Managing Dynamic Identity Federations using Security Assertion Markup Language

Abstract Security Assertion Markup Language is one of the most widely used technologies to enable Identity Federations among different organisations. Despite its several advantages, one of its key disadvantages is that it does not allow creating a federation in a dynamic fashion to enable service pr...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Ferdous,Sadek, Poet,Ron
Lenguaje:English
Publicado: Universidad de Talca 2015
Acceso en línea:http://www.scielo.cl/scielo.php?script=sci_arttext&pid=S0718-18762015000200005
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
Descripción
Sumario:Abstract Security Assertion Markup Language is one of the most widely used technologies to enable Identity Federations among different organisations. Despite its several advantages, one of its key disadvantages is that it does not allow creating a federation in a dynamic fashion to enable service provisioning (or de-provisioning) in real time. A few approaches have been proposed to rectify this problem. However, most of them require elaborate changes of the language and do not provide mechanisms to manage federations dynamically. This paper presents a better approach based on an already drafted Security Assertion Markup Language Profile and requires no change in its specification, rather it depends on the specific implementation. Our proposed approach covers all aspects regarding the management of dynamic Identity Federation. It will allow users to create federations dynamically between two prior unknown organisations and will allow them to manage such federations as long as it is required. Implicit in each identity federation is the issue of trust. Therefore, the trust issues involved in the management of dynamic federations are analysed in details. Finally, a proof of concept is discussed with a few use-cases to elaborate the practicality of our approach.