A hybrid model of attribute aggregation in federated identity management

Citation

Ferdous MS, Chowdhury F & Poet R (2017) A hybrid model of attribute aggregation in federated identity management. In: Chang V, Ramachandran M, Walters R & Wills G (eds.) Enterprise Security. Lecture Notes in Computer Science, 10131. Enterprise Security Second International Workshop, ES 2015, Vancouver, BC, Canada, 30.11.2015-03.12.2015. Cham, Switzerland: Springer, pp. 120-154. https://doi.org/10.1007/978-3-319-54380-2_6

Abstract
The existing model of Federated Identity Management (FIM) allows a user to provide attributes only from a single Identity Provider (IdP) per service session. However, this does not cater to the fact that the user attributes are scattered and stored across multiple IdPs. An attribute aggregation mechanism would allow a user to aggregate attributes from multiple providers and pass them to a Service Provider (SP) in a single service session which would enable the SP to offer innovative service scenarios. Unfortunately, there exist only a handful of mechanisms for aggregating attributes and most of them either require complex user interactions or are based on unrealistic assumptions. In this paper, we present a novel approach called the Hybrid Model for aggregating attributes from multiple IdPs using one of the most popular FIM technologies: Security Assertion Markup Language (SAML). We present a thorough analysis of different requirements imposed by our proposed approach and discuss how we have developed a proof of concept using our model and what design choices we have made to meet the majority of these requirements. We also illustrate two use-cases to elaborate the applicability of our approach and analyse the advantages it offers and the limitations it currently has.