle the mapping between the HIP namespace and user IdM namespace as well as we the management and assignment of user and host identities. The new architecture provides a unified view over user and host identities, enabling the exchange of user and host attributes, while it also provides enhanced security and network features.

[1]  Christian Hauser,et al.  Protecting virtual identities in mobile IP-based communication , 2007 .

[2]  Rui L. Aguiar,et al.  Virtual Identity Framework for Telecom Infrastructures , 2008, Wirel. Pers. Commun..

[3]  Michael Walfish,et al.  A layered naming architecture for the internet , 2004, SIGCOMM '04.

[4]  Susana Sargento,et al.  Preserving Privacy in Mobile Environments With Virtual Network Stacks , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[5]  Susana Sargento,et al.  Embedding identity in mobile environments , 2007, MobiArch '07.

[6]  Martin Stiemerling,et al.  HIP Resolution and Rendezvous Mechanisms , 2004 .

[7]  Phillip J. Windley Digital identity , 2005 .

[8]  Emin Gün Sirer,et al.  The design and implementation of a next generation name service for the internet , 2004, SIGCOMM.

[9]  Charles E. Perkins,et al.  Mobility support in IPv6 , 1996, MobiCom '96.

[10]  Pekka Nikander,et al.  Host Identity Protocol , 2005 .

[11]  Pekka Nikander,et al.  Host Identity Indirection Infrastructure (Hi3) , 2004 .

[12]  Vittorio Bertocci,et al.  Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities , 2007 .

[13]  Scott Shenker,et al.  Internet indirection infrastructure , 2002, SIGCOMM 2002.

[14]  Jari Arkko,et al.  A Node Identity Internetworking Architecture , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[15]  Antonio F. Gómez-Skarmeta,et al.  A network access control approach based on the AAA architecture and authorization attributes , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[16]  Jeff Hodges,et al.  Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2. 0 , 2001 .

[17]  Pekka Nikander,et al.  End-Host Mobility and Multihoming with the Host Identity Protocol , 2008, RFC.

[18]  Thomas R. Henderson,et al.  Experience with the host identity protocol for secure host mobility and multihoming , 2003, 2003 IEEE Wireless Communications and Networking, 2003. WCNC 2003..