Md. Sadek Ferdous

A comparative analysis of Identity Management Systems

In this paper, we present a comparative analysis of a few popular Identity Management Systems against a set of requirements. Identity Management and Identity Management Systems have gained significant attention in recent years with the proliferation of different web-enabled and e-commerce services leading to an extensive research on the field in the form of several projects producing many standards, prototypes and application models both in the academia and the industry. We have collected and compiled different requirements from different sources to profile an extensive set of requirements that are required for a Privacy-Enhancing Identity Management System and presented them in the form of a taxonomy. Then we have compared some Identity Management Systems against those requirements and presented them in a concise way to help readers find out instantly which systems satisfy what requirements and thus help them to choose the correct one to fit into their own scenarios.

Security Usability of Petname Systems

To have certainty about identities is crucial for secure communication in digital environments. The number of digital identities that people and organizations need to manage is rapidly increasing, and proper management of these identities is essential for maintaining security in online markets and communities. Traditional Identity Management Systems are designed to facilitate the management of identities from the perspective of the service provider, but provide little support on the user side. The difficulty of managing identities on the user side causes vulnerabilities that open up for serious attacks such as identity theft and Phishing. Petname Systems have been proposed to provide more user friendly and secure identity management on the user side. This paper provides an analysis of the Petname Model by describing its history and background, properties, application domains and usability issues with emphasis on Security Usability. By covering a broad set of aspects, this paper is intended to provide a comprehensive reference for the Petname System.

Dynamic Identity Federation Using Security Assertion Markup Language (SAML)

Security Assertion Markup Language (SAML, in short) is one of the most widely used technologies to enable Identity Federation among organisations from different trust domains. Despite its several advantages, one of the key disadvantages of SAML is the mechanism by which an identity federation is established. This mechanism lacks flexibility to create a federation in a dynamic fashion to enable service provisioning (or de-provisioning) in real time. Several different mechanisms to rectify this problem have been proposed. However, most of them require a more elaborate change at the core of the SAML. In this paper we present a simple approach based on an already drafted SAML Profile which requires no change of the SAML, rather it depends on the implementation of SAML. It will allow users to create federations using SAML between two prior unknown organisations in a dynamic fashion. Implicit in each identity federation is the issue of trust. Therefore, we also analyse in detail the trust issues of dynamic federations. Finally, we discuss our implemented proof of concept to elaborate the practicality of our approach.

Identity federations: A new perspective for Bangladesh

With a view to provide more effective, enhanced and accessible services to their citizens, Governments around the globe have started different web services under the initiative of e-Government. Many such services extensively utilise the Federated Identity framework due to its huge number of benefits. This paper analyses how different e-initiatives in Bangladesh can take advantage of this technology by illustrating use-cases in two different domains. As the online service and the e-Governance paradigm in Bangladesh are relatively new and evolving rapidly, we believe that this is the high-time to consider the benefits this technology can bring for the Government as well as the citizen.

My Day in Review: Visually Summarising Noisy Lifelog Data

Lifelogging devices, which seamlessly gather various data about a user as they go about their daily life, have resulted in users amassing large collections of noisy photographs (e.g. visual duplicates, image blur), which are difficult to navigate, especially if they want to review their day in photographs. Social media websites, such as Facebook, have faced a similar information overload problem for which a number of summarization methods have been proposed (e.g. news story clustering, comment ranking etc.). In particular, Facebooks Year in Review received much user interest where the objective for the model was to identify key moments in a users year, offering an automatic visual summary based on their uploaded content. In this paper, we follow this notion by automatically creating a review of a users day using lifelogging images. Specifically, we address the quality issues faced by the photographs taken on lifelogging devices and attempt to create visual summaries by promoting visual and temporal-spatial diversity in the top ranks. Conducting two crowdsourced evaluations based on 9k images, we show the merits of combining time, location and visual appearance for summarization purposes.

Mathematical Modelling of Identity, Identity Management and Other Related Topics

There exist disparate sets of definitions with different semantics on different topics of Identity Management which often lead to misunderstanding. A few efforts can be found compiling several related vocabularies into a single place to build up a set of definitions based on a common semantic. However, these efforts are not comprehensive and are only textual in nature. In essence, a mathematical model of identity and identity management covering all its aspects is still missing. In this paper we build up a mathematical model of different core topics covering a wide range of vocabularies related to Identity Management. At first we build up a mathematical model of Digital Identity. Then we use the model to analyse different aspects of Identity Management. Finally, we discuss three applications to illustrate the applicability of our approach. Being based on mathematical foundations, the approach can be used to build up a solid understanding on different topics of Identity Management.

Analysing attribute aggregation models in federated identity management

This paper presents a comparative analysis of different attribute aggregation models against a set of requirements in the settings of the Federated Identity Management (FIM). There are several attribute aggregation models currently available which allow the user to collate attributes from multiple identity providers (IdP in short) in a single service. These models impose different novel requirements which have never been analysed before and there lacks a thorough analysis of these models that will compare them side-by-side against a set of requirements. We aim to fill in these gaps in this work. We have formulated a set of trust, functional, security and privacy requirements that are needed for each model and shown the interlink between these requirements. These requirements have been used to compare the models side-by-side in tabular forms which would allow the readers to instantly identify the requirements for each model, the advantages it offers and the weaknesses it has.

Managing dynamic identity federations using security assertion markup language

Security Assertion Markup Language is one of the most widely used technologies to enable Identity Federations among different organisations. Despite its several advantages, one of its key disadvantages is that it does not allow creating a federation in a dynamic fashion to enable service provisioning (or de-provisioning) in real time. A few approaches have been proposed to rectify this problem. However, most of them require elaborate changes of the language and do not provide mechanisms to manage federations dynamically. This paper presents a better approach based on an already drafted Security Assertion Markup Language Profile and requires no change in its specification, rather it depends on the specific implementation. Our proposed approach covers all aspects regarding the management of dynamic Identity Federation. It will allow users to create federations dynamically between two prior unknown organisations and will allow them to manage such federations as long as it is required. Implicit in each identity federation is the issue of trust. Therefore, the trust issues involved in the management of dynamic federations are analysed in details. Finally, a proof of concept is discussed with a few use-cases to elaborate the practicality of our approach.

Mathematical Modelling of Trust Issues in Federated Identity Management

With the absence of physical evidence, the concept of trust plays a crucial role in the proliferation and popularisation of online services. In fact, trust is the inherent quality that binds together all involved entities and provides the underlying confidence that allows them to interact in an online setting. The concept of Federated Identity Management (FIM) has been introduced with the aim of allowing users to access online services in a secure and privacy-friendly way and has gained considerable popularities in recent years. Being a technology targeted for online services, FIM is also bound by a set of trust requirements. Even though there have been numerous studies on the mathematical representation, modelling and analysis of trust issues in online services, a comprehensive study focusing on the mathematical modelling and analysis of trust issues in FIM is still absent. In this paper we aim to address this issue by presenting a mathematical framework to model trust issues in FIM. We show how our framework can help to represent complex trust issues in a convenient way and how it can be used to analyse and calculate trust among different entities qualitatively as well as quantitatively.

CAFS: A Framework for Context-Aware Federated Services

In this paper we explore two issues: Federated Identity Management and Context-Aware Services. In the last decade or so we have seen these two technologies gaining considerable popularities as they offer a number of benefits to the user and other stakeholders. However, there are a few outstanding security and privacy issues that need to be resolved to harness the full potential of such services. We believe that these problems can be reduced significantly by integrating the federated identity architecture into the context-aware services. With this aim, we have developed a framework for Context-Aware Federated Services based on the Security Assertion Markup Language (SAML) and extensible Access Control Markup Language (XACML) standards. We have illustrated the applicability of our approach by showcasing some use-cases, analysed the security, privacy and trust issues involved in the framework and the advantages it offers.