Dynamic Identity Federation Using Security Assertion Markup Language (SAML)

Ferdous, Sadek; Poet, Ron

doi:10.1007/978-3-642-37282-7_13

Cited by 16 publications

(7 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The implementation supports two types of SAML IdPs: trusted and semi-trusted. A trusted SAML IdP is the one which has been federated in the traditional way by exchanging metadata at the admin level whereas a semi-trusted SAML IdP is the one that has been federated using the concept of dynamic federation (Ferdous & Poet, 2013b). In addition, the Hybrid IdP determines the LoA for each IdP in this way: attributes from the Hybrid IdP or from any trusted SAML IdP will have a LoA value of 2 whereas attributes from all other IdPs will have a LoA value of 1.…”

Section: Methodsmentioning

confidence: 99%

A Hybrid Model of Attribute Aggregation in Federated Identity Management

Ferdous

Chowdhury

Poet

2017

Enterprise Security

Self Cite

View full text Add to dashboard Cite

The existing model of Federated Identity Management (FIM) allows a user to provide attributes only from a single Identity Provider (IdP) per service session. However, this does not cater to the fact that the user attributes are scattered and stored across multiple IdPs. An attribute aggregation mechanism would allow a user to aggregate attributes from multiple providers and pass them to a Service Provider (SP) in a single service session which would enable the SP to offer innovative service scenarios. Unfortunately, there exist only a handful of mechanisms for aggregating attributes and most of them either require complex user interactions or are based on unrealistic assumptions. In this paper, we present a novel approach called the Hybrid Model for aggregating attributes from multiple IdPs using one of the most popular FIM technologies: Security Assertion Markup Language (SAML). We present a thorough analysis of different requirements imposed by our proposed approach and discuss how we have developed a proof of concept using our model and what design choices we have made to meet the majority of these requirements. We also illustrate two use-cases to elaborate the applicability of our approach and analyse the advantages it offers and the limitations it currently has.

show abstract

Section: Methodsmentioning

confidence: 99%

A Hybrid Model of Attribute Aggregation in Federated Identity Management

Ferdous

Chowdhury

Poet

2017

Enterprise Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…The IdP component also shares the same back-end database of the PAS to retrieve static or dynamic attributes during the user authentication phase. The PPIdP can be integrated with the SP using the concept of Dynamic Federation to create the federation in a dynamic fashion [23]. Such a federation involving the PPIdP is called the Personal Identity Federation (PIF) [22].…”

Section: Cafs Frameworkmentioning

confidence: 99%

“…The middle IdP in this setting is known as the Proxy IdP and is assumed to be fully trusted by the SP with a mutual trust agreement. On the other hand, the PPIdP will be considered as a semitrusted entity (not fully trusted by another entity, see [23]) by both the proxy IdP and the SP following the condition of the dynamic federation as explained in [23].…”

Section: Cafs Frameworkmentioning

confidence: 99%

CAFS: A Framework for Context-Aware Federated Services

Ferdous

Poet

2014

2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications

Self Cite

View full text Add to dashboard Cite

Abstract-In this paper we explore two issues: Federated Identity Management and Context-Aware Services. In the last decade or so we have seen these two technologies gaining considerable popularities as they offer a number of benefits to the user and other stakeholders. However, there are a few outstanding security and privacy issues that need to be resolved to harness the full potential of such services. We believe that these problems can be reduced significantly by integrating the federated identity architecture into the context-aware services. With this aim, we have developed a framework for Context-Aware Federated Services based on the Security Assertion Markup Language (SAML) and eXtensible Access Control Markup Language (XACML) standards. We have illustrated the applicability of our approach by showcasing some use-cases, analysed the security, privacy and trust issues involved in the framework and the advantages it offers.

show abstract

“…This standard set of attributes is relatively stable, but it can evolve over time to meet the changing needs of the federation members. The trustworthiness of the federation members is based on a web of trust model which is similar to the PGP trust model [16]. This allows existing federation members to dynamically introduce new federation members based on their collective recommendations.…”

Section: The F-sams Systemmentioning

confidence: 99%

Towards Automated Trust Establishment in Federated Identity Management

Chadwick

Hibbert

2013

Trust Management VII

View full text Add to dashboard Cite

We present the Federation Semantic Attribute Mapping System (F-SAMS), a web services based system which enables a semi-automated dynamic trust establishment mechanism for managing identity federations. We present the conceptual model which allows current members to dynamically introduce new members into the federation in a trustworthy manner, using a web of trust model. F-SAMS enables existing members to interact securely with previously unknown new members of a federation and allows them to retrieve policy and semantic information about them.

show abstract

Dynamic Identity Federation Using Security Assertion Markup Language (SAML)

Cited by 16 publications

References 7 publications

A Hybrid Model of Attribute Aggregation in Federated Identity Management

A Hybrid Model of Attribute Aggregation in Federated Identity Management

CAFS: A Framework for Context-Aware Federated Services

Towards Automated Trust Establishment in Federated Identity Management

Contact Info

Product

Resources

About