Identity management systems

Digital Identity and Access Management: Technologies and Frameworks

Volumn , Issue , 2011, Pages 209-253

  Alrodhan, Waleed ^a  

^a AL IMAM MOHAMMAD IBN SAUD ISLAMIC UNIVERSITY IMSIU   (Saudi Arabia)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84886375456     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.4018/978-1-61350-498-7.ch012     Document Type: Chapter

References (111)

1. Ahn, G. J., Ko, M., & Shehab, M. (2008). Portable user-centric identity management. In Proceedings of the IFIP TC-11 23rd International Information Security Conference, IFIP 20th World Computer Congress, IFIP SEC 2008, Milano, Italy (pp. 573-587). Springer-Verlag.
2. Ahsant, M., Basney, J., & Mulmo, O. (2004, July). Grid delegation protocol (Technical Report No. YCS-2004-380). University of York, Department of Computer Science.
3. Al-Sinani, H. S., Alrodhan, W. A., & Mitchell, C. J. (2010). CardSpace-Liberty integration for CardSpace users. In Proceedings of the 9th Symposium on Identity and Trust on the Internet, IDTrust 2010, Gaithersburg, Maryland, USA, April 13-15, 2010 (pp. 12-25). ACM.
4. Alrodhan, W. A., & Mitchell, C. J. (2007). Addressing privacy issues in CardSpace. In Proceedings of the Third International Symposium on Information Assurance and Security, IAS 2007, Manchester, UK (pp. 285-291). IEEE Computer Society.
5. Alrodhan, W. A., & Mitchell, C. J. (2008a). A client-side CardSpace-Liberty integration architecture. In Proceedings of the Seventh Symposium on Identity and Trust on the Internet, IDTrust 2008, NIST, Gaithersburg, USA (vol. 283, pp. 1-7). ACM International Conference Proceeding Series.
6. Alrodhan, W. A., & Mitchell, C. J. (2008b). A delegation framework for Liberty. In Proceedings of the Third Conference on Advances in Computer Security and Forensics, ACSF 2008, Liverpool, UK (pp. 67-73). Liverpool John Moores University.
7. Alrodhan, W. A., & Mitchell, C. J. (2009). Improving the security of CardSpace. EURASIP Journal on Information Security, 9, 167216. doi:10.1186/1687-417X-2009-167216.
8. Alrodhan, W. A., & Mitchell, C. J. (2010). Enhancing user authentication in claim-based identity management. In Proceedings of the 2010 International Symposium on Collaborative Technologies and Systems, CTS 2010, Chicago, Illinois, USA (pp. 75-83). IEEE.
9. Arends, R., Austein, R., Larson, M., Massey, D., & Rose, S. (2005, March). DNS security introduction and requirements. RFC 4033, Internet Engineering Task Force.
10. Atwood, M., Conlan, R. M., Cook, B., Culver, L., Elliott-McCrea, K., & Halff, L. (2007, December). OAuth Core 1.0. OAuth Core Workgroup. Retrieved from http://oauth.net/core/1.0.
11. Austel, P., Bhola, S., Chari, S., Koved, L., McIntosh, M., & Steiner, M. (2008). Secure delegation for Web 2.0 and mashups. A Position Statement for the 2008 Workshop on Web 2.0 Security and Privacy (W2SP). IBM Corporation.
12. Berners-Lee, T., Fielding, R., & Masinter, L. (2005, January). Uniform resource identifier (URI): Generic syntax. RFC 3986, Internet Engineering Task Force.
13. Bertocci, V., Serack, G., & Baker, C. (2008). Understanding Windows CardSpace. Addison-Wesley.
14. Beznosov, K., Flinn, D. J., Kawamoto, S., & Hartman, B. (2005). Introduction to Web services and their security. Information Security Technical Report, 10, 2-14. doi:10.1016/j.istr.2005.02.001.
15. Bolten, J. B. (director) (2003, December). E-authentication guidance for federal agencies - M-04-04. Office of Management and Budget (OMB), Executive Office of the President, The White House, Washington DC, USA.
16. Booth, D., Haas, H., McCabe, F., Newcomer, E., Champion, M., Ferris, C. (2004, February). Web services architecture. The World Wide Web Consortium (W3C).
17. Box, D., & Curbera, F. (Eds.). (2004, August). Web services addressing (ws-addressing). The World Wide Web Consortium (W3C).
18. Bramhall, P., Hansen, M., Rannenberg, K., & Roessler, T. (2007, July/August). User-centric identity management: New trends in standardization and regulation. IEEE Security & Privacy, 5(4), 84-87. doi:10.1109/MSP.2007.99.
19. Bufu, J., & Daugherty, J. (Eds.). (2008, December). OpenID provider authentication policy extension 1.0.The OpenID Foundation. Retrieved from http://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html.
20. Burr, W. E., Dodson, D. F., & Polk, W. T. (2006, April). Electronic authentication guideline - Special Publication 800-63 - Version 1.0.2. Recommendations of the National Institute of Standards and Technology (NIST), USA.
21. CA/Browser forum. (2008, April). Guidelines for the issuance and management of extended validation certificates - version 1.1.
22. Cahill, C., & Hodges, J. (Eds.). (2006). Liberty ID-WSF web services discovery service specification - Version 2.0. Liberty Alliance Project.
23. Camenisch, J., Shelat, A., Sommer, D., Fischer-Hübner, S., Hansen, M., & Krasemann, H. (2005, November). Privacy and identity management for everyone. In Proceedings of the 2005 Workshop on Digital Identity Management (pp. 20-27). Fairfax, VA: ACM.
24. Cameron, K. (2005, May). The laws of identity. (Microsoft Corporation).
25. Cameron, K., & Jones, M. B. (2006, February). Design rationale behind the identity metasystem architecture. Microsoft Corporation.
26. Cantor, S. (Ed.). (2005a, October). SAML 2.0 single sign-on with constrained delegation. Internet2. Retrieved from http://shibboleth.internet2.edu/shibboleth-documents.html.
27. Cantor, S. (Ed.). (2005b, September). Shibboleth architecture - Protocols and profiles. Internet2. Rerieved from http://shibboleth.internet2.edu/docs/internet2-mace-shibboleth-arch-protocols-200509.pdf.
28. Cantor, S. (2008, January). Attribute release policies. Internet2. Retrieved from https://spaces.internet2.edu/display/SHIB/IdPARPConfig.
29. Cantor, S. (n.d.). User authentication and subject identifiers in Shibboleth. Retrieved from https://spaces.internet2.edu/display/SHIB/IdPUserAuthnConfig.
30. Cantor, S., Hirsch, F., Kemp, J., Philpott, R., & Maler, E. (Eds.). (2005, March). Bindings for the OASIS security assertion markup language (SAML) V2.0. OASIS Standard Specification. OASIS Open.
31. Cantor, S., & Kemp, J. (Eds.). (2004). Liberty ID-FF protocols and schema specification - 1.2-errata-v3.0. Liberty Alliance Project.
32. Cantor, S., Kemp, J., & Champagne, D. (Eds.). (2004). Liberty ID-FF bindings and profiles specification - 1.2-errata-v2.0. Liberty Alliance Project.
33. Cantor, S., Kemp, J., Philpott, R., & Maler, E. (Eds.). (2005, March). Assertions and protocols for the OASIS security assertion markup language (SAML) V2.0. OASIS Standard Specification. OASIS Open.
34. Chadwick, D. W. (2005, April). Delegation issuing service for x.509. In Proceedings of the 4th Annual PKI R&D Workshop, USA (Vol. IR 7224, pp. 66-77). NIST Technical Publication.
35. Chadwick, D. W. (2008). Federated identity management. In Aldini, A., Barthe, G., & Gorrieri, R. (Eds.), Foundations of security analysis and design v, FOSAD 2007/2008/2009 Tutorial Lectures (Vol. 5705, pp. 96-120). Springer. doi:10.1007/978-3-642-03829-7_3.
36. Chadwick, D. W., & Inman, G. (2009). Attribute aggregation in federated identity management. IEEE Computer, 42(5), 33-40. doi:10.1109/MC.2009.143.
37. Chadwick, D. W., Otenko, S., & Nguyen, T. A. (2009). Adding support to XACML for multi-do-main user to user dynamic delegation of authority. International Journal of Information Security, 8, 137-152. doi:10.1007/s10207-008-0073-y.
38. Christensen, E., Curbera, F., Meredith, G., & Weerawarana, S. (2001, March). Web services description language (WSDL) - Version 1.1. The World Wide Web Consortium (W3C).
39. Claubeta, S., Kesdogan, D., & Kölsch, T. (2005). Privacy enhancing identity management: protection against re-identification and profiling. In Proceedings of the the 2005 Workshop on Digital Identity Management, Fairfax, Va, USA (pp. 84-93). ACM.
40. Clippinger, J. H. (2009, December). Higgins towards a foundation layer for the social Web. Higgins - Working draft.
41. Curbera, F., Parastatidis, S., & Schlimmer, J. (Eds.). (2006, August). Web services metadata exchange (WS-MetadataExchange) - Version 1.1. BEA Systems, Computer Associates, IBM, Microsoft, SAP AG, Sun Microsystems, and webmethods.
42. Cutler, R. (Ed.). (2008). Liberty identity assurance framework - Version 1.1. Liberty Alliance Project.
43. Diffie, W., & Hellman, M. E. (1976, November). New directions in cryptograph. IEEE Transactions on Information Theory, IT-22(6), 644-654. doi:10.1109/TIT.1976.1055638.
44. Duerst, M., & Suignard, M. (2005, January). Internationalized resource identifiers (iris). RFC 3987, Internet Engineering Task Force.
45. Gollmann, D. (2004). Computer security. John Wiley & Sons.
46. Gomi, H., Hatakeyama, M., Hosono, S., & Fujita, S. (2005). A delegation framework for federated identity management. In Proceedings of the Workshop on Digital Identity Management (DIM '05) (pp. 94-103). New York, NY: ACM Press.
47. Graux, H., & Majava, J. (2007, December). eID Interoperability for PEGS - Proposal for a multi-level authentication mechanism and a mapping of existing authentication mechanisms. The Interoperable Delivery of European eGovernment Services to public Administrations, Businesses and Citizens (IDABC).
48. Hammer-Lahav, E. (Ed.). (2009, June). OAuth Core 1.0 revision A. OAuth Core Workgroup. Retrieved from http://oauth.net/core/1.0a.
49. Hammer-Lahav, E., & Norris, W. (Eds.). (2009, November). Extensible resource descriptor (XRD) version 1.0 - Working draft 10. OASIS Open.
50. Hardt, D., Bufu, J., & Hoyt, J. (2007, December). OpenID attribute exchange 1.0 - Final. The OpenID Foundation. Retrieved from http://openid.net/specs/openid-attribute-exchange-1_0.html.
51. Hodges, J. (2009, July). Technical comparison: OpenID and SAML - Draft 07a. White paper. Retrieved from http://identitymeme.org/doc/drafthodges-saml-openid-compare-05.html.
52. Hodges, J., & Aarts, R. (Eds.). (2005). Liberty ID-WSF authentication service and single sign-on service specification - Version 1.1. Liberty Alliance Project.
53. Hodges, J., Aarts, R., Madsen, P., & Cantor, S. (Eds.). (2006). Liberty ID-WSF authentication, single sign-on, and identity mapping services specification - Version 2.0. Liberty Alliance Project.
54. Hughes, J., Cantor, S., Hodges, J., Hirsch, F., Mishra, P., & Philpott, R. (2005, March). Profiles for the OASIS security assertion markup language (SAML) V2.0. OASIS Standard Specification, OASIS Open.
55. Hunt, P. (Ed.). (2006). Client attribute requirements markup language (CARML) specification - Working draft 03. Oracle.
56. ISO/IEC. (2010, January). Second CD 24760 - Information Technology - Security techniques - A framework for identity management. [Manuel de logiciel].
57. ITU-T X.1250. (2009, February). X.idmreq, Baseline capabilities for enhanced global identity management trust and interoperability - Draft new recommendation [Manuel de logiciel].
58. Jones, M., MacIntyre, R., Morrow, T., Nenadi, A., Pickles, S., & Zhang, N. (2006, November). E-infrastructure security: Levels of assurance. The Joint Information Systems Committee (JISC).
59. Jones, M. B. (2006, March). A guide to supporting InfoCard v1.0 within web applications and browsers. Microsoft Corporation.
60. Jørstada, I., van Thuan, D., Jønvikc, T., & van Thanh, D. (2007). Bridging CardSpace and Liberty Alliance with SIM authentication. In Proceedings of the 10th International Conference on Intelligence in Next Generation Networks, ICIN 2007, Bordeaux, France (pp. 8-13). ADERA.
61. Jøsang, A., & Pope, S. (2005). User centric identity management. In Proceedings of Australian Computer Emergency Response Team Conference (AUSCERT 2005).
62. Jøsang, A., Zomai, M. A., & Suriadi, S. (2007). Usability and privacy in identity management architectures. In Proceedings of the Fifth Australasian Information Security Workshop (Privacy Enhancing Technologies) (AISW 2007),Victoria, Australia (pp. 143-152). Australian Computer Society.
63. Kellomai, S. (Ed.). (2003). Liberty ID-SIS employee profile service specification - Version 1.0. Liberty Alliance Project.
64. Kemp, J., Cantor, S., Mishra, P., Philpott, R., & Maler, E. (Eds.). (2005, March). Authentication context for the OASIS security assertion markup language (SAML) V2.0. OASIS Open.
65. Kim, S. H., Choi, D. S., Kim, D. J., Kim, S. H., Noh, J. H., & Jung, K. S. (2009, October). OpenID authentication method using identity selector. United States Patent. (US 2009/0249078 A1).
66. Madsen, P. (Ed.). (2008). Liberty IGF privacy constraints specification - Version 1.0-04. Liberty Alliance Project.
67. Madsen, P. (Ed.). (n.d.). Liberty ID-WSF people service - Federated social identity.
68. Maler, E., Mishra, P., & Philpott, R. (Eds.). (2003, September). Bindings and profiles for the OASIS security assertion markup language (SAML) V1.1. OASIS Standard Specification. OASIS Open.
69. Microsoft Corporation. (2005a, May). Microsoft's vision for an identity metasystem.
70. Microsoft Corporation. (2005b, August). A technical reference for InfoCard v1.0 in Windows.
71. Microsoft Corporation. (2008, July). A guide to using the identity selector interoperability profile V1.5 within Web applications and browsers.
72. Microsoft Corporation and Ping Identity Corporation. (2005, August). A guide to integrating with InfoCard v1.0.
73. Miller, J. (Ed.). (2006, March). Yadis 1.0 (HTML). The Identity and Accountability Foundation for Web 2.0. Retrieved from http://yadis.org/wiki/Yadis_1.0_%28HTML%29.
74. Mishra, P. (Ed.). (2006). AAPML: Attribute authority policy markup language - Working draft 08. Oracle.
75. Mitra, N., & Lafon, Y. (Eds.). (2007, April). SOAP - Version 1.2. The World Wide Web Consortium (W3C).
76. Monzillo, R., Kaler, C., Nadalin, A., & Hallem-Baker, P. (Eds.). (2006, February). Web services security: SAML token profile 1.1. OASIS Standard Specification. OASIS Open.
77. Morgan, B., Cantor, S., Hoehn, S. C. W., & Klingenstein, K. (2004). Federated security: The Shibboleth approach. EDUCAUSE Quarterly, 27(4), 12-17.
78. Nadalin, A., Goodner, M., Gudgin, M., Barbir, A., & Granqvist, H. (Eds.). (2007a, July). WS-Security policy - Version 1.2. OASIS Standard.
79. Nadalin, A., Goodner, M., Gudgin, M., Barbir, A., & Granqvist, H. (Eds.). (2007b, March). WS-Trust - Version 1.3. OASIS Standard.
80. Nadalin, A., & Kaler, C. (Eds.). (2006, December). Web services federation language WS-Federation, version 1.1. BEA Systems, BMC Software, CA, IBM, Layer 7 Technologies, Microsoft, Novell, and VeriSign.
81. Nadalin, A., Kaler, C., Monzillo, R., & Hallam-Baker, P. (Eds.). (2006, February). Web services security: SOAP message security - Version 1.1. OASIS Standard Specification.
82. Nanda, A. (2007, April). Identity selector interoperability profile v1.0. Microsoft Corporation.
83. Nash, A., Duane, W., Joseph, C., & Brink, D. (2001). Pki: Implementing and managing e-security. Osborne/McGraw-Hill.
84. NIST. (2001, May). Security requirements for cryptographic modules [Manuel de logiciel]. Gaithersburg, MD: NIST.
85. Noor, A. (2008). Identity protection factor (IPF). In The 7th Symposium on Identity and Trust on the Internet (IDTrust 2008) (vol. 283, pp. 8-18). ACM.
86. NSA. (2003, December). Guide to Sun Microsystems Java plug-in security, report number C43-022R-2003. Network Applications Team of the Systems and Network Attack Center (SNAC), National Security Agency (NSA), USA.
87. OECD. (1980, September). Guidelines on the protection of privacy and transborder flows of personal data. Organisation for Economic Cooperation and Development.
88. OECD. (2008, February). At a crossroads: "Personhood" and digital identity in the information society. Organisation for Economic Co-operation and Development.
89. Recordon, D., Bufu, J., & Hoyt, J. (Eds.). (2007, December). OpenID authentication 2.0. The OpenID Foundation. Retrieved from http://openid.net/specs/openid-authentication-2_0.html.
90. Reed, D., & McAlpin, D. (Eds.). (2005, November). Extensible resource identifier (XRI) syntax V2.0. OASIS Open.
91. ENISA Report. (2008, November). Mapping IDABC authentication assurance levels to SAML v2.0 - Gap analysis and recommendations.
92. Sabadello, M., Trevithick, P., & Reed, D. (2009, April). Universal data identifiers. Parity Communications Inc.
93. Sánchez, M., Reverte, Ó.C., López, G., & Gómez-Skarmeta, A. F. (2008). Managing the lifecycle of XACML delegation policies in federated environments. In Proceedings of the IFIP TC-11 23rd International Information Security Conference, IFIP 20th World Computer Congress, IFIP SEC 2008, Milano, Italy (pp. 717-721). Springer-Verlag.
94. Scavo, T. (Ed.). (2009, November). SAML V2.0 holder-of-key assertion profile - Version 1.0 - Committee draft 3. OASIS Open.
95. Seitz, L., Rissanen, E., Sandholm, T., Firozabadi, B. S., & Mulmo, O. (2005). Policy administration control and delegation using XACML and delegent. In Proceedings of the 6th IEEE/ACM International Conference on Grid Computing, Grid 2005, Seattle, Washington, USA (pp. 49-54). IEEE.
96. Suriadi, S., Foo, E., & Jøsang, A. (2009). A usercentric federated single sign-on system. Journal of Network and Computer Applications, 32, 388-401. doi:10.1016/j.jnca.2008.02.016.
97. Taylor, J. A., Lips, M., & Organ, J. (2009). Identification practices in government: Citizen surveillance and the quest for public service improvement. Identity in the Information Society. Springer-Verlag.
98. Tiffany, E., Madsen, P., & Cantor, S. (Eds.). (2009, May). Level of assurance authentication context profile for SAML 2.0 - Working Draft 03. OASIS Open.
99. Tourzan, J., & Koga, Y. (Eds.), (n.d.). Liberty ID-WSF web services framework overview - Version: 1.1. Liberty Alliance Project.
100. Trevithick, P. (2009, September). Relationship cards. Higgins Report 19 - Draft 0.46.
101. Wachob, G., Reed, D., Chasen, L., Tan, W., & Churchill, S. (Eds.). (2008, February). Extensible resource identifier (XRI) resolution version 2.0 - Committee draft 03. OASIS Open.
102. Wang, J., Vecchio, D. D., & Humphrey, M. (2005). Extending the security assertion markup language to support delegation for web services and grid services. In Ieee International Conference on Web Services (ICWS 2005) (vol. 1, pp. 67-74). IEEE Computer Society.
103. Wason, T. (Ed.), (n.d.). Liberty ID-FF architecture overview - Version: 1.2. Liberty Alliance Project.
104. Wenning, R., et al. (Eds.). (2006, November). The platform for privacy preferences - version 1.1. W3C Working Group Note.
105. Widdowson, R., & Cantor, S. (Eds.). (2008, March). Identity provider discovery service protocol and profile - Committee specification 01. OASIS Standard Specification. OASIS Open.
106. Windley, P. (2005). Digital identity. O'Reilly Media.
107. Wohlgemuth, S., & Müller, G. (2006). Privacy with delegation of rights by identity management. In Proceedings of the Emerging Trends in Information and Communication Security, International Conference (ETRICS 2006) (vol. 3995, pp. 175-190). Springer-Verlag.
108. X.509. (2000). Information Technology - Open systems interconnection - The directory: Public-key and attribute certificate frameworks [Manuel de logiciel].
109. X.509. (2005). Information Technology - Open systems interconnection - The directory: Public-key and attribute certificate frameworks [Manuel de logiciel].
110. X.680. (2002). Information Technology - Abstract syntax notation one (ASN.1): Specification of basic notation [Manuel de logiciel].
111. Y.2720. (2008, September). NGN identity management framework - Draft recommendation [Manuel de logiciel].