A hybrid model of attribute aggregation in federated identity management
A hybrid model of attribute aggregation in federated identity management
The existing model of Federated Identity Management (FIM) allows a user to provide attributes only from a single Identity Provider (IdP) per service session. However, this does not cater to the fact that the user attributes are scattered and stored across multiple IdPs. An attribute aggregation mechanism would allow a user to aggregate attributes from multiple providers and pass them to a Service Provider (SP) in a single service session which would enable the SP to offer innovative service scenarios. Unfortunately, there exist only a handful of mechanisms for aggregating attributes and most of them either require complex user interactions or are based on unrealistic assumptions. In this paper, we present a novel approach called the Hybrid Model for aggregating attributes from multiple IdPs using one of the most popular FIM technologies: Security Assertion Markup Language (SAML). We present a thorough analysis of different requirements imposed by our proposed approach and discuss how we have developed a proof of concept using our model and what design choices we have made to meet the majority of these requirements. We also illustrate two use-cases to elaborate the applicability of our approach and analyse the advantages it offers and the limitations it currently has.
Attribute Aggregation, Federated Identity Management, SAML, Trust, Security, Privacy
120-154
Ferdous, Md Sadek
1a77c989-cc58-4d52-920a-da9c24f20e7d
Chowdhury, Farida
8c7798f3-da18-41e0-b22c-cd208f0941e0
Poet, Ron
3c7e3ce8-0023-4530-ab8a-b151852e8b1f
2017
Ferdous, Md Sadek
1a77c989-cc58-4d52-920a-da9c24f20e7d
Chowdhury, Farida
8c7798f3-da18-41e0-b22c-cd208f0941e0
Poet, Ron
3c7e3ce8-0023-4530-ab8a-b151852e8b1f
Ferdous, Md Sadek, Chowdhury, Farida and Poet, Ron
(2017)
A hybrid model of attribute aggregation in federated identity management.
In,
Chang, Victor, Ramachandran, Muthu, Walters, Robert J. and Wills, Gary
(eds.)
Enterprise Security: Second International Workshop, ES 2015, Vancouver, BC, Canada, November 30 - December 3, 2015, Revised Selected Papers.
(Lecture Notes in Computer Science, 10131)
Springer, .
(doi:10.1007/978-3-319-54380-2_6).
Record type:
Book Section
Abstract
The existing model of Federated Identity Management (FIM) allows a user to provide attributes only from a single Identity Provider (IdP) per service session. However, this does not cater to the fact that the user attributes are scattered and stored across multiple IdPs. An attribute aggregation mechanism would allow a user to aggregate attributes from multiple providers and pass them to a Service Provider (SP) in a single service session which would enable the SP to offer innovative service scenarios. Unfortunately, there exist only a handful of mechanisms for aggregating attributes and most of them either require complex user interactions or are based on unrealistic assumptions. In this paper, we present a novel approach called the Hybrid Model for aggregating attributes from multiple IdPs using one of the most popular FIM technologies: Security Assertion Markup Language (SAML). We present a thorough analysis of different requirements imposed by our proposed approach and discuss how we have developed a proof of concept using our model and what design choices we have made to meet the majority of these requirements. We also illustrate two use-cases to elaborate the applicability of our approach and analyse the advantages it offers and the limitations it currently has.
Text
AttributeAggregation_ESSB
- Accepted Manuscript
More information
e-pub ahead of print date: 19 March 2017
Published date: 2017
Keywords:
Attribute Aggregation, Federated Identity Management, SAML, Trust, Security, Privacy
Organisations:
Electronics & Computer Science
Identifiers
Local EPrints ID: 410798
URI: http://eprints.soton.ac.uk/id/eprint/410798
PURE UUID: 43436d16-ea94-4787-a1f5-73edce8a0d37
Catalogue record
Date deposited: 09 Jun 2017 09:40
Last modified: 16 Mar 2024 05:10
Export record
Altmetrics
Contributors
Author:
Md Sadek Ferdous
Author:
Farida Chowdhury
Author:
Ron Poet
Editor:
Victor Chang
Editor:
Muthu Ramachandran
Editor:
Robert J. Walters
Editor:
Gary Wills
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics