Ensuring information assurance in federated identity management

Surveys and polling data confirm that the Internet is now a prime vehicle for business, community, and personal interactions. The notion of identity is the important component of this vehicle. When users interact with services on the Internet, they often tailor the services in some way for their personal use. For example, a user may establish an account with a username and password and/or set some preferences for what information the user wants displayed and how the user wants it displayed. The network identity of each user is the overall global set of these attributes constituting the various accounts. In this paper, we investigate two well-known federated identity management (FIM) solutions, Microsoft Passport and Liberty Alliance, attempting to identify information assurance (IA) requirements in FIM. In particular, we focus on principal IA requirements for Web services (WS) which plays an integral role in enriching identity management through federation.