Attribute Aggregation in Federated Identity Management

Chadwick, David W. and Inman, George (2009) Attribute Aggregation in Federated Identity Management. IEEE Computer . pp. 182-196. (The full text of this publication is not available from this repository)

The full text of this publication is not available from this repository. (Contact us about this Publication)
Official URL
http://www.cs.kent.ac.uk/pubs/2009/3026

Abstract

Abstract We describe how in todays federated identity management (FIM) systems, such as CardSpace and Shibboleth, service providers (SPs) rely on identity providers (IdPs) to authenticate the users and provide their identity attributes. The SPs then use these attributes for granting or denying users access to their resources. Unfortunately most FIM systems have one significant limitation, which is that the user can only use one IdP within a single SP session, when in many scenarios the user needs to provide attributes from multiple IdPs. We describe how this can be achieved through the introduction of a new service called a linking service. The conceptual model of the linking service is described as well as the mapping of its messages onto todays standard protocols (SAML, Liberty Alliance and WS-*).

Item Type: Article
Uncontrolled keywords: determinacy analysis, Craig interpolants
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Faculties > Science Technology and Medical Studies > School of Computing > Security Group
Depositing User: David Chadwick
Date Deposited: 21 Sep 2012 09:49
Last Modified: 14 May 2014 10:47
Resource URI: http://kar.kent.ac.uk/id/eprint/30603 (The current URI for this page, for reference purposes)
  • Depositors only (login required):