Formal description of the SWIFT identity management framework

Authors:
Alejandro Pérez;Gabriel López;íscar Cánovas;Antonio F. Gómez-Skarmeta
Affiliations:
Department of Information and Communications Engineering, University of Murcia, Campus Universitario de Espinardo, 30100 Murcia, Spain;Department of Information and Communications Engineering, University of Murcia, Campus Universitario de Espinardo, 30100 Murcia, Spain;Department of Computer Engineering, University of Murcia, Campus Universitario de Espinardo, 30100 Murcia, Spain;Department of Information and Communications Engineering, University of Murcia, Campus Universitario de Espinardo, 30100 Murcia, Spain
Venue:
Future Generation Computer Systems
Year:
2011

Citing 7
Cited 0

Design and implementation of the idemix anonymous credential system

Proceedings of the 9th ACM conference on Computer and communications security
Virtual Identity Framework for Telecom Infrastructures

Wireless Personal Communications: An International Journal
Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps

Proceedings of the 6th ACM workshop on Formal methods in security engineering
A SWIFT Take on Identity Management

Computer
A conceptual model for attribute aggregation

Future Generation Computer Systems
Using XACML for privacy control in SAML-based identity federations

CMS'05 Proceedings of the 9th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
The AVISPA tool for the automated validation of internet security protocols and applications

CAV'05 Proceedings of the 17th international conference on Computer Aided Verification

Quantified Score

Hi-index	0.00

Visualization

Abstract

This work presents both a formal description and a security analysis of the advanced SWIFT identity framework, covering topics such as identity aggregation, cross-layer and pseudonymity features. The paper formally describes how those topics can be addressed in order to provide advanced identity functionality to end users. The security analysis demonstrates how privacy and security constraints are solved by the framework. Finally, a first approach of bindings shows how this proposal can be instantiated with existing and widely spread technologies. This work covers the missing parts of the most recent proposals on advanced identity management, as described in the related work, but it also provides a security analysis and a formal description of the proposed architecture.