research-article

Toward Interoperability Approach between Federated Systems

Authors:

Hasnae L'Amrani,

Badr Eddine Berroukech,

Younès El Bouzekri El Idrissi,

Rachida AjhounAuthors Info & Claims

BDCA'17: Proceedings of the 2nd international Conference on Big Data, Cloud and Applications

Article No.: 36, Pages 1 - 6

https://doi.org/10.1145/3090354.3090391

Published: 29 March 2017 Publication History

Abstract

The main evolution of web services and its exploitation enforce new security challenges, especially in terms of digital identity life cycle management. A set of Identity Management Systems exist to deal with these identities, in order to improve users' experience and gain secure access. Today we are faced with a large number of heterogeneous identity management approaches. In our study we treated several systems, among those, we present isolated model, centralized model, federated model and user centric model. The federated system makes proof of it eligibility for the identity management, therefore, we were interested in the federated model, which consist on the sharing of digital identity between different security domains, based on an agreement between the entities in communication. The Federated Identity Management (FIM) faces the problem of interoperability between heterogeneous identity federation systems. This study present a use case of interoperability among SAML and WS-Federation. We propose an approach that will permit to inter-operate heterogeneous federation systems and allow the exchange of identity data between them.

References

[1]

H. L'Amrani, B.E. Berroukech, Y. El Bouzekri El Idrissi, R. Ajhoun, Identity Management Systems: Laws of Identity for Models' Evaluation IEEE Cist'16, October 2016.

[2]

M. Ates, C. Gravier, J. Lardon, J. Fayolle, B. Sauviac, Interoperability between Heterogeneous Federation Architectures: Illustration with SAML and WS-Federation.

[3]

Oxford Computer Group (2007) Achieving Interoperability between active directory federation services and shibboleth. Available at: http://www.webarchive.org.uk, (Accessed: 16 November 2016).

[4]

Maler, E. (2008), Federated Identity Management: An Overview of Concepts and Standards, p. 29.

[5]

Carru, D. (2016) SP vs. IdP Initiated SSO. Available at http://blogs.oracle.com, (Accessed: 5 January 2017).

[6]

Kylau, U., Thomas, I., Menzel, M. and Meinel, C. (2009), Trust Requirements in Identity Federation Topologies.

[7]

OASIS (2008b) Security Assertion Markup Language (SAML) V2.0 Technical Overview. Available at: http://docs.oasis-open.org, (Accessed: 15 December 2016).

[8]

OASIS (2009) Web Services Federation Language (WS-Federation) Version 1.2. Available at: http://docs.oasis-open.org, (Accessed: 10 November 2016).

[9]

OASIS (2008), Identity Provider Discovery Service Protocol and Profile.

[10]

Hubert A. Le Van Gong, Deep-dive on SAML 2.0 vs. WS-Federation, huberts-blog, 2 March 2007.

[11]

Jøsang, J. Fabre, B. Hay, J. Dalziel, S. Pope. Trust Requirements in Identity Management. Australasian Information Security Workshop 2005 volume 44, pages 99--108, 2005.

[12]

Selon Georges F. (2009), &Lt; Identité numérique et représentation de soi: analyse sémiotique et quantitative de l'emprise culturelle du web 2.0 &Gt;, Réseaux, vol 2 (n°154),p. 165--193.

[13]

E. Bertino, K. Takahashi. Identity Management: Concepts, technologies and systems. Artech House, 194 pages, 2010

[14]

G. Harry, Écrivain, IAM: GESTION DES IDENTITES ET DES ACCES CONCEPTS ET ETATS DE L'ART. [Performance]. Le Centre national de la recherche scientifique, 2013.

[15]

Gestion des identités, juillet 2007 - CLUSIF Club de la sécurité de l'information français.

[16]

Identity federation using SAML and WebSphere software, IBM DeveloperWorks, Andrea Carmignani, Angelo Littera.

[17]

M. Benantar, Access Control Systems Security, Identity Management and Trust Models, New York: IBM Corporation, 2006.

[18]

G. Harry, "IAM - Gestion des identités et des accès: concepts et états de l'art," Centre Nationale de la Recherche Scientifique, 2013.

[19]

K. Cameron, "Identity Blog," Microsoft Corporation, 2005. [Online]. Available: www.identityblog.com. [Accessed December 2015].

[20]

Architecture-Based Hierarchical Interoperability Modeling and Evaluation of Internet Systems, Fande Yang, Huabing Han, and Song Wang. M. K. M. S. Gail-Joon Ahn, "Privacy-enhanced User-Centric Identity Management," IEEE ICC, 2009.

[21]

P. V B. D. D. V N. Jan Vossaert, "A Smart Card Based Solution for User-Centric Identity Management," Privacy and Identity IFIP AICT, p. 164--177, 2011.

[22]

M. L.-M. Uciel Fragoso-Rodriguez, "Federated Identity Architectures," Conference in technical cooperation Mcis, 2006.

[23]

E. Bertino, "Digital Identity Management and Trust Negotiation," in Security for Web Services and Service-Oriented Architectures, Berlin, Springer, 2010.

[24]

P. B. Nassar, "Gestion de la sécurité dans une infrastructure de services dynamique: Une approche par gestion des risques," 2012.

[25]

U. i. d. t.-S. D. L. N. D. L'UIT, "Langage de balisage d'assertion de sécurité (SAML2.0)". Patent X.1141, 2006.

[26]

M. E. Hughes J., "Security Assertion Markup Language (SAML) V2. 0," OASIS SSTC Working Draft, 2005.

[27]

M. U. Fragoso-Rodriguez, "Modèle de Respect de la Vie Privée dans une Architecture d'identié federee," 2009.

[28]

C. B. e. x. L. G. G. L. Maesano, Services Web en J2EE et .NET conception et implémentation, paris: ÉDITIONS EYROLLES 61, bd Saint-Germain 75240 Paris Cedex05, 2003.

[29]

G. Zhenhua, "Research and Implementation of a SAML-based SSO module," Institute of Network technology, Beijing University of Posts and Telecommunications, beging, 2012.

[30]

R. M. a. M. A. S. Umme Habiba, "Secure Identity Management System for Federated Cloud Environment," in Studies in Computational Intelligence, Springer International Publishing, 2015, pp. 17--33.

[31]

Fédération d'identités et propagation d'attributs avec Shibbotleth -- Tutoriel, JRES, 2005.

[32]

http://www.open-source-guide.com/Solutions/Developpement-et-couches-intermediaires/Authentification-federation-et-de-gestion-d-identite/Cas, May, 2016.

[33]

K. C. a. M. B. Jones, &Lt;Design Rationale behind the Identity Metasystem Architecture,&Gt; Identity blog.

[34]

X. L. a. F. Z. Yicun Zuo, &Lt;Towards a Dynamic Federation Framework Based on SAML and Automated Trust Negotiation,&Gt; WISM-Springer-Verlag, p. 254--262, 2010.

[35]

Marcos A. P. Leandro, Tiago J. Nascimento, Daniel R. dos Santos, Carla M. Westphall, Carlos B. Westphall, &Lt;Multi-Tenancy Authorization System with Federated Identity for Cloud-Based Environments Using Shibboleth,&Gt; ICN: The Eleventh International Conference on Networks, 2012.

[36]

Md. Sadek Ferdous, Gethin Norman, Audun Jøsang, Ron Poet, &Lt;Mathematical Modelling of Trust Issues in Federated Identity Management,&Gt; International Federation for Information Processing: IFIP, p. 13--29, 2015.

[37]

E. B. Fernandez, Security patterns in practice: designing secure architectures using software patterns, John Wiley Sons, 2013.

Digital Library

[38]

P. Beraud, &Lt;Approches technologiques pour la fédération des identités,&Gt; Microsoft Corporation, Août 2009.

[39]

D. I. d. S. d. e. d. Communication, &Lt;Référentiel Général d'Interopérabilité Standardiser, s'aligner et se focaliser pour échanger efficacement,&Gt; 2015.

[40]

E. Yahia, &Lt;Contribution à l'évaluation de l'interopérabilité sémantique entre systèmes d'information d'entreprise: Application aux systèmes d'information de pilotage de la production,&Gt; Université Henri Poincaré, Nancy 1, 2011.

[41]

H. K. e. al., &Lt;Chapter 7 Layers of Interoperability,&Gt; chez Organizational Interoperability in E-Government, Heidelberg, Springer, 2011.

[42]

H. L'Amrani, Y. El Bouzekri El Idrissi, R. Ajhoun, "The security of web services: Secure communication and identity management", BDCA15, CEUR proceding, pages 99--108, 2015.

Cited By

Du ZLi YFu YZheng X(2024)Blockchain-based access control architecture for multi-domain environmentsPervasive and Mobile Computing10.1016/j.pmcj.2024.10187898:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.pmcj.2024.101878
Belchior RRiley LHardjono TVasconcelos ACorreia M(2023)Do You Need a Distributed Ledger Technology Interoperability Solution?Distributed Ledger Technologies: Research and Practice10.1145/35645322:1(1-37)Online publication date: 14-Mar-2023
https://dl.acm.org/doi/10.1145/3564532
Badirova ADabbaghi SMoghaddam FWieder PYahyapour R(2023)A Survey on Identity and Access Management for Cross-Domain Dynamic Users: Issues, Solutions, and ChallengesIEEE Access10.1109/ACCESS.2023.327949211(61660-61679)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3279492
Show More Cited By

Recommendations

Federated Identity Management and Interoperability for Heterogeneous Cloud Platform Ecosystems
ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

This paper describes an approach to overcome the interoperability challenges related to identity management systems supporting cross-collaboration between heterogeneous manufacturing platforms. Traditional identity management systems have shown many ...
Interoperability between Heterogeneous Federation Architectures: Illustration with SAML and WS-Federation
SITIS '07: Proceedings of the 2007 Third International IEEE Conference on Signal-Image Technologies and Internet-Based System

Digital identity management intra and inter information systems, and, service oriented architectures, are the roots of identity federation. This kind of security architectures aims at enabling information system interoperability. Existing architectures, ...
The Venn of Identity: Options and Issues in Federated Identity Management

Digital identities can be associated with everything from people to software applications to entire companies, but human digital identities prove the most interesting and challenging. Human digital identities can simplify network usage and enable new ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

BDCA'17: Proceedings of the 2nd international Conference on Big Data, Cloud and Applications

March 2017

685 pages

ISBN:9781450348522

DOI:10.1145/3090354

Conference Chairs:
Mohamed Lazaar
ENSA, Tetuan, Morocco
,
Youness Tabii
ENSA, Tetuan, Morocco
,
Mohamed Chrayah
ENSA, Tetuan - Morocco
,
Mohammed Al Achhab
ENSA, Tetuan, Morocco

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Ministère de I'enseignement supérieur: Ministère de I'enseignement supérieur

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 March 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

BDCA'17

BDCA'17: 2nd international Conference on Big Data, Cloud and Applications

March 29 - 30, 2017

Tetouan, Morocco

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
117
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)1

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Du ZLi YFu YZheng X(2024)Blockchain-based access control architecture for multi-domain environmentsPervasive and Mobile Computing10.1016/j.pmcj.2024.10187898:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.pmcj.2024.101878
Belchior RRiley LHardjono TVasconcelos ACorreia M(2023)Do You Need a Distributed Ledger Technology Interoperability Solution?Distributed Ledger Technologies: Research and Practice10.1145/35645322:1(1-37)Online publication date: 14-Mar-2023
https://dl.acm.org/doi/10.1145/3564532
Badirova ADabbaghi SMoghaddam FWieder PYahyapour R(2023)A Survey on Identity and Access Management for Cross-Domain Dynamic Users: Issues, Solutions, and ChallengesIEEE Access10.1109/ACCESS.2023.327949211(61660-61679)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3279492
Nahar KGill A(2022)Integrated identity and access management metamodel and pattern system for secure enterprise architectureData & Knowledge Engineering10.1016/j.datak.2022.102038140:COnline publication date: 1-Jul-2022
https://dl.acm.org/doi/10.1016/j.datak.2022.102038
Belchior RPutz BPernul GCorreia MVasconcelos AGuerreiro S(2020)SSIBAC: Self-Sovereign Identity Based Access Control2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom50675.2020.00264(1935-1943)Online publication date: Dec-2020
https://doi.org/10.1109/TrustCom50675.2020.00264
L’Amrani HEl Bouzekri El Idrissi YAjhoun R(2020)Intermediary Technical Interoperability Component TIC Connecting Heterogeneous Federation SystemsMachine Intelligence and Big Data Analytics for Cybersecurity Applications10.1007/978-3-030-57024-8_24(521-539)Online publication date: 15-Dec-2020
https://doi.org/10.1007/978-3-030-57024-8_24

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents