Skip to main content
SpringerLink
Log in

Performance Evaluation of Identity and Access Management Systems in Federated Environments

  • Conference paper
Scalable Information Systems (INFOSCALE 2009)

Included in the following conference series:

Abstract

Identity and access management (IAM) systems are used to assure authorized access to services in distributed environments. The architecture of IAM systems, in particular the arrangement of the involved components, has significant impact on performance and scalability of the overall system. Furthermore, factors like robustness and even privacy that are not related to performance have to be considered. Hence, systematic engineering of IAM systems demands for criteria and metrics to differentiate architectural approaches. The rise of service-oriented architectures and cross-organizational integration efforts in federations will additionally increase the importance of appropriate IAM systems in the future. While previous work focused on qualitative evaluation criteria, we extend these criteria by metrics to gain quantitative measures. The contribution of this paper is twofold: i) We propose a system model and corresponding metrics to evaluate different IAM system architectures on a quantitative basis. ii) We present a simulation-based performance evaluation study that shows the suitability of this system model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Becker, S., Koziolek, H., Reussner, R.: Model-based performance prediction with the palladio component model. In: Proceedings of the 6th international workshop on Software and performance, pp. 54–65. ACM, New York (2007)

    Google Scholar 

  2. Benantar, M.: Access control systems: security, identity management and trust models. Springer, Heidelberg (2006)

    MATH  Google Scholar 

  3. Djordjevic, I., Dimitrakos, T.: A note on the anatomy of federation. BT Technology Journal 23(4), 89–106 (2005)

    Article  Google Scholar 

  4. Höllrigl, T., Schell, F., Suelmann, S., Hartenstein, H.: Towards systematic engineering of Service-Oriented access control in federated environments. In: IEEE Congress on Services Part II, SERVICES-2., pp. 104–111 (2008)

    Google Scholar 

  5. Jøsang, A., Pope, S.: User centric identity management. In: Proceedings of AusCERT Asia Pacific Information Technology Security Conference, pp. 77–89 (2005)

    Google Scholar 

  6. Kormann, D., Rubin, A.: Risks of the passport single signon protocol. Computer Networks 33, 51–58 (2000)

    Article  Google Scholar 

  7. Liberty alliance project (2009), http://www.projectliberty.org/

  8. Lopez, J., Oppliger, R., Pernul, G.: Authentication and authorization infrastructures (AAIs): a comparative survey. Computers & Security 23(7), 578–590 (2004)

    Article  Google Scholar 

  9. Maler, E., Reed, D.: The venn of identity: Options and issues in federated identity management. IEEE Security & Privacy 6(2), 16–23 (2008)

    Article  Google Scholar 

  10. Mont, M., Baldwin, A., Griffin, J., Shiu, S.: Towards Identity Analytics in Enterprises. To Appear: Proceeding of the 24th IFIP International Information Security Conference (2009)

    Google Scholar 

  11. Passport (2009), https://accountservices.passport.net/ppnetworkhome.srf

  12. Pfitzmann, B., Waidner, M.: Federated identity-management protocols. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 153–174. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  13. Ping Identity. Federated Provisioning: The Synergy of Identity Federation and User Provisioning, http://www.pingidentity.com/information-library/resource-details.cfm?customel_datapageid_1296=7587

  14. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  15. Schell, F., Höllrigl, T., Hartenstein, H.: Federated Identity Management as a Basis for Integrated Information Management. it-Information Technology 51(1), 14–23 (2009)

    Article  Google Scholar 

  16. Schläger, C., Ganslmayer, M.: Effects of Architectural Decisions in Authentication and Authorisation Infrastructures. In: The Second International Conference on Availability, Reliability and Security, ARES 2007, pp. 230–237 (2007)

    Google Scholar 

  17. Schläger, C., Nowey, T., Montenegro, J.: A Reference Model for Authentication and Authorisation Infrastructures Respecting Privacy and Flexibility in b2c eCommerce. In: Proceedings of the First International Conference on Availability, Reliability and Security, pp. 709–716 (2006)

    Google Scholar 

  18. Schläger, C., Pernul, G.: Authentication and Authorisation Infrastructures in b2c e-Commerce. In: Bauknecht, K., Pröll, B., Werthner, H. (eds.) EC-Web 2005. LNCS, vol. 3590, pp. 306–315. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  19. Shen, H., Hong, F.: An attribute-based access control model for web services. In: Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2006, pp. 74–79 (2006)

    Google Scholar 

  20. Shibboleth (2009), http://shibboleth.internet2.edu/

  21. Smith, J.: Inside microsoft windows communication foundation. Microsoft Press, Redmond (2007)

    Google Scholar 

  22. Wilson, E.: An introduction to scientific research. Courier Dover Publications (1990)

    Google Scholar 

  23. OASIS eXtensible Access Control Markup Language, XACML (2009), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml

  24. Yavatkar, R., Pendarakis, D., Guerin, R.: A Framework for Policy-based Admission Control. RFC 2753, Informational (2000)

    Google Scholar 

  25. Yuan, E., Tong, J., Inc, B., McLean, V.: Attributed based access control (ABAC) for Web services. In: 2005 IEEE International Conference on Web Services, ICWS 2005. Proceedings, pp. 561–569 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Steinbuch Centre for Computing & Institute of Telematics, Karlsruhe Institute of Technology, Universität Karlsruhe (TH), Karlsruhe, Germany

    Frank Schell, Jochen Dinger & Hannes Hartenstein

Authors
  1. Frank Schell
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jochen Dinger
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hannes Hartenstein
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IBM Zurich Research Laboratory, Saeumerstr. 4, 8803, Rueschlikon, Switzerland

    Peter Mueller

  2. Department of Computing, Hung Hom, Hong Kong Polytechnic University, Kowloon, Hong Kong

    Jian-Nong Cao

  3. Department of Computer Science, The University of Hong Kong, Pokfulam Road, Hong Kong

    Cho-Li Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2009 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Schell, F., Dinger, J., Hartenstein, H. (2009). Performance Evaluation of Identity and Access Management Systems in Federated Environments. In: Mueller, P., Cao, JN., Wang, CL. (eds) Scalable Information Systems. INFOSCALE 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 18. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10485-5_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10485-5_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10484-8

  • Online ISBN: 978-3-642-10485-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation