Dynamic Trust Model for Federated Identity Management

The goal of federated identity management is to allow principals, such as identities and attributes, to be shared across trust boundaries based on established policies. Since current Single Sign-On (SSO) mechanism excessively relies on the specifications of Circle of Trust (CoT), the need for service collaboration from different domains is being addressed on CoT. For the motivating issue of the cross-domain SSO mechanism, we need an emergent dynamic trust list for calculating the trust parties, thus, the CoT specifications require an initial effort on enrolling members automatically to adapt to the dynamic open environment. In this paper, we propose a Dynamic Trust Policy Language to support trust negotiation. The formal syntax of this language is presented in Backus Naur Form (BNF) based on the concept of role membership. We also systematically develop the Dynamic Trust Model (DTM) to allow Untrusted SP to join the existing CoT by trust negotiation. Finally, we identify the process and algorithm for communication between negotiation entities.