Enabling SAML for Dynamic Identity Federation Management
نویسندگان
چکیده
Federation in identity management has emerged as a key concept for reducing complexity in the companies and offering an improved user experience when accessing services. In this sense, the process of trust establishment is fundamental to allow rapid and seamless interaction between different trust domains. However, the problem of establishing identity federations in dynamic and open environments that form part of Next Generation Networks (NGNs), where it is desirable to speed up the processes of service provisioning and deprovisioning, has not been fully addressed. This paper analyzes the underlying trust mechanisms of the existing frameworks for federated identity management and its suitability to be applied in the mentioned environments. This analysis is mainly focused on the Single Sign On (SSO) profile. We propose a generic extension for the SAML standard in order to facilitate the creation of federation relationships in a dynamic way between prior unknown parties. Finally, we give some details of implementation and compatibility issues.
منابع مشابه
Dynamic Identity Federation Using Security Assertion Markup Language (SAML)
Security Assertion Markup Language (SAML, in short) is one of the most widely used technologies to enable Identity Federation among organisations from different trust domains. Despite its several advantages, one of the key disadvantages of SAML is the mechanism by which an identity federation is established. This mechanism lacks flexibility to create a federation in a dynamic fashion to enable ...
متن کاملIntroducing a Dynamic Federation Model for RESTful Cloud Storage
This paper presents a solution for RESTful cloud storage in a dynamic identity federation. With dynamic federations, Cloud Service Providers are able to find Identity Providers autonomously in the cloud in order to make services flexible, scalable and interoperable. By combining a Representational State Transfer architecture with SAML-based identity federation, a distributed and decentralized c...
متن کاملToken-Based Payment in Dynamic SAML-Based Federations
The newly developed approach on token-based payments introduces an integration of payments with current schemes for Identity Federations based on SAML. This new design utilizes an established federation infrastructure as well as its protocols. Only relevant mechanisms to support the payment on the federation infrastructure level are
متن کاملCross-enterprise Identity Federation (OASIS - SAML) Implementation: An exploratory financial services case study
In the networked economy, strategic partnerships and collaboration are an important way to develop and maintain competitive advantages. At the same time, enterprises also need to reduce costs, increase revenues and seize new business opportunities. This demands enterprises to enable convenient and secure business interactions with internal and external stakeholders, and create relationships to ...
متن کاملManagement Architecture for Dynamic Federated Identity Management
We present the concept and design of Dynamic Automated Metadata Exchange (DAME) in Security Assertion Markup Language (SAML) based user authentication and authorization infrastructures. This approach solves the real-world limitations in scalability of pre-exchanged metadata in SAML-based federations and inter-federations. The user initiates the metadata exchange on demand, therefore reducing th...
متن کامل