Wireless Personal Communications

, Volume 75, Issue 3, pp 1769–1786 | Cite as

To Federate or Not To Federate: A Reputation-Based Mechanism to Dynamize Cooperation in Identity Management

  • Patricia Arias Cabarcos
  • Florina Almenárez
  • Félix Gómez Mármol
  • Andrés Marín
Article

Abstract

Identity Management systems cannot be centralized anymore. Nowadays, users have multiple accounts, profiles and personal data distributed throughout the web and hosted by different providers. However, the online world is currently divided into identity silos forcing users to deal with repetitive authentication and registration processes and hindering a faster development of large scale e-business. Federation has been proposed as a technology to bridge different trust domains, allowing user identity information to be shared in order to improve usability. But further research is required to shift from the current static model, where manual bilateral agreements must be pre-configured to enable cooperation between unknown parties, to a more dynamic one, where trust relationships are established on demand in a fully automated fashion. This paper presents IdMRep, the first completely decentralized reputation-based mechanism which makes dynamic federation a reality. Initial experiments demonstrate its accuracy as well as an assumable overhead in scenarios with and without malicious nodes.

Keywords

Identity management Trust and reputation management  Identity federation Cooperative systems 

References

  1. 1.
    Maler, E., & Reed, D. (2008). The venn of identity: Options and issues in federated identity management. IEEE Security & Privacy, 6(2), 16–23.Google Scholar
  2. 2.
    Chadwick, D. W. (2009). Federated identity management. In: A. Aldini, G. Barthe & R. Gorrieri (Eds.), Foundations of security analysis and design (pp. 96–120). Berlin: Springer.Google Scholar
  3. 3.
    Ragouzis, N., Hughes, J., Philpott, R., Maler, E., Madsen, P., & Scavo, T. (Eds). (2008). Security assertion markup language (SAML) V. 2.0. Technical overview. OASIS Comittee Draft 02.Google Scholar
  4. 4.
    OpenID specification. http://openid.net/developers/specs/. Accessed April 2013.
  5. 5.
    Liberty Alliance Initiative. http://projectliberty.org Accessed February April 2013.
  6. 6.
    Wason, T. (Ed.), (2009). Liberty ID-FF architecture overview, version 1.2. Liberty Alliance Project.Google Scholar
  7. 7.
    Nadalin, A., & Kaler, C., (Eds.) (2006). Web Services Federation Language (WS-Federation), version 1.1.Google Scholar
  8. 8.
    Recordon, D., & Hardt, D. (2012). The OAuth 2.0 authorization protocol. IETF Network Working Group.Google Scholar
  9. 9.
    Boeyen, S., Ellison, G., Karhuluoma, N., MacGregor, W., Madsen, P., Sengodan, S., Shinjar, S., & Thompson, P., (2003). Liberty trust models guidelines. Liberty Alliance Project, version 1.0.Google Scholar
  10. 10.
    Jensen, J. (2011). Benefits of federated identity management: A survey from an integrated operations viewpoint. In Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on availability, reliability and security for business, enterprise and health information systems (pp. 1–12). Springer.Google Scholar
  11. 11.
    Smith, D. (2008). The challenge of federated identity management. Elsevier Network Security, 4, 7–9.CrossRefGoogle Scholar
  12. 12.
    Landau, S., Le Van Gong, H., & Wilton, R. (2009). Achieving privacy in a federated identity management system. In R. Dingledine & P. Golle (Eds.), Financial cryptography and data security (pp 51–70). Berlin: Springer.Google Scholar
  13. 13.
    Arias Cabarcos, P., Almenárez Mendoza, F., Andres Marín Lopez, A., & Díaz Sanchez, D. (2009). Enabling SAML for dynamic identity federation management. In J. Wozniak, J. Konorski, R. Katulski, & A. R. Pach (Eds.), Wireless and mobile networking (pp. 173–184), Berlin: Springer.Google Scholar
  14. 14.
    ETSI GS INS-004 V 1.1.1, Group Specification. (2011). Identity and access management for networks and services; Dynamic federation negotiation and trust management in IdM systems.Google Scholar
  15. 15.
    Josang, A., Ismail, R., & Boyd, C. (2007). A survey of trust and reputation systems for online service provision. Decision Support Systems, 43(2), 618–644.CrossRefGoogle Scholar
  16. 16.
    Gómez Mármol, F., & Martínez Pérez, G. (2010). Towards pre-standardization of trust and reputation models for distributed and heterogeneous systems. Computer Standards & Interfaces, 32(4), 185–196.CrossRefGoogle Scholar
  17. 17.
    Gómez Mármol, F., & Girao, J. (2010). TRIMS, a privacy-aware trust and reputation model for identity management systems. Computer Networks, 54(16), 2899–2912.CrossRefGoogle Scholar
  18. 18.
    Boursas, L., & Danciu, V. A. (2008). Dynamic interorganizational cooperation setup in circle-of-trust environments. In IEEE network operations and management symposium. (pp. 113–120).Google Scholar
  19. 19.
    Xiang, Y., Kennedy, J. A., Richter, H., & Egger, M. (2010). Network and trust model for dynamic federation. In The fourth international conference on advanced engineering computing and applications in sciences, (pp 1–6).Google Scholar
  20. 20.
    Arias Cabarcos, P. (2011). Risk assessment for better identity management in pervasive environments. In IEEE international conference on pervasive computing and communications workshops (PERCOM workshops) (pp. 389–390).Google Scholar
  21. 21.
    Cantor, S., Moreh, J., Philpott, R., & Maler, E. (Eds.) (2005). Metadata for the OASIS security assertion markup language (SAML), V2.0. OASIS standard.Google Scholar
  22. 22.
    OMNeT++. http://omnetpp.org. Accessed April 2013.
  23. 23.
    Pereniguez, F., Marín-López, R., Kambourakis, G., Gritzalis, S., & Gómez, A. F. (2011). PrivaKERB: A user privacy framework for Kerberos. Computers & Security, 30(6), 446–463.CrossRefGoogle Scholar
  24. 24.
    Choi, D., Jin, S. H., & Yoon, H. (2007). Trust management for user-centric identity management on the internet. In Proceedings of IEEE international symposium on consumer electronics (pp. 1–4). Dallas, TX, USA.Google Scholar
  25. 25.
    Bhargav-Spantzel, A., Squicciarini, A. C., & Bertino, E. (2007). Trust negotiation in identity management. IEEE Security & Privacy, 5(2), 55–63.Google Scholar
  26. 26.
    Abliz, M., (2009). Negotiating trust in identity metasystem. University of Pittsburgh Department of Computer Science, Technical Report. TR-10-173.Google Scholar
  27. 27.
    Almenárez, F., Arias, P., Marín, A., & Díaz, D. (2009). Towards dynamic trust establishment for identity federation. In Proceedings of the ACM Euro American conference on telematics and information systems.Google Scholar
  28. 28.
    Almenárez, F., Marín, A., Díaz, D., Cortés, A., Campo, C., & García, C. (2011). Trust management for multimedia P2P applications in autonomic networking. Ad Hoc Networks, 9(4), 687–697.Google Scholar
  29. 29.
    Arias-Cabarcos, P., Almenárez-Mendoza, F., Marín-López, A., Díaz-Sánchez, D., & Sánchez-Guerrero, R. (2012). A metric-based approach to assess risk for “On Cloud” federated identity management. Journal of Network and Systems Management, 20(4), 513–533.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  • Patricia Arias Cabarcos
    • 1
  • Florina Almenárez
    • 1
  • Félix Gómez Mármol
    • 2
  • Andrés Marín
    • 1
  1. 1.Universidad Carlos III de MadridLeganés, MadridSpain
  2. 2.NEC Laboratories EuropeHeidelbergGermany

Personalised recommendations