Management Architecture for Dynamic Federated Identity Management
نویسندگان
چکیده
We present the concept and design of Dynamic Automated Metadata Exchange (DAME) in Security Assertion Markup Language (SAML) based user authentication and authorization infrastructures. This approach solves the real-world limitations in scalability of pre-exchanged metadata in SAML-based federations and inter-federations. The user initiates the metadata exchange on demand, therefore reducing the size of the exchanged metadata compared to traditional metadata aggregation. In order to specify and discuss the necessary changes to identity federation architectures, we apply the Munich Network Management (MNM) service model to Federated Identity Management via a trusted third party (TTP); an overview of all components and interactions is created. Based on this model, the management architecture of the TTP with its basic management functionalities is designed. This management architecture includes further functionality for automated management of entities and dynamic federations.
منابع مشابه
Service Oriented Federated Identity System Framework
The rapid evolution of network and distributed computing, such as Service Oriented Architecture (SOA), is increasing the challenge of securely controlling access to enterprise IT resources. As gaining access to distributed resources becomes increasingly vital, the ability to make sure that the right people have secure access to the right information at the right time becomes a critical requirem...
متن کاملPROVIDING NATIVE SUPPORT FOR FEDERATED IDENTITY MANAGEMENT IN A BUSINESS-PROCESS-MANAGEMENT SYSTEM Identity Business Processes
To facilitate information-system security, e. g., access control or audit, the entities involved play a key role. This makes identity management an important task. The success of service-oriented architectures (SOA) has lead to the development of federated identity management (FIM), to deal with the dynamic nature of SOA and to achieve economies of scale. Business processes in SOA are a composi...
متن کاملFederated Identity Management systems in e-government: the case of Italy
Federated Identity Management (FIdM) systems are at the heart of any on-line service in a public, private or hybrid autonomous cooperating system. This paper reviews and compares several existing approaches for building FIdM systems in the specific sector of e-Government by showing identity management schemes employed by several countries representatives of different realities by size, geograph...
متن کاملService Oriented Computing
Service-oriented Architectures (SOA) facilitate the dynamic and seamless integration of services offered by different service providers which in addition can be located in different trust domains. Especially for business integration scenarios, Federated Identity Management emerged as a possibility to propagate identity information as security assertions across company borders in order to secure...
متن کاملFederated Identity Management in Business-to-Business Outsourcing
While the outsourcing of IT services is a promising and cost-effective solution for many aspects of today’s information and communication infrastructures, it poses new management challenges in the area of authentication, autorization and accounting (AAA). Due to the demand of cross-organizational AAA, traditional Identity & Access Management is presently developing into Federated Identity Manag...
متن کامل