Next Article in Journal
MRI Breast Tumor Segmentation Using Different Encoder and Decoder CNN Architectures
Previous Article in Journal
Serverless Computing: An Investigation of Deployment Environments for Web APIs
Previous Article in Special Issue
A Novel Dictionary-Driven Mental Spelling Application Based on Code-Modulated Visual Evoked Potentials
Open AccessArticle

A Hybrid Scheme for an Interoperable Identity Federation System Based on Attribute Aggregation Method

CEDOC ST2I ENSIAS, Mohammed V University of Rabat, 10090 Rabat, Morocco
*
Author to whom correspondence should be addressed.
Computers 2019, 8(3), 51; https://doi.org/10.3390/computers8030051
Received: 3 June 2019 / Revised: 21 June 2019 / Accepted: 24 June 2019 / Published: 26 June 2019
(This article belongs to the Special Issue Computer Technologies for Human-Centered Cyber World)
Several countries have invested in building their identity management systems to equip citizens with infrastructures and tools to benefit from e-services. However, current systems still lack the interoperability requirement, which is the core issue that could lower the wide benefits of having an identity management system. In fact, in the existing systems, the user is allowed to choose only one partial identity from an identity provider (IdP) during a single session with a service provider (SP). However, in some scenarios, an SP needs to retrieve information about user’s identities managed by multiple IdPs. The potential method to tackle these shortcomings is attribute aggregation from multiple identity providers. A number of initiatives and projects on attribute aggregation have been explored. Nevertheless, these constructions do not fulfill some identity management requirements. This paper describes a new flexible model that aims to provide the necessary mechanisms to ensure attribute aggregation in order to meet the interoperability challenges of current identity management systems. The proposed scheme is a scalable solution, based on identity federation technologies, that introduces a new IdP called an account linking provider (ALP). The purpose of this ALP is to link together different accounts, holding end users’ attributes, whenever more than one source of data is needed to grant access to the requested web resource in a single session. Furthermore, the proposed identity federation system is based on a streamlined, cost-effective, and interoperable architecture, which makes this model suitable for large-scale identity federation environments. View Full-Text
Keywords: attribute aggregation; access control; identity federation; interoperability; privacy; trust relationship attribute aggregation; access control; identity federation; interoperability; privacy; trust relationship
Show Figures

Figure 1

MDPI and ACS Style

EL Haddouti, S.; Dafir Ech-Cherif EL Kettani, M. A Hybrid Scheme for an Interoperable Identity Federation System Based on Attribute Aggregation Method. Computers 2019, 8, 51.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop