The Experts below are selected from a list of 1353 Experts worldwide ranked by ideXlab platform
Eric Yu - One of the best experts on this subject based on the ideXlab platform.
-
COMPSAC - Trade-off Analysis of Identity Management Systems with an Untrusted Identity Provider
2008 32nd Annual IEEE International Computer Software and Applications Conference, 2008Co-Authors: G Elahi, Zeev Lieber, Eric YuAbstract:Internet users interact with multiple Web Service Providers (WSP), and therefore, must remember and manage multiple passwords. Users try to overcome the burden of password management by employing insecure solutions such as reusing the same password with several WSP. Identity management systems provide a solution for such problems. The common "assertion-based"' Identity Management systems require a strong trust in the Identity Provider (IdP), which has the power to impersonate any of its users. However, such trust is unlikely to materialize in the global Internet setting. This paper uses a goal-oriented approach for analyzing trust trade-offs of Identity Management systems in the global Internet scenario. We analyze a new proposal for a global Identity Management system named SlashID. SlashID takes advantage of client-side cryptography to eliminate the required trust relationship between the IdP and end users. We analyze and compare the impact of trust trade-offs of the SlashID solution.
-
Trade-off Analysis of Identity Management Systems with an Untrusted Identity Provider
2008 32nd Annual IEEE International Computer Software and Applications Conference, 2008Co-Authors: G Elahi, Zeev Lieber, Eric YuAbstract:Internet users interact with multiple Web Service Providers (WSP), and therefore, must remember and manage multiple passwords. Users try to overcome the burden of password management by employing insecure solutions such as reusing the same password with several WSP. Identity management systems provide a solution for such problems. The common "assertion-based"' Identity Management systems require a strong trust in the Identity Provider (IdP), which has the power to impersonate any of its users. However, such trust is unlikely to materialize in the global Internet setting. This paper uses a goal-oriented approach for analyzing trust trade-offs of Identity Management systems in the global Internet scenario. We analyze a new proposal for a global Identity Management system named SlashID. SlashID takes advantage of client-side cryptography to eliminate the required trust relationship between the IdP and end users. We analyze and compare the impact of trust trade-offs of the SlashID solution.
Christoph Meinel - One of the best experts on this subject based on the ideXlab platform.
-
SSCI - Using Probabilistic Attribute Aggregation for Increasing Trust in Attribute Assurance
2019 IEEE Symposium Series on Computational Intelligence (SSCI), 2019Co-Authors: Andreas Grüner, Alexander Mühle, Christoph MeinelAbstract:Identity management is an essential cornerstone of securing online services. Service provisioning relies on correct and valid attributes of a digital Identity. Therefore, the Identity Provider is a trusted third party with a specific trust requirement towards a verified attribute supply. This trust demand implies a significant dependency on users and service Providers. We propose a novel attribute aggregation method to reduce the reliance on one Identity Provider. Trust in an attribute is modelled as a combined assurance of several Identity Providers based on probability distributions. We formally describe the proposed aggregation model. The resulting trust model is implemented in a gateway that is used for authentication with self-sovereign Identity solutions. Thereby, we devise a service Provider specific web of trust that constitutes an intermediate approach bridging a global hierarchical model and a locally decentralized peer to peer scheme.
-
Using Probabilistic Attribute Aggregation for Increasing Trust in Attribute Assurance
2019 IEEE Symposium Series on Computational Intelligence (SSCI), 2019Co-Authors: Andreas Grüner, Alexander Mühle, Christoph MeinelAbstract:Identity management is an essential cornerstone of securing online services. Service provisioning relies on correct and valid attributes of a digital Identity. Therefore, the Identity Provider is a trusted third party with a specific trust requirement towards a verified attribute supply. This trust demand implies a significant dependency on users and service Providers. We propose a novel attribute aggregation method to reduce the reliance on one Identity Provider. Trust in an attribute is modelled as a combined assurance of several Identity Providers based on probability distributions. We formally describe the proposed aggregation model. The resulting trust model is implemented in a gateway that is used for authentication with self-sovereign Identity solutions. Thereby, we devise a service Provider specific web of trust that constitutes an intermediate approach bridging a global hierarchical model and a locally decentralized peer to peer scheme.
-
iThings/GreenCom/CPSCom/SmartData - A Quantifiable Trust Model for Blockchain-Based Identity Management
2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber Physical and , 2018Co-Authors: Andreas Grüner, Alexander Mühle, Tatiana Gayvoronskaya, Christoph MeinelAbstract:Removing the need for a trusted third party, blockchain technology revolutionizes the field of Identity management. Service Providers rely on digital identities to securely identify, authenticate and authorize users to their services. Traditionally, these digital identities are offered by a central Identity Provider belonging to a specific organisation. Trust in the digital Identity mainly originates from the Identity Provider's reputation, organizational functioning and contractual obligations. Blockchain technology enables the creation of decentralized Identity management without a central Identity Provider as trusted third party. Therefore, the derivation of trust in digital identities within this paradigm requires a distinct approach. In this paper we propose a novel general quantifiable trust model and a specific implementation variant for blockchain-based Identity management. Applying the model, trust is deduced in a decentralized manner from attestations of claims and applied to the associated digital Identity. This concept replaces trust with a central Identity Provider by aggregated trust into attestation issuers. Thus, promoting self-sovereign identities to be fit for purpose. The calculated numerical trust metric serves as independent basis for the definition of assurance levels to simplify and automate reasoning about trust by service Providers without requiring a dedicated evaluation of a trusted third party.
-
A Quantifiable Trust Model for Blockchain-Based Identity Management
2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber Physical and , 2018Co-Authors: Andreas Grüner, Alexander Mühle, Tatiana Gayvoronskaya, Christoph MeinelAbstract:Removing the need for a trusted third party, blockchain technology revolutionizes the field of Identity management. Service Providers rely on digital identities to securely identify, authenticate and authorize users to their services. Traditionally, these digital identities are offered by a central Identity Provider belonging to a specific organisation. Trust in the digital Identity mainly originates from the Identity Provider's reputation, organizational functioning and contractual obligations. Blockchain technology enables the creation of decentralized Identity management without a central Identity Provider as trusted third party. Therefore, the derivation of trust in digital identities within this paradigm requires a distinct approach. In this paper we propose a novel general quantifiable trust model and a specific implementation variant for blockchain-based Identity management. Applying the model, trust is deduced in a decentralized manner from attestations of claims and applied to the associated digital Identity. This concept replaces trust with a central Identity Provider by aggregated trust into attestation issuers. Thus, promoting self-sovereign identities to be fit for purpose. The calculated numerical trust metric serves as independent basis for the definition of assurance levels to simplify and automate reasoning about trust by service Providers without requiring a dedicated evaluation of a trusted third party.
-
An Attribute Assurance Framework to Define and Match Trust in Identity Attributes
2011 IEEE International Conference on Web Services, 2011Co-Authors: Ivonne Thomas, Christoph MeinelAbstract:Identity federation denotes a concept for the controlled sharing of user authentication and user attributes between independent trust domains. Using WS-Federation, service Providers and Identity Providers can set up a Circle of Trust, a so called federation, in which each member is willing to trust on assertions made by another partner. However, if a member has to rely on information received from a foreign source, the need for assurance that the information is correct is a natural requirement prior to using it. Identity assurance frameworks exist that can be used to assess the trustworthiness of Identity Providers. The result of this assessment is a level of trust, that can be assigned to an Identity Provider. However, existing approaches for evaluating Identity assurance do not allow to define trust levels for individual attributes. In our trust model, we consider both: (a) trust in an Identity Provider as the issuer of assertions and (b) trust in single attributes that an Identity Provider manages. In this paper, we show how our approach that we implemented in a logic-based framework can be used in web service scenarios to provide trust information on the level of Identity attributes, especially about the verification process, and to match trust requirements of attributes during request processing.
G Elahi - One of the best experts on this subject based on the ideXlab platform.
-
COMPSAC - Trade-off Analysis of Identity Management Systems with an Untrusted Identity Provider
2008 32nd Annual IEEE International Computer Software and Applications Conference, 2008Co-Authors: G Elahi, Zeev Lieber, Eric YuAbstract:Internet users interact with multiple Web Service Providers (WSP), and therefore, must remember and manage multiple passwords. Users try to overcome the burden of password management by employing insecure solutions such as reusing the same password with several WSP. Identity management systems provide a solution for such problems. The common "assertion-based"' Identity Management systems require a strong trust in the Identity Provider (IdP), which has the power to impersonate any of its users. However, such trust is unlikely to materialize in the global Internet setting. This paper uses a goal-oriented approach for analyzing trust trade-offs of Identity Management systems in the global Internet scenario. We analyze a new proposal for a global Identity Management system named SlashID. SlashID takes advantage of client-side cryptography to eliminate the required trust relationship between the IdP and end users. We analyze and compare the impact of trust trade-offs of the SlashID solution.
-
Trade-off Analysis of Identity Management Systems with an Untrusted Identity Provider
2008 32nd Annual IEEE International Computer Software and Applications Conference, 2008Co-Authors: G Elahi, Zeev Lieber, Eric YuAbstract:Internet users interact with multiple Web Service Providers (WSP), and therefore, must remember and manage multiple passwords. Users try to overcome the burden of password management by employing insecure solutions such as reusing the same password with several WSP. Identity management systems provide a solution for such problems. The common "assertion-based"' Identity Management systems require a strong trust in the Identity Provider (IdP), which has the power to impersonate any of its users. However, such trust is unlikely to materialize in the global Internet setting. This paper uses a goal-oriented approach for analyzing trust trade-offs of Identity Management systems in the global Internet scenario. We analyze a new proposal for a global Identity Management system named SlashID. SlashID takes advantage of client-side cryptography to eliminate the required trust relationship between the IdP and end users. We analyze and compare the impact of trust trade-offs of the SlashID solution.
Zhou Ying - One of the best experts on this subject based on the ideXlab platform.
-
An Improved Uniform Identity Authentication Method Based on SAML in Cloud Environment
2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), 2018Co-Authors: Du Jing, Ao Fujiang, Zhou YingAbstract:Considering the problems for the common Identity authentication methods in cloud environment at present, an improved uniform Identity authentication method based on SAML in cloud environment is designed. The security analysis for Identity authentication protocol in the designed uniform Identity authentication method shows that it can realize the bidirectional authentication between the user and the Identity Provider, it can also realize the secure distribution of the session key between the user and the Service Provider by the Identity Provider, and it can resist the replay attack.
-
DSC - An Improved Uniform Identity Authentication Method Based on SAML in Cloud Environment
2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), 2018Co-Authors: Du Jing, Ao Fujiang, Zhou YingAbstract:Considering the problems for the common Identity authentication methods in cloud environment at present, an improved uniform Identity authentication method based on SAML in cloud environment is designed. The security analysis for Identity authentication protocol in the designed uniform Identity authentication method shows that it can realize the bidirectional authentication between the user and the Identity Provider, it can also realize the secure distribution of the session key between the user and the Service Provider by the Identity Provider, and it can resist the replay attack.
Mark Wahl - One of the best experts on this subject based on the ideXlab platform.
-
SCIM Profile For Enhancing Just-In-Time Provisioning
2014Co-Authors: Mark WahlAbstract:This document specifies a profile of the System for Cross-Domain Identity Management Protocol (SCIM). Servers which implement protocols such as SAML or OpenID Connect receive user identities through those protocols and often cache them, and this profile of SCIM defines how an Identity Provider can notify a SCIM server of changes to user accounts.
-
Enrolled User Policy Profiles Attribute
2007Co-Authors: Mark WahlAbstract:This document defines an attribute of a user Identity which contains a list of the identifiers of enrollment policy profiles for that user. This attribute is generated by an Identity Provider that manages the user's Identity. An encoding of the attribute is defined for transport in the Lightweight Directory Access Protocol (LDAP), in the Security Assertion Markup Language (SAML), the OpenID Attribute Exchange Protocol, and as an Information Card claim.
-
SCIM Profile for Provisioning Users Into Relying Party Applications
1998Co-Authors: Mark WahlAbstract:This document specifies a profile of the System for Cross-Domain Identity Management Protocol (SCIM). This profile defines how an Identity Provider, acting as a SCIM client, can notify a relying party application of changes to user accounts.
