© University of Kent - Contact | Feedback | Legal | FOI | Cookies
Attribute aggregation in federated identity management
David W Chadwick and George Inman
IEEE Computer, pages 182-196, May 2009.Abstract
Abstract We describe how in today�s federated identity management (FIM) systems, such as CardSpace and Shibboleth, service providers (SPs) rely on identity providers (IdPs) to authenticate the users and provide their identity attributes. The SPs then use these attributes for granting or denying users access to their resources. Unfortunately most FIM systems have one significant limitation, which is that the user can only use one IdP within a single SP session, when in many scenarios the user needs to provide attributes from multiple IdPs. We describe how this can be achieved through the introduction of a new service called a linking service. The conceptual model of the linking service is described as well as the mapping of its messages onto today�s standard protocols (SAML, Liberty Alliance and WS-*).
Download publication 888 kbytes (PDF)Bibtex Record
@article{3026,
author = {David W Chadwick and George Inman},
title = {Attribute Aggregation in Federated Identity Management},
month = {May},
year = {2009},
pages = {182-196},
keywords = {determinacy analysis, Craig interpolants},
note = {},
doi = {},
url = {http://www.cs.kent.ac.uk/pubs/2009/3026},
publication_type = {article},
submission_id = {24589_1280422459},
journal = {IEEE Computer},
}