Prudent Engineering Practice for Cryptographic Protocols
IEEE Transactions on Software Engineering
A cooperative approach to support software deployment using the software dock
Proceedings of the 21st international conference on Software engineering
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Distributed credential chain discovery in trust management: extended abstract
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Decentralized Trust Management
Decentralized Trust Management
Provisions and Obligations in Policy Rule Management
Journal of Network and Systems Management
Proceedings of the 11th ACM conference on Computer and communications security
Privacy preserving multi-factor authentication with biometrics
Journal of Computer Security - The Second ACM Workshop on Digital Identity Management - DIM 2006
A User-Centric Protocol for Conditional Anonymity Revocation
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Identity-based long running negotiations
Proceedings of the 4th ACM workshop on Digital identity management
Enlightenment 2.0: Facilitating User Control in Distributed Collaborative Applications
WI-IAT '08 Proceedings of the 2008 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology - Volume 03
A user-centric federated single sign-on system
Journal of Network and Computer Applications
A self-certified and Sybil-free framework for secure digital identity domain buildup
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
User control enhanced digital identity interchange framework
ICACT'10 Proceedings of the 12th international conference on Advanced communication technology
A Privacy-Considerate Framework for Identity Management in Mobile Services
Mobile Networks and Applications
Efficient oblivious transfers with access control
Computers & Mathematics with Applications
Hi-index | 0.00 |
User centricity is a significant concept in federated identity management (FIM), as it provides for stronger user control and privacy. However, several notions of user-centricity in the FIM community render its semantics unclear and hamper future research in this area. Therefore, we consider user-centricity abstractly and establish a comprehensive taxonomy encompassing user-control, architecture, and usability aspects of user-centric FIM. On the systems layer, we discuss user-centric FIM systems and classify them into two predominant variants with significant feature sets. We distinguish credential-focused systems, which advocate offline identity providers and long-term credentials at a user's client, and relationship-focused systems, which rely on the relationships between users and online identity providers that create short-term credentials during transactions. Note that these two notions of credentials are quite different. The further one encompasses cryptographic credentials as defined by Lysyanskaya et al. [30], the latter one federation tokens as used in today's FIM protocols like Liberty.We raise the question where user-centric FIM systems may go--within the limitations of the user-centricity paradigm as well as beyond them. Firstly, we investigate the existence of a universal user-centric FIM system that can achieve a superset of security and privacy properties as well as the characteristic features of both pre-dominant classes. Secondly, we explore the feasibility of reaching beyond user-centricity, that is, allowing a user of a user-centric FIM system to again give away user-control by means of an explicit act of delegation. We do neither claim a solution for universal user-centric systems nor for the extension beyond the boundaries ventures by leveraging the properties of a credential-focused FIM system.