The University of Southampton
University of Southampton Institutional Repository

A hybrid model of attribute aggregation in federated identity management

A hybrid model of attribute aggregation in federated identity management
A hybrid model of attribute aggregation in federated identity management
The existing model of Federated Identity Management (FIM) allows a user to provide attributes only from a single Identity Provider (IdP) per service session. However, this does not cater to the fact that the user attributes are scattered and stored across multiple IdPs. An attribute aggregation mechanism would allow a user to aggregate attributes from multiple providers and pass them to a Service Provider (SP) in a single service session which would enable the SP to offer innovative service scenarios. Unfortunately, there exist only a handful of mechanisms for aggregating attributes and most of them either require complex user interactions or are based on unrealistic assumptions. In this paper, we present a novel approach called the Hybrid Model for aggregating attributes from multiple IdPs using one of the most popular FIM technologies: Security Assertion Markup Language (SAML). We present a thorough analysis of different requirements imposed by our proposed approach and discuss how we have developed a proof of concept using our model and what design choices we have made to meet the majority of these requirements. We also illustrate two use-cases to elaborate the applicability of our approach and analyse the advantages it offers and the limitations it currently has.
Attribute Aggregation, Federated Identity Management, SAML, Trust, Security, Privacy
120-154
Springer International
Ferdous, Md Sadek
1a77c989-cc58-4d52-920a-da9c24f20e7d
Chowdhury, Farida
8c7798f3-da18-41e0-b22c-cd208f0941e0
Poet, Ron
3c7e3ce8-0023-4530-ab8a-b151852e8b1f
Chang, Victor
Ramachandran, Muthu
Walters, Robert J.
Wills, Gary
Ferdous, Md Sadek
1a77c989-cc58-4d52-920a-da9c24f20e7d
Chowdhury, Farida
8c7798f3-da18-41e0-b22c-cd208f0941e0
Poet, Ron
3c7e3ce8-0023-4530-ab8a-b151852e8b1f
Chang, Victor
Ramachandran, Muthu
Walters, Robert J.
Wills, Gary

Ferdous, Md Sadek, Chowdhury, Farida and Poet, Ron (2017) A hybrid model of attribute aggregation in federated identity management. In, Chang, Victor, Ramachandran, Muthu, Walters, Robert J. and Wills, Gary (eds.) Enterprise Security: Second International Workshop, ES 2015, Vancouver, BC, Canada, November 30 - December 3, 2015, Revised Selected Papers. (Lecture Notes in Computer Science, , (doi:10.1007/978-3-319-54380-2_6), 10131) Springer International, pp. 120-154. (doi:10.1007/978-3-319-54380-2_6).

Record type: Book Section

Abstract

The existing model of Federated Identity Management (FIM) allows a user to provide attributes only from a single Identity Provider (IdP) per service session. However, this does not cater to the fact that the user attributes are scattered and stored across multiple IdPs. An attribute aggregation mechanism would allow a user to aggregate attributes from multiple providers and pass them to a Service Provider (SP) in a single service session which would enable the SP to offer innovative service scenarios. Unfortunately, there exist only a handful of mechanisms for aggregating attributes and most of them either require complex user interactions or are based on unrealistic assumptions. In this paper, we present a novel approach called the Hybrid Model for aggregating attributes from multiple IdPs using one of the most popular FIM technologies: Security Assertion Markup Language (SAML). We present a thorough analysis of different requirements imposed by our proposed approach and discuss how we have developed a proof of concept using our model and what design choices we have made to meet the majority of these requirements. We also illustrate two use-cases to elaborate the applicability of our approach and analyse the advantages it offers and the limitations it currently has.

Text
AttributeAggregation_ESSB - Accepted Manuscript
Download (1MB)

More information

e-pub ahead of print date: 19 March 2017
Published date: 2017
Keywords: Attribute Aggregation, Federated Identity Management, SAML, Trust, Security, Privacy
Organisations: Electronics & Computer Science

Identifiers

Local EPrints ID: 410798
URI: http://eprints.soton.ac.uk/id/eprint/410798
PURE UUID: 43436d16-ea94-4787-a1f5-73edce8a0d37

Catalogue record

Date deposited: 09 Jun 2017 09:40
Last modified: 20 Jul 2019 05:16

Export record

Altmetrics

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×