Abstract
OpenID is an open standard providing a decentralised authentication mechanism to end users. It is based on a unique URL (Uniform Resource Locator) or XRI (Extensible Resource Identifier) as identifier of the user. This fact of using a single identifier confers this approach an interesting added-value when users want to get access to different services in the Internet, since users do not need to create a new account on every website they are visiting. However, OpenID providers are usually also being used as a point to store certain personal attributes of the end users, which might be of interest for any service provider willing to make profit from collecting that personal information. The definition of a reputation management solution integrated as part of the OpenID protocol can help users to determine whether certain service provider is more or less reliable before interacting with it and transferring their private information. This paper is providing the definition of a reputation framework that can be applied to the OpenID SSO (Single Sign-On) standard solution. It also defines how the protocol itself can be enhanced so OpenID providers can collect (and provide) recommendations from (to) users regarding different service providers and thus enhancing the users’ experience when using OpenID.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Recordon, D., Reed, D.: OpenID 2.0: a platform for user-centric identity management. In: Proceedings of the Second ACM Workshop on Digital Identity Management, DIM 2006, pp. 11–16 (2006)
Sakimura, N.: Coping with information asymmetry. In: Identity Management Conference, SESSION G: Managing Risk & Reducing Online Fraud Using New Security Technologies, pp. 1–14. OASIS, Washington, US (2010)
Mármol, F.G., Pérez, G.M.: Security Threats Scenarios in Trust and Reputation Models for Distributed Systems. Elsevier Computers & Security 28(7), 545–556 (2009)
OASIS. Open reputation management systems (ORMS) (2008), http://www.oasis-open.org/committees/orms
Mármol, F.G., Pérez, G.M.: Towards Pre-Standardization of Trust and Reputation Models for Distributed and Heterogeneous Systems. Computer Standards & Interfaces 32(4), 185–196 (2010)
Piotrowski, T.: E-receipt verification system and method. US Patent, US 0120607 A1 (June 2003), http://www.freepatentsonline.com/20030120607.pdf
Mármol, F.G., Pérez, G.M.: Providing Trust in Wireless Sensor Networks using a Bio-Inspired Technique. Telecommunication Systems Journal 46(2), 163–180 (2011)
Mármol, F.G., Marín-Blázquez, J.G., Pérez, G.M.: Linguistic Fuzzy Logic Enhancement of a Trust Mechanism for Distributed Networks. In: Proceedings of the Third IEEE International Symposium on Trust, Security and Privacy for Emerging Applications (TSP 2010), Bradford, UK, pp. 838–845 (2010)
Omar, M., Challal, Y., Bouabdallah, A.: Reliable and fully distributed trust model for mobile ad hoc networks. Computers and Security 28(3-4), 199–214 (2009)
Mármol, F.G., Pérez, G.M., Skarmeta, A.F.G.: TACS, a Trust Model for P2P Networks. Wireless Personal Communications, Special Issue on Information Security and data protection in Future Generation Communication and Networking 51(1), 153–164 (2009)
Wang, Y., Tao, Y., Yu, P., Xu, F., Lü, J.: A Trust Evolution Model for P2P Networks. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 216–225. Springer, Heidelberg (2007)
Huang, C., Hu, H., Wang, Z.: A Dynamic Trust Model Based on Feedback Control Mechanism for P2P Applications. In: Yang, L.T., Jin, H., Ma, J., Ungerer, T. (eds.) ATC 2006. LNCS, vol. 4158, pp. 312–321. Springer, Heidelberg (2006)
Marti, S., García-Molina, H.: Identity crisis: anonymity vs reputation in P2P systems. In: Proceedings for the Third International Conference on Peer-to-Peer Computing (P2P 2003) Linköping, Sweden, pp. 134–141 (September 2003)
Bansal, S.K., Bansal, A., Blake, M.: Trust-based dynamic web service composition using social network analysis. In: IEEE International Workshop on Business Applications for Social Network Analysis (BASNA 2010) (December 2010)
Hang, C.-W., Singh, M.P.: Selecting trustworthy service in service-oriented environments. In: The 12th AAMAS Workshop on Trust in Agent Societies (May 2009)
Malik, Z., Bouguettaya, A.: Reputation bootstrapping for trust establishment among web services. IEEE Internet Computing 13, 40–47 (2009)
Paradesi, S., Doshi, P., Swaika, S.: Integrating behavioral trust in web service compositions. In: Proceedings of the 2009 IEEE International Conference on Web Services, ICWS 2009, pp. 453–460 (2009)
Mármol, F.G., Girao, J., Pérez, G.M.: TRIMS, a Privacy-aware Trust and Reputation Model for Identity Management Systems. Elsevier Computer Networks Journal 54(16), 2899–2912 (2010)
Mohan, A., Blough, D.M.: AttributeTrust - a framework for evaluating trust in aggregated attributes via a reputation system. In: Proceedings of the 2008 Sixth Annual Conference on Privacy, Security and Trust, pp. 201–212 (2008)
Windley, P.J., Daley, D., Cutler, B., Tew, K.: Using reputation to augment explicit authorization. In: Proceedings of the 2007 ACM workshop on Digital identity management, DIM 2007, pp. 72–81 (2007)
Lin, K.-J., Lu, H., Yu, T., Tai, C.-e.: A reputation and trust management broker framework for web applications. In: nternational Conference on e-Technology, e-Commerce, and e-Services, pp. 262–269. IEEE Computer Society, Los Alamitos (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mármol, F.G., Kuhnen, M.Q., Pérez, G.M. (2011). Enhancing OpenID through a Reputation Framework. In: Calero, J.M.A., Yang, L.T., Mármol, F.G., García Villalba, L.J., Li, A.X., Wang, Y. (eds) Autonomic and Trusted Computing. ATC 2011. Lecture Notes in Computer Science, vol 6906. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23496-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-23496-5_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23495-8
Online ISBN: 978-3-642-23496-5
eBook Packages: Computer ScienceComputer Science (R0)