Title :
User-Centric Identity Management in Heterogeneous Federations
Author :
Rieger, Sebastian
Author_Institution :
Gesellschaft fur wissenschaftliche Datenverarbeitung mbH, Gottingen
Abstract :
Over the past years Web applications increased in number and complexity (driven by ldquoWeb 2.0rdquo paradigm). Users need to manage different passwords to authenticate at these applications. Modern Web-based single sign-on solutions that reduce the complexity for usage and management of the userspsila credentials can be categorized in federated (typically SAML) or user-centric identity management (e.g., OpenID). On the one hand federated identity management is secure and most prevalent (especially in scientific communities). On the other hand user-centric approaches offer better usability and maintainability. While establishing federated identities for the Max Planck Society using the SAML-based Shibboleth system several extensions have been made to support the integration in different federations and allowing various authentication mechanisms being used by the 80 autonomous institutes. This paper describes the extensions by introducing an ldquoIdP Proxyrdquo that combines advantages of both federated and user-centric identity management functions.
Keywords :
Internet; authorisation; message authentication; IdP Proxy; OpenID; SAML-based Shibboleth system; Web application; Web-based single sign-on solution; authentication mechanism; federated identity management; heterogeneous federations; user-centric identity management; Authentication; Authorization; Conference management; Databases; Europe; Identity management systems; Markup languages; Security; Usability; Web and internet services; Identity Management; OpenID; SAML; Shibboleth; Web-based Single Sign-On;
Conference_Titel :
Internet and Web Applications and Services, 2009. ICIW '09. Fourth International Conference on
Conference_Location :
Venice/Mestre
Print_ISBN :
978-1-4244-3851-8
Electronic_ISBN :
978-0-7695-3613-2
DOI :
10.1109/ICIW.2009.85
