期刊
JOURNAL OF COMPUTER SECURITY
卷 15, 期 5, 页码 493-527出版社
IOS PRESS
DOI: 10.3233/JCS-2007-15502
关键词
Identity management; security; privacy
资金
- European Commission through the IST Project PRIME
- European Community's Sixth Framework Programme
- Swiss Federal Office for Education and Science
User centricity is a significant concept in federated identity management (FIM), as it provides for stronger user control and privacy. However, several notions of user-centricity in the FIM community render its semantics unclear and hamper future research in this area. Therefore, we consider user-centricity abstractly and establish a comprehensive taxonomy encompassing user-control, architecture, and usability aspects of user-centric FIM. We highlight the various mechanisms to achieve the properties identified in the taxonomy. We show how these mechanisms may differ based on the underlying technologies which in turn result in different trust assumptions. We classify the technologies into two predominant variants of user-centric FIM systems with significant feature sets. We distinguish credential-focused systems, which advocate offline identity providers and long-term credentials at a user's client, and relationship-focused systems, which rely on the relationships between users and online identity providers that create shortterm credentials during transactions. Note that these two notions of credentials are quite different. The former encompasses cryptographic credentials as defined by Lysyanskaya et al., in Selected Areas in Cryptography, LNCS, vol. 1758, and the latter encompasses federation tokens as used in today's FIM protocols like Liberty. We raise the question where user-centric FIM systems may go -within the limitations of the user-centricity paradigm as well as beyond them. Firstly, we investigate the existence of a universal user-centric FIM system that can achieve a superset of security and privacy properties as well as the characteristic features of both predominant classes. Secondly, we explore the feasibility of reaching beyond user centricity, that is, allowing a user of a user-centric FIM system to again give away user control by means of an explicit act of delegation. We do neither claim a solution for universal user-centric systems nor for the extension beyond the boundaries of user centricity, however, we establish a starting point for both ventures by leveraging the properties of a credential-focused FIM system.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据