Federated identity and access management (FIAM) systems enable a user to access services provided by various organizations seamlessly. In FIAM systems, service providers normally stipulate that their users show assertions issued by allied parties to use their services as well as determine user privileges based on attributes in the assertions. However, the integrity of the attributes is important under certain circumstances. In such a circumstance, all released assertions should reflect modifications made to user attributes. Despite the ability to adopt conventional certification revocation technologies, including CRL or OCSP, to revoke an assertion and request the corresponding user to obtain a new assertion, re-issuing an entirely new assertion if only one attribute, such as user location or other environmental information, is changed would be inefficient. Therefore, this work presents a self-adaptive framework to achieve consistency in federated identity and access management systems (SAFIAM). In SAFIAM, an identity provider (IdP), which authenticates users and provides user attributes, should monitor access probabilities according to user attributes. The IdP can then adopt the most efficient means of ensuring data integrity of attributes based on related access probabilities. While Internet-based services emerge daily that have various access probabilities with respect to their user attributes, the proposed self-adaptive framework significantly contributes to efforts to streamline the use of FIAM systems.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Shi-Cho CHA, Hsiang-Meng CHANG, "Efficient Consistency Achievement of Federated Identity and Access Management Based on a Novel Self-Adaptable Approach" in IEICE TRANSACTIONS on Information,
vol. E95-D, no. 2, pp. 577-587, February 2012, doi: 10.1587/transinf.E95.D.577.
Abstract: Federated identity and access management (FIAM) systems enable a user to access services provided by various organizations seamlessly. In FIAM systems, service providers normally stipulate that their users show assertions issued by allied parties to use their services as well as determine user privileges based on attributes in the assertions. However, the integrity of the attributes is important under certain circumstances. In such a circumstance, all released assertions should reflect modifications made to user attributes. Despite the ability to adopt conventional certification revocation technologies, including CRL or OCSP, to revoke an assertion and request the corresponding user to obtain a new assertion, re-issuing an entirely new assertion if only one attribute, such as user location or other environmental information, is changed would be inefficient. Therefore, this work presents a self-adaptive framework to achieve consistency in federated identity and access management systems (SAFIAM). In SAFIAM, an identity provider (IdP), which authenticates users and provides user attributes, should monitor access probabilities according to user attributes. The IdP can then adopt the most efficient means of ensuring data integrity of attributes based on related access probabilities. While Internet-based services emerge daily that have various access probabilities with respect to their user attributes, the proposed self-adaptive framework significantly contributes to efforts to streamline the use of FIAM systems.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.E95.D.577/_p
Copy
@ARTICLE{e95-d_2_577,
author={Shi-Cho CHA, Hsiang-Meng CHANG, },
journal={IEICE TRANSACTIONS on Information},
title={Efficient Consistency Achievement of Federated Identity and Access Management Based on a Novel Self-Adaptable Approach},
year={2012},
volume={E95-D},
number={2},
pages={577-587},
abstract={Federated identity and access management (FIAM) systems enable a user to access services provided by various organizations seamlessly. In FIAM systems, service providers normally stipulate that their users show assertions issued by allied parties to use their services as well as determine user privileges based on attributes in the assertions. However, the integrity of the attributes is important under certain circumstances. In such a circumstance, all released assertions should reflect modifications made to user attributes. Despite the ability to adopt conventional certification revocation technologies, including CRL or OCSP, to revoke an assertion and request the corresponding user to obtain a new assertion, re-issuing an entirely new assertion if only one attribute, such as user location or other environmental information, is changed would be inefficient. Therefore, this work presents a self-adaptive framework to achieve consistency in federated identity and access management systems (SAFIAM). In SAFIAM, an identity provider (IdP), which authenticates users and provides user attributes, should monitor access probabilities according to user attributes. The IdP can then adopt the most efficient means of ensuring data integrity of attributes based on related access probabilities. While Internet-based services emerge daily that have various access probabilities with respect to their user attributes, the proposed self-adaptive framework significantly contributes to efforts to streamline the use of FIAM systems.},
keywords={},
doi={10.1587/transinf.E95.D.577},
ISSN={1745-1361},
month={February},}
Copy
TY - JOUR
TI - Efficient Consistency Achievement of Federated Identity and Access Management Based on a Novel Self-Adaptable Approach
T2 - IEICE TRANSACTIONS on Information
SP - 577
EP - 587
AU - Shi-Cho CHA
AU - Hsiang-Meng CHANG
PY - 2012
DO - 10.1587/transinf.E95.D.577
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E95-D
IS - 2
JA - IEICE TRANSACTIONS on Information
Y1 - February 2012
AB - Federated identity and access management (FIAM) systems enable a user to access services provided by various organizations seamlessly. In FIAM systems, service providers normally stipulate that their users show assertions issued by allied parties to use their services as well as determine user privileges based on attributes in the assertions. However, the integrity of the attributes is important under certain circumstances. In such a circumstance, all released assertions should reflect modifications made to user attributes. Despite the ability to adopt conventional certification revocation technologies, including CRL or OCSP, to revoke an assertion and request the corresponding user to obtain a new assertion, re-issuing an entirely new assertion if only one attribute, such as user location or other environmental information, is changed would be inefficient. Therefore, this work presents a self-adaptive framework to achieve consistency in federated identity and access management systems (SAFIAM). In SAFIAM, an identity provider (IdP), which authenticates users and provides user attributes, should monitor access probabilities according to user attributes. The IdP can then adopt the most efficient means of ensuring data integrity of attributes based on related access probabilities. While Internet-based services emerge daily that have various access probabilities with respect to their user attributes, the proposed self-adaptive framework significantly contributes to efforts to streamline the use of FIAM systems.
ER -