How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
A cooperative approach to support software deployment using the software dock
Proceedings of the 21st international conference on Software engineering
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Distributed credential chain discovery in trust management: extended abstract
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
An algebra for composing access control policies
ACM Transactions on Information and System Security (TISSEC)
Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Decentralized Trust Management
Decentralized Trust Management
Provisions and Obligations in Policy Rule Management
Journal of Network and Systems Management
Proceedings of the 11th ACM conference on Computer and communications security
Privacy preserving multi-factor authentication with biometrics
Proceedings of the second ACM workshop on Digital identity management
Hot or not: revealing hidden services by their clock skew
Proceedings of the 13th ACM conference on Computer and communications security
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Privacy policies compliance across digital identity management systems
SPRINGL '08 Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS
User-centric handling of identity agent compromise
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Preliminary security specification for New Zealand's igovt system
AISC '09 Proceedings of the Seventh Australasian Conference on Information Security - Volume 98
A persistent data tracking mechanism for user-centric identity governance
Identity in the Information Society
An authentication trust metric for federated identity management systems
STM'10 Proceedings of the 6th international conference on Security and trust management
An agent infrastructure for privacy-enhancing agent-based e-commerce applications
AAMAS'11 Proceedings of the 10th international conference on Advanced Agent Technology
Advanced secure multimedia services for digital homes
Information Systems Frontiers
Magentix2: A privacy-enhancing Agent Platform
Engineering Applications of Artificial Intelligence
Context-Aware Identity Management in Pervasive Ad-hoc Environments
International Journal of Advanced Pervasive and Ubiquitous Computing
| Hi-index | 0.00 |
User centricity is a significant concept in federated identity management (FIM), as it provides for stronger user control and privacy. However, several notions of user-centricity in the FIM community render its semantics unclear and hamper future research in this area. Therefore, we consider user-centricity abstractly and establish a comprehensive taxonomy encompassing user-control, architecture, and usability aspects of user-centric FIM. We highlight the various mechanisms to achieve the properties identified in the taxonomy. We show how these mechanisms may differ based on the underlying technologies which in turn result in different trust assumptions. We classify the technologies into two predominant variants of user-centric FIM systems with significant feature sets. We distinguish credential-focused systems, which advocate offline identity providers and long-term credentials at a user's client, and relationship-focused systems, which rely on the relationships between users and online identity providers that create short-term credentials during transactions. Note that these two notions of credentials are quite different. The former encompasses cryptographic credentials as defined by Lysyanskaya et al., in Selected Areas in Cryptography, LNCS, vol. 1758, and the latter encompasses federation tokens as used in today's FIM protocols like Liberty. We raise the question where user-centric FIM systems may go - within the limitations of the user-centricity paradigm as well as beyond them. Firstly, we investigate the existence of a universal user-centric FIM system that can achieve a superset of security and privacy properties as well as the characteristic features of both predominant classes. Secondly, we explore the feasibility of reaching beyond user centricity, that is, allowing a user of a user-centric FIM system to again give away user control by means of an explicit act of delegation. We do neither claim a solution for universal user-centric systems nor for the extension beyond the boundaries of user centricity, however, we establish a starting point for both ventures by leveraging the properties of a credential-focused FIM system.