|
Click here for full text:
Assurance for Federated Identity Management
Baldwin, Adrian; Casassa Mont, Marco; Beres, Yolanda; Shiu, Simon
HPL-2008-25
Keyword(s): identity assurance, identity management, federation, privacy
Abstract: Federated Identity Management is an emerging paradigm that is rightly getting a lot of standardization and research attention. One aspect that is not receiving enough attention is assurance. Given the challenges enterprises faced trying to demonstrate appropriate control of their internal and monolithic identity management systems, the problem of how to provide assurance to multiple stakeholders that controls, operations and technologies that cut across organisational boundaries, are appropriately mitigating risk, looks daunting. The paper provides an exposition of the assurance process, how it applies to identity management and particularly to federated identity management. Our contribution is to show technology can be used to overcome many of trust, transparency and information reconciliation problems. Specifically we show how declarative assurance models can orchestrate and automate much of the assurance work, how certain enforcement technologies can radically improve identity assurance, and how an assurance framework can provide a basis for judging the assurance value of security technologies. Publication Info: Submitted to Journal of Computer Security (JCS)
28 Pages
Back to Index
|