The eIDAS Regulation aims to provide an interoperable European framework to enable EU citizens to authenticate and communicate with services of other Member States by using their national electronic identity. While a set of high-level requirements (...

Even though the cloud paradigm and its associated services has been adopted in various enterprise applications, there has been major issues with regard to authenticating users' critical data. Single Sign on (SSO) is a user authentication technique ...

The main evolution of web services and its exploitation enforce new security challenges, especially in terms of digital identity life cycle management. A set of Identity Management Systems exist to deal with these identities, in order to improve users' ...

Authentication for HPC resources has always been a double edged issue. On one hand, HPC facilities would like users to login as easily as possible, but with the increase and complexity of system exploits, HPC centers would like to protect their systems ...

The emerging Cloud computing technology, offering computing resources as a service is gaining increasing attention of both the public and private sector. For the whole hearted adoption of Cloud, the service providers need to ensure that only valid users ...

One of the challenges in a distributed data infrastructure is how users authenticate to the infrastructure, and how their authorisations are tracked. Each user community comes with its own established practices, all different, and users are put off if ...

CILogon provides a federated X.509 certification authority for secure access to cyberinfrastructure such as the Extreme Science and Engineering Discovery Environment (XSEDE). CILogon relies on federated authentication (SAML and OpenID) for determining ...

In this paper, we present an approach for identity and access management (IAM) in the context of (cross-organizational) service-oriented architectures (SOA). In particular, we defined a domain-specific language (DSL) for role-based access control (RBAC) ...

The JISC-funded Shintau project has produced an extension to the Shibboleth profile which allows a user to link information from more than one IdP together utilising a custom Linking Service (LS). This paper describes both the application and ...

In this paper, we present our experience implementing on the TeraGrid the "Science Gateway AAAA Model" we proposed in our 2005 paper. We describe how we have modified the model based on our experiences, the details of our implementation, an update on ...

Whilst the growing number of identity management systems have the potential to reduce the threat of identity attacks, major deployment problems remain because of the lack of interoperability between such systems. In this paper we propose a novel scheme ...

We present a new federated login capability for the TeraGrid, currently the world's largest and most comprehensive distributed cyberinfrastructure for open scientific research. Federated login enables TeraGrid users to authenticate using their home ...

In this paper, we discuss recent development and implementation efforts by the Earth System Grid (ESG) concerning its security infrastructure. ESG's requirements are to make user logon as easy as possible and to facilitate the integration of security ...

Having relevant, up-to-date information about a patient's health care history is often crucial for providing the appropriate treatment. In Denmark, IT systems have been built to support different work flows in the health sector, but the systems are ...

The work examines the identity discovery problems that needed to be addressed by the OpenID 2.0 protocol in order to enable a user-centric Internet identity layer. The paper illustrates how the OASIS XRI and XRDS specifications were applied to help ...

Delegation is a powerful mechanism to provide flexible and dynamic access control decisions. Delegation is particularly useful in federated environments where multiple systems, with their own security autonomy, are connected under one common federation. ...

The Security Assertion Markup Language (SAML) has established itself as one of the most advanced and popular standards in the Identity Federation and Assertion management space. SAML 2.0 has proved to be an almost complete specification, without ...

Identity Federation enables managing a single User's multiple Identities across administrative domains. Instead of forcing a single Identity for the User, it leverages trust between Service Providers to share User Identity information viz. ...

The problem of securely monitoring the grid, in which a group of different entities provide and exchanging confidential information has become a significant task for an efficient use of shared resources. In this paper, a Web based secure grid monitoring ...

Identity Federation technologies have enabled users to leverage their relationships with an Identity Provider (IdP) into a Service Provider's (SP) domain. They allow user-initiated and IdP-controlled sharing of authentication information, attributes and ...