User-controlled automated identity delegation

Authors / Editors

Research Areas

Publication Details

Output type: Journal article

Author list: Hoellrigl T, Kuhner H, Dinger J, Hartenstein H

Publisher: Institute of Electrical and Electronics Engineers

Publication year: 2010

Journal: IEEE Transactions on Network and Service Management (1932-4537)

Volume number: 4

Issue number: 7

Start page: 230

End page: 233

Number of pages: 4

ISSN: 1932-4537

eISSN: 1932-4537

URL: http://www.scopus.com/inward/record.url?partnerID=yv4JPVwI&eid=2-s2.0-79951614522&md5=a13972e93c51d34137ffb102ed13db62

• View on publisher site

Unpaywall Data

Open access status: green

Full text URL: http://dsn.tm.kit.edu/publications/files/21/72885_CNSM_Hoellrigl.pdf

Abstract

The growing number of IT services in distributed systems increases the need to allow users to keep track of which personal data is retained by which service. User-centric federated identity management (FIM) tackles this goal by enabling users to approve each data dissemination between the providers of identity-related information, so-called identity providers (IdPs), and the consumers of this information, the service providers. To prevent a single IdP from gaining a comprehensive set of user information, user-centric FIM motivates the use of multiple IdPs even though this distribution of responsibilities might result in information redundancy and therefore raises consistency issues. User-centric FIM systems do not cope with information consistency sufficiently, mainly because these systems require that each dissemination of user attributes is manually approved by the user. We propose an approach, named User-Controlled Automated Identity Delegation, that allows a controlled data dissemination based on an automated user approval by introducing an additional party called Identity Delegate. The Identity Delegate is designed in consideration of the following central ideas: (i) user centricity - all data dissemination is still under user control, (ii) privacy - the delegate cannot read or gather personal data, (iii) efficiency - the effort to integrate and operate the delegate within an existing FIM system is kept low. We cover the experience made with an implementation based on Windows CardSpace. © 2010 IEEE.

Keywords

No matching items found.

Documents

No matching items found.