Chadwick, David W., Inman, George, Klingenstein, Nate (2010) A Conceptual Model for Attribute Aggregation. Future Generation Computer Systems, 26 (7). pp. 1043-1052. (doi:10.1016/j.future.2009.12.004) (The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided) (KAR id:30572)
| The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided. | |
| Official URL: http://www.cs.kent.ac.uk/pubs/2009/3027 |
Abstract
Abstract This paper describes a conceptual model for attribute aggregation that allows a service provider (SP) to authorise a users access request based on attributes asserted by multiple identity providers (IdPs), when the user is known by different identities at each of the IdPs. The user only needs to authenticate to one of the IdPs and the SP is given an overall level of assurance (LoA) about the authenticity of the user and his/her attributes. The model employs a new component called a Linking Service (LS), which is a trusted third party under the control of the user, whose purpose is to link together the different IdP accounts that hold a users attributes, along with their respective LoAs. There are several possible interaction models for communications between the IdPs, the SP, LSs and the user, and each are described. The model is underpinned with a fully specified trust model, which also describes the implications when participants do not fully trust each other as required. Finally, the paper describes how the model has been implemented by mapping onto existing standard protocols based on SAMLv2.
| Item Type: | Article |
|---|---|
| DOI/Identification number: | 10.1016/j.future.2009.12.004 |
| Uncontrolled keywords: | Authorisation, Identity management, Attribute aggregation, Privacy protection, Trust, SAML2, Liberty Alliance, Level of Assurance |
| Subjects: |
Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, > QA76.76 Computer software |
| Divisions: | Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing |
| Funders: |
[UNSPECIFIED] JISC
[UNSPECIFIED] EC FP7 |
| Depositing User: | David Chadwick |
| Date Deposited: | 21 Sep 2012 09:49 UTC |
| Last Modified: | 16 Nov 2021 10:08 UTC |
| Resource URI: | https://kar.kent.ac.uk/id/eprint/30572 (The current URI for this page, for reference purposes) |
University of Kent Author Information
Chadwick, David W..
| Creator's ORCID: |
 https://orcid.org/0000-0003-3145-055X
|
|---|---|
| CReDIT Contributor Roles: |
Inman, George.
| Creator's ORCID: | |
|---|---|
| CReDIT Contributor Roles: |
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):
Altmetric
Altmetric
