Next Article in Journal
MRI Breast Tumor Segmentation Using Different Encoder and Decoder CNN Architectures
Previous Article in Journal
Serverless Computing: An Investigation of Deployment Environments for Web APIs
Previous Article in Special Issue
A Novel Dictionary-Driven Mental Spelling Application Based on Code-Modulated Visual Evoked Potentials
Article Menu

Export Article

Open AccessArticle

A Hybrid Scheme for an Interoperable Identity Federation System Based on Attribute Aggregation Method

CEDOC ST2I ENSIAS, Mohammed V University of Rabat, 10090 Rabat, Morocco
*
Author to whom correspondence should be addressed.
Computers 2019, 8(3), 51; https://doi.org/10.3390/computers8030051
Received: 3 June 2019 / Revised: 21 June 2019 / Accepted: 24 June 2019 / Published: 26 June 2019
(This article belongs to the Special Issue Computer Technologies for Human-Centered Cyber World)
  |  
PDF [3270 KB, uploaded 26 June 2019]
  |  

Abstract

Several countries have invested in building their identity management systems to equip citizens with infrastructures and tools to benefit from e-services. However, current systems still lack the interoperability requirement, which is the core issue that could lower the wide benefits of having an identity management system. In fact, in the existing systems, the user is allowed to choose only one partial identity from an identity provider (IdP) during a single session with a service provider (SP). However, in some scenarios, an SP needs to retrieve information about user’s identities managed by multiple IdPs. The potential method to tackle these shortcomings is attribute aggregation from multiple identity providers. A number of initiatives and projects on attribute aggregation have been explored. Nevertheless, these constructions do not fulfill some identity management requirements. This paper describes a new flexible model that aims to provide the necessary mechanisms to ensure attribute aggregation in order to meet the interoperability challenges of current identity management systems. The proposed scheme is a scalable solution, based on identity federation technologies, that introduces a new IdP called an account linking provider (ALP). The purpose of this ALP is to link together different accounts, holding end users’ attributes, whenever more than one source of data is needed to grant access to the requested web resource in a single session. Furthermore, the proposed identity federation system is based on a streamlined, cost-effective, and interoperable architecture, which makes this model suitable for large-scale identity federation environments. View Full-Text
Keywords: attribute aggregation; access control; identity federation; interoperability; privacy; trust relationship attribute aggregation; access control; identity federation; interoperability; privacy; trust relationship
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

EL Haddouti, S.; Dafir Ech-Cherif EL Kettani, M. A Hybrid Scheme for an Interoperable Identity Federation System Based on Attribute Aggregation Method. Computers 2019, 8, 51.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Computers EISSN 2073-431X Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top