Dynamic Identity Federation Using Security Assertion Markup Language (SAML) - Policies and Research in Identity Management
Conference Papers Year : 2013

Dynamic Identity Federation Using Security Assertion Markup Language (SAML)

Md. Sadek Ferdous
  • Function : Author
  • PersonId : 1001829
Ron Poet
  • Function : Author
  • PersonId : 996027

Abstract

Security Assertion Markup Language (SAML, in short) is one of the most widely used technologies to enable Identity Federation among organisations from different trust domains. Despite its several advantages, one of the key disadvantages of SAML is the mechanism by which an identity federation is established. This mechanism lacks flexibility to create a federation in a dynamic fashion to enable service provisioning (or de-provisioning) in real time. Several different mechanisms to rectify this problem have been proposed. However, most of them require a more elaborate change at the core of the SAML. In this paper we present a simple approach based on an already drafted SAML Profile which requires no change of the SAML, rather it depends on the implementation of SAML. It will allow users to create federations using SAML between two prior unknown organisations in a dynamic fashion. Implicit in each identity federation is the issue of trust. Therefore, we also analyse in detail the trust issues of dynamic federations. Finally, we discuss our implemented proof of concept to elaborate the practicality of our approach.
Fichier principal
Vignette du fichier
978-3-642-37282-7_13_Chapter.pdf (575.17 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01470512 , version 1 (17-02-2017)

Licence

Identifiers

Cite

Md. Sadek Ferdous, Ron Poet. Dynamic Identity Federation Using Security Assertion Markup Language (SAML). 3rd Policies and Research in Identity Management (IDMAN), Apr 2013, London, United Kingdom. pp.131-146, ⟨10.1007/978-3-642-37282-7_13⟩. ⟨hal-01470512⟩
141 View
362 Download

Altmetric

Share

More