Negotiating Trust in Identity Metasystem

Many federated identity management systems have been proposed to solve the problem of authorizing users across security domains. Although these solutions attempt to follow the user-centric design approach to empower users by letting them make important decisions on whether to release sensitive information, they do not provide much help to users in making good decisions. More importantly, privacy of user’s identity related data is not very well protected in many of these systems. Some even fail to meet the security requirements of identity management system, and are susceptible to replay and man-in-the-middle attacks. In this paper, we compare identity management systems against trust management systems, and attempt to integrate certain trust management and trust negotiation concepts into the federated identity management systems. We choose an existing federated identity management system, called identity metasystem, and integrate trust negotiation into the system to provide a better user-centric and privacy preserving federated identity management system. We hope the new system can be well applied to collaborative environment as well as open systems.