Policy-based Service Provisioning and Dynamic Trust Management in Identity Federations

In Federated Identity Management (FIM), user administration is decentralized: Service Providers (SPs) can request information about the users from their respective Identity Providers (IDPs). The subsequent processing of this data with respect to service provisioning and various privacy aspects are open research issues. We first specify how SPs can use provider-wide and service-specific XACML policies to enforce the required quality for the data delivered by the IDPs. Then, we demonstrate how aspects of trust and reputation management can improve the dynamics of Identity Federations and enhance the end users´ privacy. We also extend the identity-centric request-response model of today´s FIM protocols by group queries and demonstrate their application. Finally, we introduce our prototype and its integration into the Shibboleth FIM software.