To Federate or Not To Federate: A Reputation-Based Mechanism to Dynamize Cooperation in Identity Management
Identity Management systems cannot be centralized anymore. Nowadays, users have multiple accounts, profiles and personal data distributed throughout the web and hosted by different providers. However, the online world is currently divided into identity silos forcing users to deal with repetitive authentication and registration processes and hindering a faster development of large scale e-business. Federation has been proposed as a technology to bridge different trust domains, allowing user identity information to be shared in order to improve usability. But further research is required to shift from the current static model, where manual bilateral agreements must be pre-configured to enable cooperation between unknown parties, to a more dynamic one, where trust relationships are established on demand in a fully automated fashion. This paper presents IdMRep, the first completely decentralized reputation-based mechanism which makes dynamic federation a reality. Initial experiments demonstrate its accuracy as well as an assumable overhead in scenarios with and without malicious nodes.
KeywordsIdentity management Trust and reputation management Identity federation Cooperative systems
- 1.Maler, E., & Reed, D. (2008). The venn of identity: Options and issues in federated identity management. IEEE Security & Privacy, 6(2), 16–23.Google Scholar
- 2.Chadwick, D. W. (2009). Federated identity management. In: A. Aldini, G. Barthe & R. Gorrieri (Eds.), Foundations of security analysis and design (pp. 96–120). Berlin: Springer.Google Scholar
- 3.Ragouzis, N., Hughes, J., Philpott, R., Maler, E., Madsen, P., & Scavo, T. (Eds). (2008). Security assertion markup language (SAML) V. 2.0. Technical overview. OASIS Comittee Draft 02.Google Scholar
- 4.OpenID specification. http://openid.net/developers/specs/. Accessed April 2013.
- 5.Liberty Alliance Initiative. http://projectliberty.org Accessed February April 2013.
- 6.Wason, T. (Ed.), (2009). Liberty ID-FF architecture overview, version 1.2. Liberty Alliance Project.Google Scholar
- 7.Nadalin, A., & Kaler, C., (Eds.) (2006). Web Services Federation Language (WS-Federation), version 1.1.Google Scholar
- 8.Recordon, D., & Hardt, D. (2012). The OAuth 2.0 authorization protocol. IETF Network Working Group.Google Scholar
- 9.Boeyen, S., Ellison, G., Karhuluoma, N., MacGregor, W., Madsen, P., Sengodan, S., Shinjar, S., & Thompson, P., (2003). Liberty trust models guidelines. Liberty Alliance Project, version 1.0.Google Scholar
- 10.Jensen, J. (2011). Benefits of federated identity management: A survey from an integrated operations viewpoint. In Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on availability, reliability and security for business, enterprise and health information systems (pp. 1–12). Springer.Google Scholar
- 12.Landau, S., Le Van Gong, H., & Wilton, R. (2009). Achieving privacy in a federated identity management system. In R. Dingledine & P. Golle (Eds.), Financial cryptography and data security (pp 51–70). Berlin: Springer.Google Scholar
- 13.Arias Cabarcos, P., Almenárez Mendoza, F., Andres Marín Lopez, A., & Díaz Sanchez, D. (2009). Enabling SAML for dynamic identity federation management. In J. Wozniak, J. Konorski, R. Katulski, & A. R. Pach (Eds.), Wireless and mobile networking (pp. 173–184), Berlin: Springer.Google Scholar
- 14.ETSI GS INS-004 V 1.1.1, Group Specification. (2011). Identity and access management for networks and services; Dynamic federation negotiation and trust management in IdM systems.Google Scholar
- 18.Boursas, L., & Danciu, V. A. (2008). Dynamic interorganizational cooperation setup in circle-of-trust environments. In IEEE network operations and management symposium. (pp. 113–120).Google Scholar
- 19.Xiang, Y., Kennedy, J. A., Richter, H., & Egger, M. (2010). Network and trust model for dynamic federation. In The fourth international conference on advanced engineering computing and applications in sciences, (pp 1–6).Google Scholar
- 20.Arias Cabarcos, P. (2011). Risk assessment for better identity management in pervasive environments. In IEEE international conference on pervasive computing and communications workshops (PERCOM workshops) (pp. 389–390).Google Scholar
- 21.Cantor, S., Moreh, J., Philpott, R., & Maler, E. (Eds.) (2005). Metadata for the OASIS security assertion markup language (SAML), V2.0. OASIS standard.Google Scholar
- 22.OMNeT++. http://omnetpp.org. Accessed April 2013.
- 24.Choi, D., Jin, S. H., & Yoon, H. (2007). Trust management for user-centric identity management on the internet. In Proceedings of IEEE international symposium on consumer electronics (pp. 1–4). Dallas, TX, USA.Google Scholar
- 25.Bhargav-Spantzel, A., Squicciarini, A. C., & Bertino, E. (2007). Trust negotiation in identity management. IEEE Security & Privacy, 5(2), 55–63.Google Scholar
- 26.Abliz, M., (2009). Negotiating trust in identity metasystem. University of Pittsburgh Department of Computer Science, Technical Report. TR-10-173.Google Scholar
- 27.Almenárez, F., Arias, P., Marín, A., & Díaz, D. (2009). Towards dynamic trust establishment for identity federation. In Proceedings of the ACM Euro American conference on telematics and information systems.Google Scholar
- 28.Almenárez, F., Marín, A., Díaz, D., Cortés, A., Campo, C., & García, C. (2011). Trust management for multimedia P2P applications in autonomic networking. Ad Hoc Networks, 9(4), 687–697.Google Scholar