Chapter

A Hybrid Model of Attribute Aggregation in Federated Identity Management

Authors:
If you want to read the PDF, try requesting it from the authors.

Abstract

The existing model of Federated Identity Management (FIM) allows a user to provide attributes only from a single Identity Provider (IdP) per service session. However, this does not cater to the fact that the user attributes are scattered and stored across multiple IdPs. An attribute aggregation mechanism would allow a user to aggregate attributes from multiple providers and pass them to a Service Provider (SP) in a single service session which would enable the SP to offer innovative service scenarios. Unfortunately, there exist only a handful of mechanisms for aggregating attributes and most of them either require complex user interactions or are based on unrealistic assumptions. In this paper, we present a novel approach called the Hybrid Model for aggregating attributes from multiple IdPs using one of the most popular FIM technologies: Security Assertion Markup Language (SAML). We present a thorough analysis of different requirements imposed by our proposed approach and discuss how we have developed a proof of concept using our model and what design choices we have made to meet the majority of these requirements. We also illustrate two use-cases to elaborate the applicability of our approach and analyse the advantages it offers and the limitations it currently has.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Traditional IdPs within the centralized domain generally do not support any attribute aggregation mechanism. However, there have been works that have explored how attribute aggregation can be achieved within the federated domain [29], [30]. Nevertheless, we do not explore them any further than the assumption that there are some centralized public IdPs which provide interfaces (e.g. via an API) to generate and supply assertions to other IdPs in a secure way. ...
Article
Full-text available
In recent times, with the advent of blockchain technology, there is an optimism surrounding the concept of self-sovereign identity which is regarded to have influential effect on how we interact with each other over the Internet in future. There are a few works in the literature which examine different aspects of self-sovereign identity. Unfortunately, the existing works are not methodological and comprehensive at all. Moreover, there exist different notions what the term self-sovereign identity means. To exploit its full potential, it is essential to ensure a common understanding in a formal way. This article aims to achieve this goal by providing the first-ever formal and rigorous treatment of the concept self-sovereign identity using a mathematical model. This article examines the properties that a self-sovereign identity should have and explores the impact of self-sovereign identity over the Laws of Identity. It also highlights the essential lifecycles of an Identity Management System and inter-relates how the notion of self-sovereign identity can be applied in these life-cycles. In addition, the article illustrates several envisioned flows involving a self-sovereign identity leveraging blockchain technology covering different aspects of an Identity Management System. All in all, this article presents the first formal and comprehensive step towards an academic investigation of self-sovereign identity.
Article
Full-text available
Identity management is a principle component of securing online services. In the advancement of traditional identity management patterns, the identity provider remained a Trusted Third Party (TTP). The service provider and the user need to trust a particular identity provider for correct attributes amongst other demands. This paradigm changed with the invention of blockchain-based Self-Sovereign Identity (SSI) solutions that primarily focus on the users. SSI reduces the functional scope of the identity provider to an attribute provider while enabling attribute aggregation. Besides that, the development of new protocols, disregarding established protocols and a significantly fragmented landscape of SSI solutions pose considerable challenges for an adoption by service providers. We propose an Attribute Trust-enhancing Identity Broker (ATIB) to leverage the potential of SSI for trust-enhancing attribute aggregation. Furthermore, ATIB abstracts from a dedicated SSI solution and offers standard protocols. Therefore, it facilitates the adoption by service providers. Despite the brokered integration approach, we show that ATIB provides a high security posture. Additionally, ATIB does not compromise the ten foundational SSI principles for the users.
Article
Full-text available
In the last decade or so, we have experienced a tremendous proliferation and popularity of different Social Networks (SNs), resulting more and more user attributes being stored in such SNs. These attributes represent a valuable asset and many innovative online services are offered in exchange of such attributes. This particular phenomenon has allured these social networks to act as Identity Providers (IdPs). However, the current setting unnecessarily imposes a restriction: a user can only release attributes from one single IdP in a single session, thereby, limiting the user to aggregate attributes from multiple IdPs within the same session. In addition, our analysis suggests that the manner by which attributes are released from these SNs is extremely privacy-invasive and a user has very limited control to exercise her privacy during this process. In this article, we present Social Anchor, a system for attribute aggregation from social networks in a privacy-friendly fashion. Our proposed Social Anchor system effectively addresses both of these serious issues. Apart from the proposal, we have implemented Social Anchor following a set of security and privacy requirements. We have also examined the associated trust issues using a formal trust analysis model. Besides, we have presented a formal analysis of its protocols using a state-of-the-art formal analysis tool called AVISPA to ensure the security of Social Anchor. Finally, we have provided a performance analysis of Social Anchor.
Conference Paper
Full-text available
There exist disparate sets of definitions with different se-mantics on different topics of Identity Management which often lead to misunderstanding. A few efforts can be found compiling several related vocabularies into a single place to build up a set of definitions based on a common semantic. However, these efforts are not comprehensive and are only textual in nature. In essence, a mathematical model of iden-tity and identity management covering all its aspects is still missing. In this paper we build up a mathematical model of different core topics covering a wide range of vocabular-ies related to Identity Management. At first we build up a mathematical model of Digital Identity. Then we use the model to analyse different aspects of Identity Management. Finally, we discuss three applications to illustrate the ap-plicability of our approach. Being based on mathematical foundations, the approach can be used to build up a solid understanding on different topics of Identity Management.
Conference Paper
Full-text available
This paper presents a comparative analysis of different at-tribute aggregation models against a set of requirements in the settings of the Federated Identity Management (FIM). There are several attribute aggregation models currently available which allow the user to collate attributes from multiple identity providers (IdP in short) in a single service. These models impose different novel requirements which have never been analysed before and there lacks a thorough analysis of these models that will compare them side-by-side against a set of requirements. We aim to �ll in these gaps in this work. We have formulated a set of trust, functional, security and privacy requirements that are needed for each model and shown the interlink between these requirements. These requirements have been used to compare the models side-by-side in tabular forms which would allow the readers to instantly identify the requirements for each model, the advantages it offers and the weaknesses it has.
Conference Paper
Full-text available
Security Assertion Markup Language (SAML, in short) is one of the most widely used technologies to enable Identity Federation among organisations from different trust domains. Despite its several advantages, one of the key disadvantages of SAML is the mechanism by which an identity federation is established. This mechanism lacks flexibility to create a federation in a dynamic fashion to enable service provisioning (or de-provisioning) in real time. Several different mechanisms to rectify this problem have been proposed. However, most of them require a more elaborate change at the core of the SAML. In this pa-per we present a simple approach based on an already drafted SAML Profile which requires no change of the SAML, rather it depends on the implementation of SAML. It will allow users to create federations using SAML between two prior unknown organisations in a dynamic fashion. Implicit in each identity federation is the issue of trust. Therefore, we also analyse in detail the trust issues of dynamic federations. Finally, we discuss our implemented proof of concept to elaborate the practicality of our approach.
Conference Paper
Full-text available
With a view to provide more effective, enhanced and accessible services to their citizens, Governments around the globe have started different web services under the initiative of e-Government. Many such services extensively utilise the Federated Identity framework due to its huge number of benefits. This paper analyses how different e-initiatives in Bangladesh can take advantage of this technology by illustrating use-cases in two different domains. As the online service and the e-Governance paradigm in Bangladesh are relatively new and evolving rapidly, we believe that this is the high-time to consider the benefits this technology can bring for the Government as well as the citizen.
Conference Paper
Full-text available
We describe a federated identity management service that allows users to access organisational resources using their existing login accounts at social networking and other sites, without compromising the security of the organisation’s resources. We utilise and extend the Level of Assurance (LoA) concept to ensure the organisation’s site remains secure. Users are empowered to link together their various accounts, including their organizational one with an external one, so that the strongest registration procedure of one linked account can be leveraged by the other sites’ login processes that have less stringent registration procedures. Coupled with attribute release from their organizational account, this allows users to escalate their privileges due to either an increased LoA, or additional attributes, or both. The conceptual and architectural designs are described, followed by the implementation details, the user trials we carried out, and a discussion of the current limitations of the system.
Article
Full-text available
The SAML V2.0 Assertions and Protocols specification defines the syntax and semantics for XML-encoded assertions about authentication, attributes, and authorization, and for the protocols that convey this information. This document, known as an "errata composite", combines corrections to reported errata with the original specification text. By design, the corrections are limited to clarifications of ambiguous or conflicting specification text. This document shows deletions from the original specification as struck-through text, and additions as colored underlined text. The "[Enn]" designations embedded in the text refer to particular errata and their dispositions.
Article
Full-text available
We routinely hear vendors claim that their systems are "secure." However, without knowing what assumptions are made by the vendor, it is hard to justify such a claim. Prior to claiming the security of a system, it is important to iden-tify the threats to the system in question. Enumerating the threats to a system helps system architects develop realis-tic and meaningful security requirements. In this paper, we investigate how threat modeling can be used as foundations for the specification of security require-ments. Although numerous works have been published on threat modeling, there is a lack of integrated, systematic ap-proach toward threat modeling for complex systems. We ex-amine the differences between modeling software products and complex systems, and outline our approach for identify-ing threats of networked systems. We also present three case studies of threat modeling: Software-Defined Radio, a net-work traffic monitoring tool (VisFlowConnect), and a clus-ter security monitoring tool (NVisionCC).
Chapter
Full-text available
This paper addresses the topic of federated identity management. It discusses in detail the following topics: what is digital identity, what is identity management, what is federated identity management, Kim Cameron’s 7 Laws of Identity, how can we protect the user’s privacy in a federated environment, levels of assurance, some past and present federated identity management systems, and some current research in FIM.
Article
Full-text available
Most federated identity management systems are limited by users' ability to choose only one identity provider per service session. A proposed linking service lets users securely link their various identity provider (IdP) accounts, enabling the system to aggregate attributes from multiple authoritative sources automatically without requiring users to authenticate separately to each IdP.
Conference Paper
Full-text available
Federated Identity Management (FIM) based on standards allows and facilitates participating federated organizations to share users identity attributes, facilitate authentication and grant or deny service access requests. Using single sign-on facility users authenticates only once to home identity provider and logged into access successive service providing service providers within federation. User's identity theft, misused of user identity information via single sign-on facility in identity providers and service providers, and trustworthiness of subject, identity providers and service providers are active concerns in federated identity management systems. In addition, we had explored trusted computing technology, which covers Trusted Platform Module security features such as Trusted Platform Module Identity, Integrity Measurement and Key certification as well as Trusted Network Connect. In this paper, we presented conceptual threat model for inter-domain web single sign-on in federate identity management system. For this, we set identity theft, misused of identity information, and trust relationship scenarios and in the end, we discussed how trusted computing technology use can effectively resolve identity theft, misused of identity information, and trust relationship concerns in federated identity management system.
Conference Paper
Full-text available
. To have certainty about identities is crucial for secure communication in digital environments. The number of digital identities that people and organizations need to manage is rapidly increasing, and proper management of these identities is essential for maintaining security in online markets and communities. Traditional Identity Management Systems are designed to facilitate the management of identities from the perspective of the service provider, but provide little support on the user side. The difficulty of managing identities on the user side causes vulnerabilities that open up for serious attacks such as identity theft and Phishing. Petname Systems have been proposed to provide more user friendly and secure identity management on the user side. This paper provides an analysis of the Petname Model by describing its history and background, properties, application domains and usability issues with emphasis on Security Usability. By covering a broad set of aspects, this paper is intended to provide a comprehensive reference for the Petname System.
Article
Full-text available
In the last couple of years, several European countries have started projects which intend to provide their citizens with electronic identity cards, driven by the European Directive on Electronic Signatures. One can expect that within a few years, these smart cards will be used in a wide variety of applications. In this paper, we describe the common threats that can be identified when using security tokens such as smart cards in web applications. We illustrate each of these threats with a few attack scenarios. This paper is part of a series of papers, written by several academic teams. Each paper focuses on one particular technological building block for web applications. Full Text at Springer, may require registration or fee
Chapter
Threat analysis of a web application can lead to a wide variety of identified threats. Some of these threats will be very specific to the application; others will be more related to the underlying infrastructural software, such as the web or application servers, the database, the directory server and so forth. This paper analyzes the threats that can be related to the use of web services technology in a web application. It is part of a series of papers, written by different academic teams, that each focus on one particular technological building block for web applications.
Conference Paper
We describe a web based federated identity management system loosely based on the user centric Windows Card Space model. Unlike Card Space that relies on a fat desktop client (the identity selector) in which the user can only select a single card per session, our model uses a standard web browser with a simple plugin that connects to a trusted attribute aggregation web service (TAAS). TAAS supports the aggregation of attributes from multiple identity providers (IdPs) and allows the user to select multiple single attribute "cards" in a session, which more accurately reflects real life in which users may present several plastic cards and self-asserted attributes in a single session. Privacy protection, user consent, and ease of use are critical success factors. Consequently TAAS does not know who the user is, the user consents by selecting the attributes she wants to release, and she only needs to authenticate to a single IdP even though attributes may be aggregated from multiple IdPs. The system does not limit the authentication mechanisms that can be used, and it protects the user from phishing attacks by malicious SPs.
Conference Paper
A principal sometimes needs to present a combination of attributes from multiple identities from distinct organizations to fully identify itself This problem is rarely encountered in non-federated identity transactions because services operate within the context of a single identity domain. Federated identity allows for data about one entity to be scattered across multiple identities throughout the distributed system. These data must be unified through attribute aggregation to fully identify an entity. In order to do so, the identities must be associated in some fashion, the user must have a session with a service, and the service must have all the information it needs to process the attributes it receives
Conference Paper
Digital identities represent who we are when engaging in online activities and transactions. The rapid growth in the number of online services leads to in an increasing number of different identities that each user needs to manage. As a result, many people feel overloaded with identities and suffer from password fatigue. This is a serious problem and makes people unable properly control and protect their digital identities against identity theft. This paper discusses the usability and privacy in online identity management solutions, and proposed a general approach for making users better able to control and manage their digital identities, as well as for creating more secure identity management solutions. More specifically, we propose a user-centric approach based on hardware and software technology on the user-side with the aim of assisting users when accessing online services.
Article
Threat analysis of a web application can lead to a wide variety of identified threats. Some of these threats will be very specific to the application; others will be more related to the underlying infrastructural software, such as the web or application servers, the database, the directory server and so forth. This paper analyzes the threats that can be related to the use of web services technology in a web application. It is part of a series of papers, written by different academic teams, that each focus on one particular technological building block for web applications. Full Text at Springer, may require registration or fee
Introducing Windows CardSpace
  • D Chappell
Chappell, D. (2006, April). Introducing Windows CardSpace. (http://msdn .microsoft.com/en-us/library/aa480189.aspx)
Threat modeling an identity management system for mobile internet
  • C K Dominicini
  • M A Simplício
  • R R Sakuragui
  • T C Carvalho
  • M Näslund
  • M Pourzandi
Dominicini, C. K., Simplício Jr, M. A., Sakuragui, R. R., Carvalho, T. C., Näslund, M., & Pourzandi, M. (2010). Threat modeling an identity management system for mobile internet. Rio de Janeiro, Brasil. (http://www.teses.usp.br/ teses/disponiveis/3/3141/tde-23032012-101827/publico/ Tese_RonySakuragui.pdf)
Shibboleth Attribute Release Policies
  • S Cantor
Cantor, S. (7 January, 2008). Shibboleth Attribute Release Policies. (https://wiki .shibboleth.net/confluence/display/SHIB/IdPARPConfig)
Virtual collaboration attribute management
  • B Hulsebosch
  • M Wegdam
  • B Zoetekouw
  • N Van Dijk
  • R P Van Wijnen
Bob Hulsebosch, Maarten Wegdam, Bas Zoetekouw, Niels van Dijk, Remco Poortinga -van Wijnen. (2011). Virtual collaboration attribute management. Accessed on 1 May, 2013. (http://www.surfnet.nl/nl/Innovatieprogramma's/gigaport3/ Documents/EDS%2011-06%20AttributeManagement%20v1.0.pdf)
Leveraging social networks to gain access to organisational resources
  • D W Chadwick
  • G L Inman
  • K W Siu
  • M S Ferdous
Chadwick, D. W., Inman, G. L., Siu, K. W., & Ferdous, M. S. (2011). Leveraging social networks to gain access to organisational resources. In Proceedings of the 7th ACM workshop on Digital identity management (pp. 43-52). New York, NY, USA: ACM. Retrieved from http://doi.acm.org/10.1145/2046642.2046653 doi: 10 .1145/2046642.2046653
Electronic Authentication Guideline: INFORMATION SE-CURITY
NISTWP. (2006, April). Electronic Authentication Guideline: INFORMATION SE-CURITY. (http://csrc.nist.gov/publications/nistpubs/800-63/ SP800-63V1_0_2.pdf)
Query Extension for SAML AuthnRequest (Draft
  • S Kellomäki
Sampo Kellomäki. (2008). Query Extension for SAML AuthnRequest (Draft). 22 April. (http://zxid.org/tas3/anrq-index.html)