Dynamic Trust Relationship Establishment in Federated Identity Management

Federation in identity management has emerged as a key concept for reducing complexity in the companies and offering an improved user experience when accessing services. In this sense, the process of trust establishment is fundamental to allow rapid and seamless interaction between different trust domains. However, the problem of establishing identity federations in dynamic and open environments has not been fully addressed. In this scenarios it is desirable to speed up the processes of service provisioning and deprovisioning. This paper analyzes the underlying trust mechanisms of the existing frameworks for federated identity management and its suitability to be applied in the mentioned environments. After the main limitations are identified, we propose a generic extension for the SAML standard in order to facilitate the creation of federation relationships in a dynamic way between prior unknown parties. Finally, we provide some details regarding implementation issues and present a proof-of-concept application on how to enrich trust decisions by adding reputation data.