Abstract
Identity management has been recently considered to be a viable solution for simplifying user management across enterprise appli- cations. When users interact with services on the Internet, they often tailor the services in some way for their personal use through their per- sonalized accounts and preferences. The network identity of each user is the global set of such attributes constituting the various accounts. In this paper, we investigate two well-known federated identity management (FIM) solutions, Microsoft Passport and Liberty Alliance, attempting to identify information assurance (IA) requirements in FIM. In particular, this paper focuses on principal IA requirements for Web Services that plays an integral role in enriching identity federation and management. We also discuss our experimental analysis of those models.
The work of Gail-J. Ahn and Dongwan Shin was supported by the grants from Bank of America through e-Business Technology Institute at the University of North Carolina at Charlotte.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cranor, L., Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The platform for privacy preferences 1.0 (p3p1.0) specification. Technical report (2002), www.w3.org/TR/2002/REC-P3P-20020416/
Chaum, D.: Security without identification: Card computers to make big brother obsolete. Communications of the ACM 28(10), 1030–1044 (1985)
Cranor, L.F.: Agents of choice: Tools that facilitate notice and choice about web site data practices
Damker, H., Pordesch, U., Reichenbach, M.: Personal reach ability and security management - negotiation of multilateral security. In: Proceedings of Multilateral Security in Communications, Stuttgart, Germany (1999)
Hallam-Baker, P., Maler, E.: Assertions and protocols for OASIS SAML. Technical report (2002), http://www.oasisopen.org/committees/security/docs/cs-sstc-core-01.pdf
Hallam-Baker, P., Maler, E.: Assertions and protocols for OASIS SAML. Technical report (2002), http://www.oasisopen.org/committees/security/docs/cs-sstc-core-01.pdf
Hegel, J., Singer, M. (eds.): Net Worth: Shaping Market When Customers Make the Rule. Harvard Business School Press, Boston (1999)
Hodges, J., Watson, T.: Liberty architecture overview v 1.2-03. Technical report (2003), http://www.sourceid.org/docs/sso/liberty-architectureoverview-v1.1.pdf
IBM. Web services security (WSS) specifications 1.0.05. Technical report (2002), http://www-106.ibm.com/developerworks/webservices/library/wssecure/
Imamura, T., Dillaway, B., Simon, E.: XML encryption syntax and processing. Technical report (2002), http://www.w3.org/TR/2002/CRxmlenc-core-20020304/
Mont, M.C., Pearson, S., Bramhall, P.: Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. Technical report (2003), http://www.hpl.hp.com/techreports/2003/HPL-2003-49.pdf
Shenoy, P., Shin, D., Ahn, G.-J.: Towards IA-Aware web services for federated identity management. In: Proceedings of IASTED International Conference on Communication, Network, and Information Security, New York, USA, December 2003, pp. 10–15 (2003)
Federal Trade Commission. online profiling - a report to congress, part 2. Technical report (2002), http://www.ftc.gov/os/2000/07/onlineprofiling.htm
Mircrosoft Corporations. Microsoft .Net Passport Review Guide. Technical report (2003), http://www.microsoft.com/net/services/passport/review_guide.asp
W3C note: Web services description language (WSDL) v 1.1. Technical report (2001), http://www.w3.org/TR/wsdl12/
Watson, T.: Liberty ID-FF implementation guidliness v 1.2.02. Technical report, Liberty Alliance Project (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ahn, GJ., Shin, D., Hong, SP. (2004). Information Assurance in Federated Identity Management: Experimentations and Issues. In: Zhou, X., Su, S., Papazoglou, M.P., Orlowska, M.E., Jeffery, K. (eds) Web Information Systems – WISE 2004. WISE 2004. Lecture Notes in Computer Science, vol 3306. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30480-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-30480-7_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23894-2
Online ISBN: 978-3-540-30480-7
eBook Packages: Springer Book Archive