Skip to main content
SpringerLink
Log in

Information Assurance in Federated Identity Management: Experimentations and Issues

  • Conference paper
Web Information Systems – WISE 2004 (WISE 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3306))

Included in the following conference series:

Abstract

Identity management has been recently considered to be a viable solution for simplifying user management across enterprise appli- cations. When users interact with services on the Internet, they often tailor the services in some way for their personal use through their per- sonalized accounts and preferences. The network identity of each user is the global set of such attributes constituting the various accounts. In this paper, we investigate two well-known federated identity management (FIM) solutions, Microsoft Passport and Liberty Alliance, attempting to identify information assurance (IA) requirements in FIM. In particular, this paper focuses on principal IA requirements for Web Services that plays an integral role in enriching identity federation and management. We also discuss our experimental analysis of those models.

The work of Gail-J. Ahn and Dongwan Shin was supported by the grants from Bank of America through e-Business Technology Institute at the University of North Carolina at Charlotte.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Cranor, L., Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The platform for privacy preferences 1.0 (p3p1.0) specification. Technical report (2002), www.w3.org/TR/2002/REC-P3P-20020416/

  2. Chaum, D.: Security without identification: Card computers to make big brother obsolete. Communications of the ACM 28(10), 1030–1044 (1985)

    Article  Google Scholar 

  3. Cranor, L.F.: Agents of choice: Tools that facilitate notice and choice about web site data practices

    Google Scholar 

  4. Damker, H., Pordesch, U., Reichenbach, M.: Personal reach ability and security management - negotiation of multilateral security. In: Proceedings of Multilateral Security in Communications, Stuttgart, Germany (1999)

    Google Scholar 

  5. Hallam-Baker, P., Maler, E.: Assertions and protocols for OASIS SAML. Technical report (2002), http://www.oasisopen.org/committees/security/docs/cs-sstc-core-01.pdf

  6. Hallam-Baker, P., Maler, E.: Assertions and protocols for OASIS SAML. Technical report (2002), http://www.oasisopen.org/committees/security/docs/cs-sstc-core-01.pdf

  7. Hegel, J., Singer, M. (eds.): Net Worth: Shaping Market When Customers Make the Rule. Harvard Business School Press, Boston (1999)

    Google Scholar 

  8. Hodges, J., Watson, T.: Liberty architecture overview v 1.2-03. Technical report (2003), http://www.sourceid.org/docs/sso/liberty-architectureoverview-v1.1.pdf

  9. IBM. Web services security (WSS) specifications 1.0.05. Technical report (2002), http://www-106.ibm.com/developerworks/webservices/library/wssecure/

  10. Imamura, T., Dillaway, B., Simon, E.: XML encryption syntax and processing. Technical report (2002), http://www.w3.org/TR/2002/CRxmlenc-core-20020304/

  11. Mont, M.C., Pearson, S., Bramhall, P.: Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. Technical report (2003), http://www.hpl.hp.com/techreports/2003/HPL-2003-49.pdf

  12. Shenoy, P., Shin, D., Ahn, G.-J.: Towards IA-Aware web services for federated identity management. In: Proceedings of IASTED International Conference on Communication, Network, and Information Security, New York, USA, December 2003, pp. 10–15 (2003)

    Google Scholar 

  13. Federal Trade Commission. online profiling - a report to congress, part 2. Technical report (2002), http://www.ftc.gov/os/2000/07/onlineprofiling.htm

  14. Mircrosoft Corporations. Microsoft .Net Passport Review Guide. Technical report (2003), http://www.microsoft.com/net/services/passport/review_guide.asp

  15. W3C note: Web services description language (WSDL) v 1.1. Technical report (2001), http://www.w3.org/TR/wsdl12/

  16. Watson, T.: Liberty ID-FF implementation guidliness v 1.2.02. Technical report, Liberty Alliance Project (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of North Carolina at Charlotte, Charlotte, NC, 28232, USA

    Gail-Joon Ahn & Dongwan Shin

  2. Information and Communications University, Taejon, Korea

    Seng-Phil Hong

Authors
  1. Gail-Joon Ahn
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dongwan Shin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Seng-Phil Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of ITEE, The University of Queensland, Australia

    Xiaofang Zhou

  2. Database Systems Research and Development Center, University of Florida, P.O. Box 116125, 470 CSE, 32601-6125, Gainesville, FL, USA

    Stanley Su

  3. INFOLAB, Dept. of Information Systems and Management, Tilburg University, The Netherlands

    Mike P. Papazoglou

  4. Polish-Japanese Institute of Information Technology, Faculty of IT, Ul. Koszykowa 86, 02-008, Warsaw, Poland

    Maria Elzbieta Orlowska

  5. Rutherford Appleton Laboratory, Science and Technology Facilities Council, Harwell Science and Innovation Campus, OX11 0QX, Didcot, UK

    Keith Jeffery

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ahn, GJ., Shin, D., Hong, SP. (2004). Information Assurance in Federated Identity Management: Experimentations and Issues. In: Zhou, X., Su, S., Papazoglou, M.P., Orlowska, M.E., Jeffery, K. (eds) Web Information Systems – WISE 2004. WISE 2004. Lecture Notes in Computer Science, vol 3306. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30480-7_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30480-7_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23894-2

  • Online ISBN: 978-3-540-30480-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation