Layered identity infrastructure model for identity meta systems

There are several Identity Meta Systems emerging in the identity management field, such as CardSpace and Higgins Trust Framework. The goal of an Identity Meta System (IMetS) is to integrate existing or new Identity Management System (IMS) to provide users with seamless interoperability and a consistent user experience. IMetS is a complex system that tries to integrate the already complicated IMS services. With such a complex system, we need a way to assess IMetS in order to determine how well an IMetS integrates the various IMS services. However, as IMetS is a rela- tively new concept, there is no framework to identify the properties that an ideal IMetS should have. The contribution of this paper is to introduce the Layered Identity Infrastructure Model (LIIM) that can be used as a framework to assess IMetS. In addition, the LIIM framework can also be used to identify the missing components of an IMetS, to guide and improve the design of an existing IMetS, to serve as a design benchmark for a new IMetS, as well as to aid the understanding of a complicated IMetS

Analysis of Windows Cardspace Identity Management System

The Internet, which was originally developed for academic purposes, has expanded and been applied to commercial and business enterprises. It is possible to purchase airline tickets, check bank balances and communicate through e-mail with each other through the Internet. These services can all be performed relatively easily with the proliferation of Internet Service Providers and the lower cost of Personal Computers. The development of the Internet has also had a huge impact on businesses with the growth of e-commerce, e-banking and the tremendous growth in email traffic. There is however a negative impact to this development of the Internet with the rise in on-line criminal activity. The increasing use of the Internet has resulted in the development of on-line identities for users. There can be a great deal of sensitive and personal information associated with an on-line identity and gaining access to these privileges can provide cyber criminals with access to personal resources such as bank account details, credit card information etc. This type of activity has given rise to the term identity theft . This project will present an introduction to Microsoft Cardspace and how it relates to dealing with identity theft, the theory behind the application and present practical demonstrations of how the technology can be implemented using Microsoft© .NET framework technology

Summary

20090506_fidis_D3.12 final 1.0.od

Managing Identity Management Systems

Although many identity management systems have been proposed, in- tended to improve the security and usability of user authentication, major adoption problems remain. In this thesis we propose a range of novel schemes to address issues acting as barriers to adoption, namely the lack of interoper- ation between systems, simple adoption strategies, and user security within such systems. To enable interoperation, a client-based model is proposed supporting in- terworking between identity management systems. Information Card systems (e.g. CardSpace) are enhanced to enable a user to obtain a security token from an identity provider not supporting Information Cards; such a token, after en- capsulation at the client, can be processed by an Information Card-enabled relying party. The approach involves supporting interoperation at the client, while maximising transparency to identity providers, relying parties and iden- tity selectors. Four specific schemes conforming to the model are described, each of which has been prototyped. These schemes enable interoperation be- tween an Information Card-enabled relying party and an identity provider supporting one of Liberty, Shibboleth, OpenID, or OAuth. To facilitate adoption, novel schemes are proposed that enable Informa- tion Card systems to support password management and single sign on. The schemes do not require any changes to websites, and provide a simple, intu- itive user experience through use of the identity selector interface. They fa- miliarise users with Information Card systems, thereby potentially facilitating their future adoption. To improve user security, an enhancement to Information Card system user authentication is proposed. During user authentication, a one-time pass- word is sent to the user's mobile device which is then entered into the com- puter by the user. Finally, a universal identity management tool is proposed, designed to support a wide range of systems using a single user interface. It provides a consistent user experience, addresses a range of security issues (e.g. phishing), and provides greater user control during authentication.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Client-based CardSpace-Shibboleth Interoperation

Whilst the growing number of identity management systems have the potential to reduce the threat of identity attacks, major deployment problems remain because of the lack of interoperability between such systems. In this paper we propose a simple, novel scheme to provide interoperability between two of the most widely discussed identity systems, namely CardSpace and Shibboleth. In this scheme, CardSpace users are able to obtain an assertion token from a Shibboleth-enabled identity provider that can be processed by a CardSpace-enabled relying party. We specify the operation of the scheme and also describe an implementation of a proof-of-concept prototype. Additionally, security and operational analyses are provided

Information cards and a design to extend the claims model to incorporate geolocation

The rapid adoption of the internet has occurred despite the lack of a ubiquitous identity meta-system. The status quo is a patchwork of proprietary security systems. A number of security issues have arisen as a result which threaten to lead to a loss of trust in the internet, and may limit the scope of applications built on it; effectively constraining the potential of the internet as a platform for business and services. Current initiatives by a broad consortium of industry leaders promise a vastly improved landscape with a set of interoperable protocols and systems, built on open specifications, and guided by a set of core identity principles, enabling a more secure online experience. Simultaneously there have arisen a large number of location aware web application and services which detect and use a user’s location to enhance their application experience. These advances, although useful, present new security and privacy issues. This paper investigates the operation of one of the new identity technologies, information cards, and proposes extensions to the existing supported schemas to incorporate recent advances in geo-location technology. The proposal is supported by reference to existing o pen source implementations

Tutorial: Identity Management Systems and Secured Access Control

Identity Management has been a serious problem since the establishment of the Internet. Yet little progress has been made toward an acceptable solution. Early Identity Management Systems (IdMS) were designed to control access to resources and match capabilities with people in well-defined situations, Today’s computing environment involves a variety of user and machine centric forms of digital identities and fuzzy organizational boundaries. With the advent of inter-organizational systems, social networks, e-commerce, m-commerce, service oriented computing, and automated agents, the characteristics of IdMS face a large number of technical and social challenges. The first part of the tutorial describes the history and conceptualization of IdMS, current trends and proposed paradigms, identity lifecycle, implementation challenges and social issues. The second part addresses standards, industry initia-tives, and vendor solutions. We conclude that there is disconnect between the need for a universal, seamless, trans-parent IdMS and current proposed standards and vendor solutions

An identity aware wimax personalization for pervasive computing services

Mobile Internet access is becoming more and more pervasive in the new 4G scenarios, where WiMAX is to play a crucial role. WiMax has advantages when considering both energy consumption and bandwidth, when compared with HSDPA and LTE. However, we have found some limitations in IEEE 802.16 security support, which may limit authentication and authorization mechanisms for ubiquitous service development. In this article we analyze weaknesses and vulnerabilities we have found in WiMAX security. WiMax, with the adequate identity management support, could be invaluable for developing new pervasive computing services. We propose the introduction of identity management in WiMAX, as a pervious step to the definition of identity aware WiMax personalization of pervasive computing servicesProyecto CCG10-UC3M/TIC-4992 de la Comunidad Autónoma de Madrid y la Universidad Carlos III de Madri