Active Digital Credentials: Dynamic Provision of Up-to-Date Identity Information

  • Marco Casassa Mont
  • Richard Brown
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2437)


Identities and profiles are important to enable e-commerce transactions. Recent initiatives, like Microsoft .MyServices and Liberty Alliance Project, aim at the provision of identity and profile management solutions along with mechanisms to simplify users’ experience. These solutions must be trusted and accountable. Current PKI solutions can be used to deal with certification and trust management. Unfortunately the complexity of managing digital credential lifecycle is one of the obstacles to their adoption. This complexity is accentuated in the case of dynamic environments, where the certified information is subject to frequent changes. In this paper we address the problem of providing up-to-date certified information in dynamic contexts. We introduce the concept of active digital credential as a mechanism to provide up-to-date certified identity and profile information along with a fine-grained assessment of trustworthiness and validity. Work is in progress both to implement a prototype and assess the feasibility of the proposed model.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Camp, L. J.: Trust and Risk in Internet Commerce.The MIT press (2000)Google Scholar
  2. 2.
    Microsoft: Microsoft.MyServices: a platform for building user-centric applications. (2002)
  3. 3.
    Liberty Alliance: Project Liberty Alliance. (2002)
  4. 4.
    Housley, R., Ford, W., Polk, W., Solo, D.: RFC2459: Internet X.509 Public Key Infrastructure Certificate and CRL profile. IETF (1999)Google Scholar
  5. 5.
    Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization. IETF (1999)Google Scholar
  6. 6.
    IETF: An Open Specification for Pretty Good Privacy (PGP). (2001)
  7. 7.
    Ellison, C.: SPKI Requirements, RFC 2692. IETF (1999)Google Scholar
  8. 8.
    Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI Certificate Theory, RFC 2693. IETF (1999)Google Scholar
  9. 9.
    Boneh, D., Franklin M.: Identity-based Encryption from the Weil Pairing. Crypto 2001 (2001)Google Scholar
  10. 10.
    Baldwin, A., Beres, Y., Casassa Mont, M., Shiu, S.: Trust Services: A Trust Infrastructure for E-Commerce. HPL-2001-198 (2001)Google Scholar
  11. 11.
    OASIS: SAML 1.0 Specification Set- (2002)
  12. 12.
    Eastlake, D., Reagle, J., Solo, D.: XML-Signature Syntax and Processing, draft-ietfxmldsig-core-08. IETF (2000)Google Scholar
  13. 13.
    Bray, T., Paoli, J., Sperberg-McQueen, C.M.: Extensible Markup Language (XML) 1.0. W3 Recommendation (1998)Google Scholar
  14. 14.
    W3C: Web Services Description Language (WSDL) 1.1. W3C (2001)Google Scholar
  15. 15.
    Zubeldia, P., Romney, G.: Digital Certification Systems. Patent: EP 0869637 A2 (1998)Google Scholar
  16. 16.
    Casassa Mont, M., Brown, R.: PASTELS project: Trust Management, Monitoring and Policy-driven Authorization Framework for E-Services in an Internet based B2B environment. HPL-2001-28 (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Marco Casassa Mont
    • 1
  • Richard Brown
    • 1
  1. 1.Hewlett-Packard LaboratoriesTrust, Security and PrivacyBristolUK

Personalised recommendations