Dynamic identity management for SOA
Register in this topic
- Contact
-
Overview
- This call addresses the area of dynamic identity management for SOA. A potential problem is that users still have to manage multiple identities and credentials. This call concerns architectural schemes and patterns identity management, user interaction design, the federation of identity, and the access right framework based on semantic, in particular with regard user centric identity and high-level identity assurance.
-
Problem Statement
-
The concept of profiles can be developed into the more general idea of “identity management.” Users have several identities which can be used to perform different online transactions. For example, users could have an “anonymous identity” to surf general web sites, a “domestic identity” for accessing retail web sites, and an “office identity” for accessing corporate intranets. Decoupling identities from individuals can reduce the information collected about a single individual. However, identity management technologies are rather complex. So far, allowing easy definition of policies and simple awareness active personas has proven to be a difficult task.
In addition, the call looks for contributions concerning access right framework based on semantic, in particular with regard user centric identity andhigh-level identity assurance.
In addition, identity federation can be defined as the set of agreements, standards and technologies that enable a group of service providers to recognise user identifiers and entitlements from other service providers within a federated domain. In a federated identity domain, agreements are established between Service Providers so that identities from different Service Providers specific identity domains are recognised across all domains. These agreements include policy and technology standards. A mapping is established between the different identifiers owned by the same client in different domains that links the associated identities. The federation of isolated identifier domains gives the client the illusion that there is a single identifier domain.
The user can still hold separate identifiers for each service provider. However, they do not necessarily need to know or possess them all. A single identifier and credential is sufficient for him to access all services in the federated domain. However, a potential problem is that users still have to manage multiple identities and credentials, even if they are not actively using all of them. In centralised user identity models, there exists a single identifier and credentials provider that are used by all service providers, either exclusively, or in addition to other identifier and credentials providers. From a user perspective, an increasing number of identifiers and credentials rapidly becomes unmanageable. A user-centric approach to identity management is a very promising way improving the user experience, and thereby the security of online service provision as a whole.
This call concerns architectural schemes and patterns identity management, user interaction design for identity management, expressing trustworthiness of identity management to users and privacy-enhancing identity management, logs tools required for forensic purposes (but not limited to).
Also, the call addresses solutions at the same time with regard to federation of identity including (but not limited to) methodologies and interfaces for managing multiple identities and credentials including delegation, separate identity management at each providers of services, synchronization with repositories of record.
-
-
Scope
-
The scope is dynamic identity management for SOA.
Recommendations: To propose identity management and federation identity to support e-service projects having realistic implementation plans and budgets.
The aims of this call are to provide solutions for making implementable and deployable improvements to the usability of identity management.
Topics of particular interest include (but are not limited to) user interaction design for identity management, user centric identity, expressing trustworthiness of identity management to users, methodologies and interfaces for managing multiple identities including delegation, privacy-enhancing identity management, separate identity management at each providers of services, enterprises in cluster.., risk management practices for issuing end-user credentials, synchronization with repositories of record, high-level identity assurance, and logs required for forensic purposes.
We envision also access rights framework based on semantics as an important step in the future of identity management search.
-
-
Contributions
- The contributions can take different shapes:
- They can be around on how to attain identity management with federation of identity for SOA;
- Architecture Patterns, schemes, components for identity management and federation of identity;
- Concrete architectures for federation of identity including interface specifications;
- How to extend a semantic approach to deal with management of access rights framework.
- The contributions can take different shapes:
-
Baseline
- The baseline is composed of web services standards (W3C, OASIS), J2EE, and the standards from the identity management and federation of identity forum.
Links
- Institutional Links
- NESSI Strategic Projects
- National Technology Platforms
- Others
- CoreGrid (The European Research Network on Foundations, Software Infrastructures and Applications)
- S-Cube (The Software Services and Systems Network)
- The eMobility Platform
- European Trade Association representing Research and Technology Organizations (RTOs)
- European Telecommunication Standards Institute
- IT-TUDE
