Mikaël Ates

Interoperability between Heterogeneous Federation Architectures: Illustration with SAML and WS-Federation

Digital identity management intra and inter information systems, and, service oriented architectures, are the roots of identity federation. This kind of security architectures aims at enabling information system interoperability. Existing architectures, however, do not consider interoperability of heterogeneous federation architectures, which rely on different federation protocols. In this paper, we try to initiate an in-depth reflection on this issue, through the comparison of two main federation architecture specifications: SAML (Security Assertion Markup Language) and WS-Federation. We firstly propose an overall outline of identity federation. We furthermore address the issue of interoperability for federation architectures using a different federation protocol. Afterwards, we compare SAML and WS-Federation. Eventually, we define the ways of convergence, and therefore, of interoperability.

A warning on how to implement anonymous credential protocols into the information card framework

Unlinkability is a privacy feature supported by those multi-party security protocols allowing anonymous users’ credential exchanges among different organizations. Proper signature schemes, based on discrete logarithms, must be used in order to guarantee the above requirements as well as selective disclosure of information. In this paper, we highlight that whenever a concrete architecture based on the above protocols is implemented, some aspects concerning how to manage the association between bases of discrete logarithms and attributes used in attribute certificates should be carefully considered, in order to guarantee that unlinkability really holds. We show that the problem is concrete by testing that the state-of-the-art implementation suffers from the above problem. A general solution is also proposed.

Remote laboratories: Proposed guidelines

In this paper, we provide a literature review of modern remote laboratories. According to this state-of-the-art, we explain why remote laboratories are at a technological crossroad, whereas they were slugging for a decade. From various observations based on our review, we try to identify possible evolutions for the next generation of remote laboratories.

Complex federation architectures: stakes, tricks & issues

In this article, we expose the basics of distributed identity management systems and characterize what makes an identity federation architecture a singular one. We depict the evolutions and current trends of the interconnection of information systems by exposing what could be a global identity management system issued from the convergence of multiple identity federations. Thereby, we expose the expected functionalities of such an architecture and we also describe the basic distributed identity management mechanisms necessary for their deployment. Then, we discuss about privacy concerns and why some of these functionalities should be implemented carefully.

PRIVACY FOR RFID-ENABLED DISTRIBUTED APPLICATIONS - Design Notes

The concern of this paper is RFID systems coupled with distributed applications. We do not treat known RFID attacks, we rather focus on the best way to protect the identity mapping, i.e. the association of a tag identifier, which can be obtained or deduced from the tags or communications including the tags, and the real identity of its carrier. We rely on a common use case of a distributed application and a modelling approach.

The User-Centric Vision Matches Credentials Exchanges

The users must face two main concerns in their digital lives, interactions and privacy, especially in identity federation architectures. Their environment and requestor client largely influence these concerns. A rich user environment issued from a user-centric vision on identity management architectures may be helpful for usability and privacy. In this paper we expose facts about the identity federation and the user digital life concepts. We then shape a user environment dedicated to identity management, and we establish some assumptions about future user environments and identity credentials implementations.

Marrying Heterogeneous Circles of Trust: No Silver Bullet Yet

Numerous business and state‐owned entities assert the need of secured information exchanges on digital identities based on trusted third parties. Entities trusting each other create a federation. At first, it is necessary for them to formalize this alliance with legal documents. In a second time, an architecture of identity federation will allow them to establish technical trust links, creating a circle of trust, most often with a public key infrastructure. The real challenge for the identity federation domain is the interoperability of information systems thanks to normalized and standardized protocols, that is to say, realize interconnection of circles of trust.

Contribution in Adaptating Web Interfaces to any Device on the Fly: The HCI Proxy

Lot of work has been done on the adaptation of UIs. In the particular field of Web UI adaptation, many research projects aim at displaying web content designed for PCs on poorer supports. In this paper, we present previous work in the domain and then our proxy architecture, HCI proxy, to test solutions for the problem of adapting Web UIs for mobile phones, PDA and smartphones but also for TVs through browser‐embedding STBs, and this on the fly.