6th International ICST Conference on Communications and Networking in China

Research Article

A Federated Identity Management System with Centralized Trust and Unified Single Sign-On

  • @INPROCEEDINGS{10.1109/ChinaCom.2011.6158260,
        author={Jian Jiang and Haixin Duan and Tao Lin and Fenglin Qin and Hong Zhang},
        title={A Federated Identity Management System with Centralized Trust and Unified Single Sign-On},
        proceedings={6th International ICST Conference on Communications and Networking in China},
        publisher={IEEE},
        proceedings_a={CHINACOM},
        year={2012},
        month={3},
        keywords={federated identity management (fim) single sign-on (sso) indirect authentication exchange},
        doi={10.1109/ChinaCom.2011.6158260}
    }
    
  • Jian Jiang
    Haixin Duan
    Tao Lin
    Fenglin Qin
    Hong Zhang
    Year: 2012
    A Federated Identity Management System with Centralized Trust and Unified Single Sign-On
    CHINACOM
    IEEE
    DOI: 10.1109/ChinaCom.2011.6158260
Jian Jiang1, Haixin Duan1, Tao Lin1, Fenglin Qin2,*, Hong Zhang1
  • 1: Tsinghua University
  • 2: Shandong University
*Contact email: qfl@sdu.edu.cn

Abstract

Federated identity management (FIM) is an effective technology that allows multiple organizations to share resources with each other. Proposed FIM solutions have faced deployment and maintenance barriers caused by lack of effective trust management mechanism. In this paper, we present a FIM system with a centralized trust management component named TSP. TSP can automatically establish trust relationship between federation parties in runtime with inexpensive overhead. We also propose a new interaction mode, indirect authentication exchange, to unify network access authentication with application level Single Sign-On (SSO) as an integrated one-step authentication. With the features of centralized trust management and indirect authentication exchange, FIM system can be more easily and flexibly deployed and maintained. We have implemented a prototype to demonstrate the feasibility of proposed features.