Chadwick, David W and Inman, George (2009) Attribute Aggregation in Federated Identity Management. IEEE Computer . pp. 182-196.
|The full text of this publication is not available from this repository. (Contact us about this Publication)|
Abstract We describe how in todays federated identity management (FIM) systems, such as CardSpace and Shibboleth, service providers (SPs) rely on identity providers (IdPs) to authenticate the users and provide their identity attributes. The SPs then use these attributes for granting or denying users access to their resources. Unfortunately most FIM systems have one significant limitation, which is that the user can only use one IdP within a single SP session, when in many scenarios the user needs to provide attributes from multiple IdPs. We describe how this can be achieved through the introduction of a new service called a linking service. The conceptual model of the linking service is described as well as the mapping of its messages onto todays standard protocols (SAML, Liberty Alliance and WS-*).
|Uncontrolled keywords:||determinacy analysis, Craig interpolants|
|Subjects:||Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,|
|Divisions:||Faculties > Science Technology and Medical Studies > School of Computing > Security Group|
|Depositing User:||David Chadwick|
|Date Deposited:||21 Sep 2012 09:49|
|Last Modified:||13 Nov 2012 12:44|
|Resource URI:||http://kar.kent.ac.uk/id/eprint/30603 (The current URI for this page, for reference purposes)|
- Depositors only (login required):