D-FOAF: Distributed Identity Management with Access Rights Delegation

  • Sebastian Ryszard Kruk
  • Sławomir Grzonkowski
  • Adam Gzella
  • Tomasz Woroniecki
  • Hee-Chul Choi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4185)


Todays WWW consists of more than just information. The WWW provides a large number of services, which often require identification of it’s users. This has lead to the fact that today users have to maintain a large number of different credentials for different websites – distributed or shared identification system are not widely deployed. Furthermore current authorisation systems requires strict centralisation of the authorisation procedure – users themselves are usually not enabled to authorise their trusted friends to access services, although often this would be beneficial for services and businesses on the Web.

In this article we present D-FOAF, a distributed identity management system which deploys social networks. We show how information inherent in social networks can be utilised to provide community driven access rights delegation and we analyse algorithms for managing distributed identity, authorisation and access rights checking. Finally we show how the social networking information can be protected in a distributed environment.


Social Network Access Control Identity Management Local Cache Dijkstra Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
  3. 3.
  4. 4.
    FOAFRealm project:
  5. 5.
    HyperCuP Lightweight Implementation project:
  6. 6.
  7. 7.
    JeromeDL project:
  8. 8.
  9. 9.
    Microsoft Passport:
  10. 10.
  11. 11.
  12. 12.
  13. 13.
    XML User Profiles:
  14. 14.
    Alliance, L.: WS-Federation. A Comparative Overview. White Paper. Technical report (2003)Google Scholar
  15. 15.
    nyi, G.b.C., Szendroi, B.z.: Structure of a large social network (2004)Google Scholar
  16. 16.
    Boyd, D.M.: Friendster and Publicly Articulated Social Networking. In: Conference on Human Factors and Computing Systems, CHI 2004 (2004),
  17. 17.
    Cvrcek, D.: Authorization Model for Strongly Distributed Information SystemsGoogle Scholar
  18. 18.
    Dijkstra, E.W.: A note on two problems in connexion with graphs. Numerische Mathematik 1, 269–271 (1959)MATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Dodds, L.: An Introduction to FOAF (February 2004),
  20. 20.
    Grzonkowski, S., Gzella, A., Krawczyk, H., Kruk, S.R., Moyano, F.J.M.-R., Woroniecki, T.: D-FOAF - Security Aspects in Distributed User Managment System. In: TEHOSS 2005 (2005)Google Scholar
  21. 21.
    Hardt, D.: Personal Digital Identity Management. In: FOAF Workshop proceedings (2004)Google Scholar
  22. 22.
    Hellenschmidt, M., Kirste, T., Rieger, T.: An agent based approach to distributed user profile management within a multimodal environment. In: Proceedings of the Workshop on the Application of Semantic Web Technologies to Web Communities, Rostock, Germany (2003); International Workshop on Mobile Computing, IMC 2003 (2003)Google Scholar
  23. 23.
    Heymann, P.: Distributed Social Network Protocol. Technical report. Duke UniversityGoogle Scholar
  24. 24.
    Jennifer, G., Parsia, B., Hendler, J.: Trust Management for the Semantic Web. In: Proceedings of Cooperative Intelligent Agents (2003),
  25. 25.
    Jim, T.: SD3: A Trust Management System with Certified Evaluation. In: IEEE Symposium on Security and Privacy (May 2001)Google Scholar
  26. 26.
    Jones, W.H.: Project Integration Architecture: Distributed Lock Management, Deadlock Detection, and Set Iteration. Technical report, John H. Glenn Research Center at Lewis Field Cleveland, OH 44135Google Scholar
  27. 27.
    Jones, W.H.: Project Integration Architecture: Initial Plan for Distributed User Authentication and Access Control. Technical report, John H. Glenn Research Center at Lewis Field Cleveland, OH 44135Google Scholar
  28. 28.
    Jones, W.H.: Project Integration Architecture: Application Architecture. Technical report, John H. Glenn Research Center at Lewis Field Cleveland, OH 44135 (2005)Google Scholar
  29. 29.
    Kaye, R.: Next-Generation File Sharing with Social Networks,
  30. 30.
    Kleinberg, J.: Small-world phenomena and the dynamics of information (2001)Google Scholar
  31. 31.
    Kruk, S.R.: FOAF-Realm - control your friends’ access to the resource. In: FOAF Workshop proceedings (2004),
  32. 32.
    Kruk, S.R., Decker, S.: Semantic Social Collaborative Filtering with FOAFRealm. In: Gil, Y., Motta, E., Benjamins, V.R., Musen, M.A. (eds.) ISWC 2005. LNCS, vol. 3729. Springer, Heidelberg (2005)Google Scholar
  33. 33.
    Kruk, S.R., Decker, S., Zieborak, L.: JeromeDL - Adding Semantic Web Technologies to Digital Libraries. In: Andersen, K.V., Debenham, J., Wagner, R. (eds.) DEXA 2005, vol. 3588, pp. 716–725. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  34. 34.
    Milgram, S.: The Small World Problem. Psychology Today, 60–67 (May 1967)Google Scholar
  35. 35.
    Newman, M.: Models of the Small World: A ReviewGoogle Scholar
  36. 36.
    Novotny, J., Tuecke, S., Welch, V.: An Online Credential Repository for the Grid: MyProxy. In: Turner, J., Kraut, R. (eds.) Proceedings of the Tenth International Symposium on High Performance Distributed Computing (HPDC- 10), pp. 104–111. IEEE Press, Los Alamitos (2001)CrossRefGoogle Scholar
  37. 37.
    Schlosser, M., Sintek, M., Decker, S., Nejdl, W.: Ontology-Based Search and Broadcast in HyperCuP. In: International Semantic Web Conference, Sardinia (2002)Google Scholar
  38. 38.
    Shen, H., Dewan, P.: Access Control for Collaborative Environments. In: Turner, J., Kraut, R. (eds.) Proc ACM Conf. Computer-Supported Cooperative Work, CSCW, pp. 51–58. ACM Press, New York (1992)Google Scholar
  39. 39.
    Skvoretz, J.: Complexity theory and models for social networks. Complex 8(1), 47–55 (2002)CrossRefMathSciNetGoogle Scholar
  40. 40.
    Thompson, M., Essiari, A., Mudumbai, S.: Certificate-based Authorization Policy in a PKI Environment.Google Scholar
  41. 41.
    Watts, D.J., Dodds, P.S., Newman, M.E.J.: Identity and Search in Social Networks. Science 296(5571), 1302–1305 (May 2002)CrossRefGoogle Scholar
  42. 42.
    Woo, T.Y.C., Lam, S.S.: A framework for distributed authorization. In: CCS 1993: Proceedings of the 1st ACM conference on Computer and communications security, New York, USA, pp. 112–118. ACM Press, New York (1993)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Sebastian Ryszard Kruk
    • 1
  • Sławomir Grzonkowski
    • 1
    • 2
  • Adam Gzella
    • 1
    • 2
  • Tomasz Woroniecki
    • 1
    • 2
  • Hee-Chul Choi
    • 3
  1. 1.Digital Enterprise Research InstituteNational University of IrelandGalwayIreland
  2. 2.Faculty of Electronics, Telecommunications and InformaticsGdansk University of TechnologyPoland
  3. 3.DERISeoul National UniversitySeoulKorea

Personalised recommendations