Federated Dynamic Authentication and Authorization in Daidalos

  • Zhikui Chen

this paper describes a dynamic authentication (AuthN) and authorization (AuthZ) (DAA) scheme based upon a virtual identity concept, as defined in the EU IST integration project Daidalos, in order to protect users’ privacy and the integrity of their personal information. For multiple inter-domains, the federation concept is introduced, which states the trust relationship among different domains at different levels. A common framework to coordinate AuthN, AuthZ and users’ personal information across different domains is established. The AuthN and AuthZ processes are clearly separated and implemented via SSO (Single Sign On). The Diameter protocol is used to exchange SAML assertions and AuthZ policy statements across domains and different AAA (AuthN, AuthZ and Accounting) solutions to realize service grouping management. A bootstrapping approach is used to ensure security of users’ personal information

Keywords

Federation authentication authorization privacy security bootstrapping 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    ETSI TS 282004: TISPAN, NGN functional architecture: Network attachment sub-system (NASS) Version: 1.1.1, 2006–06.Google Scholar
  2. 2.
    3GPP TS 33980, Interworking of Liberty Alliance Identity Federation Framework (ID-FF), Identity Web Services Framework (ID-WSF) and Generic Authentication Architecture (GAA), version: 7.2.0, 2006–09.Google Scholar
  3. 3.
    3GPP TS 33220, Generic Bootstrapping Architecture (GBA), version: 7.5.0, 2006–09.Google Scholar
  4. 4.
    Daidalos IST Project: http://www.ist-daidalos.org.Google Scholar
  5. 5.
    Daidalos deliverable, D341, “Architecture and design: A4C, security and privacy framework”, 2006–12.Google Scholar
  6. 6.
    Marco Carugi, Identification requirements in NGN, Identity workshop of ITU, 2006–12.Google Scholar
  7. 7.
    Zhikui Chen, “A Scenario for Identity Management in Daidalos”, IEEE CNSR 2007, Canada.Google Scholar
  8. 8.
    Olivereau, A.; Gomez Skarmeta, A.F.; Marin Lopez, R.; Weyl, B.; Brandao, P.; Mishra, P.; Ziemek, H.; Hauser, C., “An Advanced Authorization Framework for IP-based B3G Systems”. Proceedings of the 14th IST Mobile & Wireless Communications.Google Scholar
  9. 9.
    Aguiar, R.L.; Jaehnert, J.; Gomez Skarmeta, A.F.; Hauser, C., “Identity Management in Federated Telecommunications Systems”. Proceedings of the Workshop on Standards for Privacy in User-Centric Identity Management 2006, Zurich, 2006.Google Scholar
  10. 10.
    Fitzgerald, W.; Doolin, K.; Mahon, F.; Gomez Skarmeta, A.F.; Butler, S.; Schlosser, P.; Weyl, B.; Hauser, C.: “Daidalos Security Framework for Mobile Services”. Proceedings of eChallanges 2005, Ljubljana, 2005.Google Scholar
  11. 11.
    Daidalos deliverable, D321, “Architecture and Design: Interdomain and federation concepts”, 2006–12.Google Scholar
  12. 12.
    B. Weyl, P. Brandao, A. F. Gomez Skarmeta, R. M. Lopez, P. Mishra, C. Hauser, H. Ziemek, “Protecting Privacy. of Identities in Federated Operator Environments”, IST-4th Wireless Mobile Summit 2005.Google Scholar

Copyright information

© Springer 2007

Authors and Affiliations

  • Zhikui Chen
    • 1
  1. 1.Networks and Communication Systems, Computer CenterUniversität Stuttgart, Germany70550 StuttgartGermany

Personalised recommendations