Sciweavers

COMPSAC
2008
IEEE

Trade-off Analysis of Identity Management Systems with an Untrusted Identity Provider

14 years 7 months ago
Trade-off Analysis of Identity Management Systems with an Untrusted Identity Provider
—Internet users interact with multiple Web Service Providers (WSP), and therefore, must remember and manage multiple passwords. Users try to overcome the burden of password management by employing insecure solutions such as reusing the same password with several WSP. Identity management systems provide a solution for such problems. The common “assertion-based” Identity Management systems require a strong trust in the Identity Provider (IdP), which has the power to impersonate any of its users. However, such trust is unlikely to materialize in the global Internet setting. This paper uses a goal-oriented approach for analyzing trust trade-offs of Identity Management systems in the global Internet scenario. We analyze a new proposal for a global Identity Management system named SlashID. SlashID takes advantage of client-side cryptography to eliminate the required trust relationship between the IdP and end users. We analyze and compare the impact of trust trade-offs of the SlashID so...
Golnaz Elahi, Zeev Lieber, Eric S. K. Yu
Added 29 May 2010
Updated 29 May 2010
Type Conference
Year 2008
Where COMPSAC
Authors Golnaz Elahi, Zeev Lieber, Eric S. K. Yu
Comments (0)