Dynamic Trust Model for Federated Identity Management

The goal of federated identity management is to allow principals, such as identities and attributes, to be shared across trust boundaries based on established policies. Since current Single Sign-On (SSO) mechanism excessively relies on the specifications of Circle of Trust (CoT), the need for service collaboration from different domains is being addressed on CoT. For the motivating issue of the cross-domain SSO mechanism, we need an emergent dynamic trust list for calculating the trust parties, thus, the CoT specifications require an initial effort on enrolling members automatically to adapt to the dynamic open environment. In this paper, we propose a Dynamic Trust Policy Language to support trust negotiation. The formal syntax of this language is presented in Backus Naur Form (BNF) based on the concept of role membership. We also systematically develop the Dynamic Trust Model (DTM) to allow Untrusted SP to join the existing CoT by trust negotiation. Finally, we identify the process and algorithm for communication between negotiation entities.

[1]  Andrés Marín López,et al.  Towards dynamic trust establishment for identity federation , 2009, EATIS.

[2]  K.E. Seamons,et al.  Automated trust negotiation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[3]  Ting Yu,et al.  Towards a dynamic and composable model of trust , 2009, SACMAT '09.

[4]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[5]  Ninghui Li,et al.  Automated trust negotiation using cryptographic credentials , 2005, CCS '05.

[6]  Ninghui Li,et al.  DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.

[7]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[8]  Ninghui Li,et al.  RT: a Role-based Trust-management framework , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[9]  Lujo Bauer,et al.  Distributed proving in access-control systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[10]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[11]  Ninghui Li,et al.  Distributed Credential Chain Discovery in Trust Management , 2003, J. Comput. Secur..

[12]  Adam J. Lee,et al.  Towards a Dynamic and Composite Model of Trust , 2009 .