Abstract
Relationship-focused and credential-focused identity management are both user-centric notions in Service-oriented architecture (SOA). For composite services, pure user-centric identity management is inefficient because each sub-service may authenticate and authorize users and users need to participate in every identity provisioning transaction. If the above two paradigms are unified into universal identity management, where identity information and privileges are delegatable, user-centricity will be more feasible in SOA. The credential-focused system is a good starting point for constructing a universal identity management system. However, how to implement a practical delegation scheme is still a challenge although some delegatable anonymous credential schemes have been theoretically constructed. This paper aims to propose a practical solution for universal identity management. For this, a pseudonym-based signature scheme is firstly designed, where pseudonyms are self-generated and unlinkable for realizing user privacy. Next, a proxy signature is presented with the pseudonyms as public keys where delegation can be achieved through certificate chains. Finally, the WS-Federation is extended to build a universal identity management solution.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Cameron K (2005) Laws of identity http://www.identityblog.com. May 2005
PRIME Consortium. Privacy and Identity Management for Europe (PRIME). http://www.prime-project.eu
Identity-management. Liberty alliance project. http://www.projectliberty.org
Kaler C, Nadalin A (2003) Web services federation language.
Bhargav-Spantzel A, Camenisch J (2006) User Centricity: A Taxonomy and Open Issues. In: The Second ACM Workshop on Digital Identity Management - DIM, 493–527.
Chaum D (1985) Security without identification: transaction systems to make big brother obsolete. Communications of the ACM, 28(10): 1030–1044.
Chaum D, Evertse JH (1986) A secure and privacy-protecting protocol for transmitting personal information between organizations. Advances in Cryptology-CRYPTO’86, p 118–167.
Damgard IB (1988) Payment systems and credential mechanisms with provable security against abuse by individuals. Advances in Cryptology-CRYPTO’88, p 328–335
Chen LD (1995) Access with pseudonyms. Lecture Notes in Computer Science, 1029: 232–243
Lysyanskaya A, Rivest R, Sahai A (1999) Pseudonym systems. In: Selected Areas in Cryptography, 6th Annual International, Workshop, SAC’99, p 184–199
Camenisch J, Lysyanskaya A (2001) Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In: Pfitzmann B (ed) EUROCRYPT 2001, vol 2045 of LNCS, Springer Verlag, p 93–118
Camenisch J, Lysyanskaya A (2002) A signature scheme with efficient protocols. In: SCN 2002, vol 2576 of LNCS, p 268–289
Camenisch J, Lysyanskaya A (2004) Signature schemes and anonymous credentials from bilinear maps. In: CRYPTO 2004, vol 3152 of LNCS, p 56–72
Belenkiy M, Chase M, Kohlweiss M (2008) Non-Interactive Anonymous Credentials. Theoretical Cryptography Conference (TCC) 2008. http:// eprint.iacr.org/2007/384.
Chase M, Lysyanskaya A (2006) On signatures of knowledge. In: Dwork C (ed) CRYPTO 2006, vol 4117 of LNCS, p 78C96
Belenkiy M, Camenisch J, Chase M, Kohlweiss M, Lysyanskaya A, Shacham H (2008) Delegatable Anonymous Credentials. http://eprint.iacr.org/2008/428.
Camenisch J, Sommer D, Zimmermann R (2006) A General Certification Framework with Applica-tions to Privacy-Enhancing Certificate Infrastructures. IFIP International Federation for Information Processing, p 25–37
Mambo M, Usuda K, Okamoto E (1996) Proxy signatures: Delegation of the power to sign mes-sages. IEICE Transaction on Fundamentals, vol. E79-A, no. 9, p 1338–1354.
Kim S, Park S, Won D (1997) Proxy signatures revisited. Proceedings of ICICS97, LNCS 1334, Springer-Verlag, p 223–232
Okamoto T, Tada M, Okamoto E (1999) Extended proxy signatures for smart card. Proceedings of Information Security Workshop99, LNCS 1729. Springer-Verlag, p 247–258
Herranz J, Saez G (2004) Revisiting fully distributed proxy signature schemes. Proceedings of Indocrypt04, LNCS 3348. Springer-Verlag, p 356–370
Fiat A, Shamir A (1986) How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko AM (ed) Proceedings of Crypto 1986, vol 263 of LNCS. Springer-Verlag, p 186–194
Chaum D, van Heyst E (1991) Group signatures. In: Davies DW (ed) Proceedings of Eurocrypt 1991, vol 547 of LNCS. Springer-Verlag, p 257–265
Bellare M, Micciancio D, Warinschi B (2003) Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions. Eurocrypt 03, LNCS 2656. Springer-Verlag, p 614–629
Boneh D, Boyen X (2004) Short Signatures without Random Oracles. Eurocrypt04, LNCS 3027. Springer-Verlag, p 56–73
Bellare M, Shi H, Zhang C (2005) Foundations of Group Signatures: The Case of Dynamic Groups. In: CT C RSA05, LNCS 3376. Springer-Verlag, p 136–153
Delerablee C, Pointcheval D (2006) Dynamic Fully Anonymous Short Group Signatures. Progress in Cryptology - VIETCRYPT 2006, Hanoi, Vietnam, p 193–210
Brickell E, Camenisch J, Chen LQ (2004) Direct anonymous attestation. Proceedings of the ACM Conference on Computer and Communications Security, Washington, DC, p 132–145
Camenisch J (2006) Protecting (anonymous) credentials with the trusted computing groups trusted platform modules, vo1.2. In: Proceedings of the 21st IFIP International Information Security Confer-ence (SEC 2006)
Boneh D, Franklin M (2001) Identity-based encryption from the Weil pairing. In Proc. of CRYPTO’01, vol 2139, p 213–229
Barreto P, Kim H, Bynn B, Scott M (2002) Efficient algorithms for pairing-based cryptosystems. In Proc. CRYPTO’02, p 354–368
Mitsunari S, Sakai R, Kasahara M (2002) A new traitor tracing. IEICE Trans. Vol. E85-A, No.2, p 481–484
Hess F (2002) Efficient identity based signature schemes based on pairings. SAC 2002, LNCS 2595, p 310–324
Zhang F, Kim K (2002) ID-based blind signature and ring signature from pairings. Advances in Cryptology-Asiacrypt 2002.
Huang X, Mu Y, Susilo W, Zhang F, Chen X (2005) A short proxy scheme: efficient authentication in the ubiquitous world. In: EUC Workshops 2005, LNCS 3823, Berlin. Springer-Verlag, p 480–489
MICROSOFT (2005) A technical reference for InfoCard v1.0 in Windows
Higgins Trust Framework, 2006. http://www.eclipse.org/higgins/.
Camenisch J, Herreweghen EV (2002) Design and implementation of the idemix anonymous cre-dential system. Proceedings of the 9th ACM Conference on Computer and Communications, Security, p 21–30
Camenisch J, Gross T, Sommer D (2006) Enhancing Privacy of Federated Identity Management Protocols. Proceedings of the 5th ACM workshop on Privacy in Electronic Society, p 67–72
IBM, Microsoft, Actional, BEA, Computer Associates, Layer 7, Oblix, Open Network, Ping Identity, Reactivity, and Verisign. Web Services Trust Language (WS-Trust). February 2005.
Segev A, Toch E (2009) Context-Based Matching and Ranking of Web Services for Composition. IEEE Transactions on Service Computing, vol 2(3): 210–222
OASIS (2005) Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005.
Liberty Alliance Project (2003) Liberty ID-FF Protocols and Schema Specification. Version 1.2, November 2003. http://www.projectliberty.org/specs.
Gomi H, Hatakeyama M, Hosono S, Fujita S (2005) A Delegation Framework for Federated Identity Management. Proceedings of the 2005 Workshop on Digital Identity Management, p 94–103
Zhang Y, Chen JL (2011) A Delegation Solution for Universal Identity Management in SOA. IEEE Transactions on services computing, p 70–81
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media New York
About this chapter
Cite this chapter
Zhang, Y., Chen, JL. (2014). Universal Identity Management Based on Delegation in SOA. In: Bouguettaya, A., Sheng, Q., Daniel, F. (eds) Advanced Web Services. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-7535-4_3
Download citation
DOI: https://doi.org/10.1007/978-1-4614-7535-4_3
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-7534-7
Online ISBN: 978-1-4614-7535-4
eBook Packages: Computer ScienceComputer Science (R0)