Service token for identity access management

This paper proposes a new token structure for efficient handling of identity access management for online composite software services. With the requirement of ¿Single Sign-On (SSO)¿ for atomic services in a given composite service, this token structure binds service attributes, including workflow, providers, users, operator permission, and operation environment, together in its creation process. The token can be viewed as a deciphered string produced by IDP (identity provider) and consumed by SP (service provider). The concept of conference key distribution is also used to distribute the token and to secure the transportation procedure. Furthermore, the Security Assertion Markup Language (SAML) is adopted to support the exchange of authentication and authorization information between SPs and IDPs. Finally, we apply our service token concept to SourceID Liberty 2.0 (an open source implementation for Liberty Alliance Project) as an illustration of its feasibility and practicability.