Abstract
Identity and access management (IAM) systems are used to assure authorized access to services in distributed environments. The architecture of IAM systems, in particular the arrangement of the involved components, has significant impact on performance and scalability of the overall system. Furthermore, factors like robustness and even privacy that are not related to performance have to be considered. Hence, systematic engineering of IAM systems demands for criteria and metrics to differentiate architectural approaches. The rise of service-oriented architectures and cross-organizational integration efforts in federations will additionally increase the importance of appropriate IAM systems in the future. While previous work focused on qualitative evaluation criteria, we extend these criteria by metrics to gain quantitative measures. The contribution of this paper is twofold: i) We propose a system model and corresponding metrics to evaluate different IAM system architectures on a quantitative basis. ii) We present a simulation-based performance evaluation study that shows the suitability of this system model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Becker, S., Koziolek, H., Reussner, R.: Model-based performance prediction with the palladio component model. In: Proceedings of the 6th international workshop on Software and performance, pp. 54–65. ACM, New York (2007)
Benantar, M.: Access control systems: security, identity management and trust models. Springer, Heidelberg (2006)
Djordjevic, I., Dimitrakos, T.: A note on the anatomy of federation. BT Technology Journal 23(4), 89–106 (2005)
Höllrigl, T., Schell, F., Suelmann, S., Hartenstein, H.: Towards systematic engineering of Service-Oriented access control in federated environments. In: IEEE Congress on Services Part II, SERVICES-2., pp. 104–111 (2008)
Jøsang, A., Pope, S.: User centric identity management. In: Proceedings of AusCERT Asia Pacific Information Technology Security Conference, pp. 77–89 (2005)
Kormann, D., Rubin, A.: Risks of the passport single signon protocol. Computer Networks 33, 51–58 (2000)
Liberty alliance project (2009), http://www.projectliberty.org/
Lopez, J., Oppliger, R., Pernul, G.: Authentication and authorization infrastructures (AAIs): a comparative survey. Computers & Security 23(7), 578–590 (2004)
Maler, E., Reed, D.: The venn of identity: Options and issues in federated identity management. IEEE Security & Privacy 6(2), 16–23 (2008)
Mont, M., Baldwin, A., Griffin, J., Shiu, S.: Towards Identity Analytics in Enterprises. To Appear: Proceeding of the 24th IFIP International Information Security Conference (2009)
Passport (2009), https://accountservices.passport.net/ppnetworkhome.srf
Pfitzmann, B., Waidner, M.: Federated identity-management protocols. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 153–174. Springer, Heidelberg (2005)
Ping Identity. Federated Provisioning: The Synergy of Identity Federation and User Provisioning, http://www.pingidentity.com/information-library/resource-details.cfm?customel_datapageid_1296=7587
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. Computer 29(2), 38–47 (1996)
Schell, F., Höllrigl, T., Hartenstein, H.: Federated Identity Management as a Basis for Integrated Information Management. it-Information Technology 51(1), 14–23 (2009)
Schläger, C., Ganslmayer, M.: Effects of Architectural Decisions in Authentication and Authorisation Infrastructures. In: The Second International Conference on Availability, Reliability and Security, ARES 2007, pp. 230–237 (2007)
Schläger, C., Nowey, T., Montenegro, J.: A Reference Model for Authentication and Authorisation Infrastructures Respecting Privacy and Flexibility in b2c eCommerce. In: Proceedings of the First International Conference on Availability, Reliability and Security, pp. 709–716 (2006)
Schläger, C., Pernul, G.: Authentication and Authorisation Infrastructures in b2c e-Commerce. In: Bauknecht, K., Pröll, B., Werthner, H. (eds.) EC-Web 2005. LNCS, vol. 3590, pp. 306–315. Springer, Heidelberg (2005)
Shen, H., Hong, F.: An attribute-based access control model for web services. In: Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2006, pp. 74–79 (2006)
Shibboleth (2009), http://shibboleth.internet2.edu/
Smith, J.: Inside microsoft windows communication foundation. Microsoft Press, Redmond (2007)
Wilson, E.: An introduction to scientific research. Courier Dover Publications (1990)
OASIS eXtensible Access Control Markup Language, XACML (2009), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
Yavatkar, R., Pendarakis, D., Guerin, R.: A Framework for Policy-based Admission Control. RFC 2753, Informational (2000)
Yuan, E., Tong, J., Inc, B., McLean, V.: Attributed based access control (ABAC) for Web services. In: 2005 IEEE International Conference on Web Services, ICWS 2005. Proceedings, pp. 561–569 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Schell, F., Dinger, J., Hartenstein, H. (2009). Performance Evaluation of Identity and Access Management Systems in Federated Environments. In: Mueller, P., Cao, JN., Wang, CL. (eds) Scalable Information Systems. INFOSCALE 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 18. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10485-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-10485-5_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10484-8
Online ISBN: 978-3-642-10485-5
eBook Packages: Computer ScienceComputer Science (R0)