Abstract
A formalisation of authentication trust is proposed for federated identity management systems. Identity federation facilitates user interaction with Web services that control access, but it is more difficult for a service provider to evaluate the assurance of a user’s identity if the creation and propagation of user authentication assertions involve different authentication authorities and mediators. On the basis of this formal representation, an aggregated trust value is calculated for evaluating the trustworthiness of a user’s identity from the user’s authentication assertions propagated through multiple entities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
OASIS: Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2.0 (2005), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
OpenID: OpenID Authentication 2.0 - Final (2007), http://openid.net/
IBM, Microsoft, BEA, RSA, VeriSign: Web Services Federation Language (2003)
Jøsang, A., Ismail, R., Boyd, C.: A Survey of Trust and Reputation Systems for Online Service Provision. Decision Support Systems 43(2), 618–644 (2007)
Agudo, I., Fernandez-Gago, C., Lopez, J.: A model for trust metrics analysis. In: Furnell, S.M., Katsikas, S.K., Lioy, A. (eds.) TrustBus 2008. LNCS, vol. 5185, pp. 28–37. Springer, Heidelberg (2008)
Beth, T., Borcherding, M., Klein, B.: Valuation of Trust in Open Networks. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 3–18. Springer, Heidelberg (1994)
Reiter, M., Stubblebine, S.: Authentication Metric Analysis and Design. ACM Transactions on Information and System Securiry 2(2), 138–158 (1999)
Huang, J., Nicol, D.: A Calculus of Trust and Its Application to PKI and Identity Management. In: Proceedings of the 8th Symposium on Identity and Trust on the Internet (IDtrust 2009), pp. 23–37 (2009)
Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A Calculus for Access Control in Distributed Systems. ACM Transactions on Programming Languages and Systems 15(4), 706–734 (1993)
Thomas, I., Menzel, M., Meinel, C.: Using Quantified Trust Levels to Describe Authentication Requirements in Federated Identity Management. In: Proceedings of the 2008 ACM Workshop on Secure Web Services (SWS 2008), pp. 71–80 (2008)
Almenárez, F., Arias, P., Marín, A., Díaz, D.: Towards Dynamic Trust Establishment for Identity Federation. In: Proceedings of the 2009 Euro American Conference on Telematics and Information Systems (EATIS 2009), pp. 1–4 (2009)
Seigneur, J.M., Farrell, S., Jensen, C.D., Gray, E., Chen, Y.: End-to-End Trust Starts with Recognition. In: Proceedings of the 1st International Conference on Security in Pervasive Computing (SPC 2003), pp. 130–142 (2003)
Liberty Alliance Project: Liberty Identity Assurance Framework (2008), http://www.projectliberty.org/specs
Burr, W., Dodson, D., Polk, W.: Electronic Authentication Guideline (2006), http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
Bhargav-Spantzel, A., Camenish, J., Gross, T., Sommer, D.: User Centricity: A Taxonomy and Open Issues. Journal of Computer Security 15(5), 493–527 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gomi, H. (2011). An Authentication Trust Metric for Federated Identity Management Systems. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds) Security and Trust Management. STM 2010. Lecture Notes in Computer Science, vol 6710. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22444-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-22444-7_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22443-0
Online ISBN: 978-3-642-22444-7
eBook Packages: Computer ScienceComputer Science (R0)