International Conference on Emerging Security Information, Systems and Technologies

A Survey of User-centric Identity Management Technologies

Tewfiq El Maliki, Jean-Marc Seigneur,

University of applied sciences of Geneva, University of Geneva
[email protected], [email protected]

Abstract today’s requirements. Finally, we discuss future work

and draw our conclusions in Section 4.
Computing anytime anywhere is more and more the
2. Evolution of Identity Management
rule. In this ambient intelligent world, the choice of
identity mechanisms will have a large impact on its Requirements
social, cultural, business and political aspects. Privacy
is a human need and the whole of society would suffer In this section, we first define what we mean by
from its demise. Moreover, people have a hectic life digital identity. In subsection 2.2, we summarize the
and cannot spend their time administering their digital different requirements for successful identity
identities. In this paper, we survey how the management.
requirements for identity management have evolved,
and their associated technologies, with emphasis on the 2.1 Digital Identity Definition
federated approaches and user-centricity.
A digital identity is a representation of an entity in a
1. Introduction specific context [18]. For many years, a digital identity
was considered as the equivalent of our real-life
Anytime, anywhere mobile computing is becoming identity which indicates some of our attributes:
easier, more attractive and even cost-effective: the a. who we are, Name, Citizenship, Birthday;
mobile devices carried by the roaming users offer more b. what we like, our favorite reading, food,
and more computing power and functionalities clothes, etc;
including sensing and providing location-awareness[1]. c. what our reputation is, whether we are honest,
A lot of computing devices are also deployed in the without any problems, etc.
environments where the users evolve; for example, A digital identity was seen as an extended identity card
intelligent home appliances or RFID-enabled fabrics. or passport containing almost the same information.
In this ambient intelligent world, the choice of the However, recent work [4] has argued that the link
identity mechanisms will have a large impact on social, between the real-world identity and a digital identity is
cultural, business and political aspects. Moreover, not always mandatory. For example, on e-Bay what
Internet of things will generate more complicated matters is to know whether the seller's reputation has
privacy problems [2]. Therefore, the whole of society been good and that the seller can prove that she
would suffer from the demise of privacy which is a real controls that specific digital identity. It is less
human need. As people have a hectic life and cannot important to know that her real-world national identity
spend their time administering their digital identities, is from the Bermuda Islands, where suing anybody is
we need consistent identity management platforms and rather unlikely to succeed. It should be underlined that
technologies enabling usability and scalability among in a major identity management initiative [5], a digital
others [3]. In this paper, we survey how the identity is defined as “the distinguishing character or
requirements for identity management have evolved personality of an individual. An identity consists of
and their associated technologies. traits, attributes, and preferences upon which one may
The paper is organized as follows. First, we receive personalized services. Such services could exist
present the evolution of identity management online, on mobile devices, at work, or in many other
requirements. Section 3, we survey how the more places”, that is, without mentioning a mandatory link
advanced identity management technologies fulfill to the real-world identity behind the digital identity.

0-7695-2989-5/07 $25.00 © 2007 IEEE 12

DOI 10.1109/SECURWARE.2007.6
 provider for the MSN and Microsoft properties, and to
2.2. Identity Management Overview be an identity provider for the Internet. However, with
Passport, Microsoft was suspected by many persons of
A model of identity can be seen as follows [6]: intending to have absolute control over the identity
¾ User who wants to have access to a service information of Internet users and thus exploiting them
¾ Identity Provider (IdP): is the issuer of user for its own interests. Passport failed to become the
identity Internet identity management tool. Since then,
¾ Service Provider (SP): is the relay party imposing Microsoft has clearly understood that an identity
identity check management solution cannot succeed unless some
¾ Identity (Id) : is a set of user’s attributes basic rules are respected [8]. Those rules have been
Id management systems are elaborated to deal with the taken into account in the new user-centric identity
following core facets [7]: paradigm, that is:
9 Management: The amount of digital identities per 1. Empowering the total control of users over their
person will increase, so the users need convenient privacy;
support to manage these identities and the 2. Usability, since users use the same identity for
corresponding authentication. each identity transaction ;
9 Reachability : The management of reachability 3. Giving a consistent user’s experience thanks to
allows users to handle their contacts to prevent uniformity of identity interface ;
misuse of their address (spam) or unsolicited 4. Limiting identity attacks i.e. Phishing ;
phone calls 5. Limiting reachability/disturbances(spam
9 Authenticity: Ensuring authenticity with reduction)
authentication, integrity and non-repudiation 6. Reviewing policies on both sides when necessary,
mechanisms can prevent identity theft. identity providers and service providers (web
9 Anonymity and pseudonymity: providing sites);
anonymity prevents tracking or identifying the 7. Huge scalability advantages since the Identity
users of a service. Provider does not have to get any prior
9 Organization of personal data management: A knowledge about the Service Provider;
quick method to create, modify or delete work 8. Assuring secure conditions when exchanging data;
accounts is needed, especially in big organizations. 9. Decoupling digital identity from applications ;
10. Pluralism of Operators and Technologies
Without improved usability of identity management[7],
for example, weak passwords used by users on many 3. The Requirements Fulfilled by Current
Web sites, the number of successful attacks will remain Identity Management Technologies
high. To facilitate interacting with unknown entities,
simple recognition rather than authentication of a real- This section provides an overview of identity
world identity has been proposed, which usually management solutions from identity 1.0 in subsection
involves manual enrolment steps in the real-world [4]. 3.1 to identity 2.0 in subsection 3.2 and how they
Usability is indeed enhanced, if there is no manual task address the requirements introduced in Section 2. We
needed. There might be a weaker level of security but will focus on related standards XRI and LID issued
that level may be sufficient for some actions, such as, from the Yadis project, and platforms mainly Liberty
logging to a mobile game platform. Single Sign-On Alliance ID-WSF, Shibboleth, OpenID, InfoCard, Sxip
(SSO) is the name given to the requirements of and Higgins. At the end, we summarize in a table how
eliminating multiple passwords issues and dangerous each one covers each of the 10 requirements
password. When we use multiple user ID’s and introduced in Section 2.
passwords just to use the email system and file servers
at work, we feel the inconvenience that comes from 3.1 Identity Management 1.0
having multiple identities. The second problem is the
scattering of identity data which causes problems for In the real world I use my identity card to prove
the integration of IT systems. Moreover, SSO who I am. How about the online world?
simplifies the end-user experience and enhances The first digital identity appeared when the user was
security via identity-based access technology. associated with the pair (username, password) or any
Microsoft first large identity management system was other shared secret. This method is used for
the Passport Network. It was a very large and authentication when connecting to an account or a
widespread Microsoft internet service to be an identity

13
directory. It proves your identity if you follow the The evolution of identity management systems also
guidelines strictly, otherwise there is no proof. tends towards a simplification of user experience and
In fact, it is a single authority using an opaque trust reinforcing authentication. It is well known that poor
decision without any credentials (cryptographic proofs) usability compromises authentication. A new paradigm
choice or portability. should be introduced to solve these problems while
In the context of web access, the user must enroll for still being compatible at least with federated identity
every non-related service, generally with different user management.
interfaces and follows diverse policies and protocols. Therefore, a user oriented paradigm, called user-centric
Thus, the user has a non-consistent experience and identity management, has emerged[6,9]. This paradigm
deals with different identity copies. In addition, some is embraced by multiple industry products and
problems related to privacy have also emerged. Indeed, initiatives such as Microsoft Cardspace [12], Sxip [13]
our privacy can be potentially compromised by and Higgins Trust Framework [14]. This is Identity
websites. It is clear that sites have a privacy policy, but 2.0.
there is no control from the user on his identity. What
are the conditions for using these data? How can we 3.2. Identity Management 2.0
improve our privacy? And to what granularity will we
allow them to use it? In this section, we will explain the most popular
The same problem comes up when accessing identity management 2.0 platforms and protocols.
resources. The more resources, the more management
we have to have. It is an asymmetric trust; and the 3.2.1 XRI/XDI
policy decision may be opaque.
It allows access with an opaque trust decision and a XRIs (EXtensible Resource Identifier) [15] offer a
single centralized authority without a choice of human-friendly form of persistent identifier. That’s
credentials. It is a silo model [9] because it is neither why it is a convenient identifier for SSO systems. They
portable nor scalable. This is Identity 1.0. support both persistent and reassignable identifiers in
The identity management problems appeared in the the same syntax and establish a global context symbol.
1980s. The first identity management system was the Moreover, they enable identification of the same
Rec. X.500, developed by ITU [10], covering directory logical resource in multiple contexts and multiple
services like Directory Access Protocol (DAP). ISO versions of the same logical resource. XRI is about
was also associated with the development of the Addressing. XDI (XRI Data Exchange) is about Data
standard. Like a lot of ITU standards, this one was very Sharing protocols and uses basically XRI. Both XRI
heavy and complex. A “light” version appeared in the and XDI are being developed under the support of
1990s for DAP. This was LDAP which was OASIS. I-name and I-number registry services for
standardized by the IETF, widely used and adopted by privacy-protected digital addressing use XRI. It can be
Netscape. Microsoft has invented an equivalent Active used as an identifier for persons, machines and agents.
Directory, and for users, they introduced Passport. It is
also the ITU which standardized X.509 for identities 3.2.2 ID-WSF/Liberty
related to certificates. This is currently the
recommended format. It is a small file, generated by a In 2001, a business alliance was formed to serve as
certification authority. open standards organization for federated identity
If there is a loss or a usurpation of the certificate, it can management; it was named the Liberty Alliance [9]. Its
always be revoked by the certification authority. goals are to guarantee interoperability, support privacy,
This is for single users, but what about enterprises that and promote adoption of its specifications, guidelines
have automated their procedures and have a and best practices. The key objectives of the Liberty
proliferation of applications with de-provisioning but Alliance are to:
are still in a domain-centric model? What about 9 Enable users to protect their privacy and identity
resources shared between domains? 9 Enable SP’s to manage their client lists;
The Silo model is not interoperable and is deficient in 9 Provide an open federated SSO;
many aspects. That’s why a federated identity 9 Provide a network identity infrastructure that
management model is now emerging and it is very supports all current emerging network access
appreciated by enterprises. A federated identity devices.
management system consists of software components Liberty Alliance’s work in the first phase is to enable
and protocols that handle the identity of individuals in federated network identity management. Among
a decentralized manner throughout their identity life others, it offers SSO and linking accounts in the set of
cycle. [11]

14
SPs’ in the boundary of the trust circle. The work in protocols. OpenID authentication 2.0 is becoming an
this phase is referred to as Identity Federation open platform that supports both URL and XRI user
Framework (ID-FF). identifiers. A URL uses an IP or DNS resolution and is
In the second phase, the specifications offer enhanced unique and ubiquitously supported. It can be a personal
identity federation and interoperable identity-based digital address used as well as by bloggers, even
web services. This body is referred to as Identity Web though it is not yet largely used
Services Framework (ID-WSF). This framework The first layer supports users’ identification. OpenID
involves support of the new open standard such as WS- can identify a user using an URL or an XRI address.
Security developed in OASIS. The Security Assertion Light-Weight Identity (LID) is the original URL-based
Markup Language (SAML) is another OASIS identity protocol, and is now part of OpenID. LID is a
specification [17] that provides a set of rules for the set of protocols capable of representing and using
structure of identity assertions, protocols to move digital identities on the Internet in a simple manner,
assertions, bindings for protocols to typical message without relying on any central authority. LID supports
transport mechanisms, and profiles. Indeed, SAML is a digital identities for humans, human organizations and
set of XML and Simple Object Access Protocol non-humans (e.g. software agents, things, websites,
(SOAP) based services and formats for the exchange of etc.). It implements Yadis [22], a meta-data discovery
authentication and authorization information between service and is pluggable on all levels. On top of the
security systems. first layer, the Yadis layer is used for identity service
The Liberty Alliance specifications rely heavily on discovery for URLs and XRI resolution protocol. It
other standards such as SAML and WS-Security which uses the OASIS format called XRDS (Extensible
defines mechanisms implemented in SOAP headers. Resource Description Sequence). At the authentication
These mechanisms are designed to enhance SOAP layer, a user can prove his/her own URL or I-name
messaging by providing a quality of protection through using a credential. OpenID does not need a centralized
message integrity, message confidentiality, and single authority for enrollment and it is therefore a federated
message authentication. identity management. To ensure anonymity, IdP can
The WS-* (the Web Services protocol specifications) randomly generate a digital address used specially for
are a set of specifications that is currently under this SP. The user-centric method is realized in three
development by Microsoft and IBM. It is a part of steps:
larger efforts to define a security framework for web a. The users choose their digital identity
services, the result of the proposals are often referred b. The users choose their IdP
to as WS-*. It includes specifications such as WS- c. The users choose their SP
Policy, WS-Security Conversation, WS-Trust, and OpenID is already available on well-known Web
WS-Federation. This latter has functionality for platforms (e.g. Drupal, WordPress, etc) and its take-up
enabling pseudonyms and attribute-based interactions. seems promising.
Therefore, WS-Trust has the ability to ensure security
tokens as a means of brokering identity and trust across 3.2.5 Microsoft InfoCard/Cardspace
domain boundaries [18].
By providing users with a way to select identities
3.2.3 Shibboleth and more, Windows CardSpace (formerly Infocard)
plays an important role in the identity meta-system.
Shibboleth [19] is a project whose goal is to allow InfoCard implements the core of the Identity
universities to share their web resources subject to Metasystem, using open standard protocols to
control access. Thereby, it allows inter-operation negotiate, request and broker identity information
between institutions. It develops architectures, policy between trusted IdPs and SPs.
structure, practical technologies, and an open source In the terminology of Microsoft, the relying party is a
implementation. The key concept includes “federated” service provider (SP) in our model. To prove an
management identity whose meaning is almost the identity on a network, the user emits credentials which
same as the Liberty term’s [20]. are some proof of his identity. For example, in the
simplest digital identity, the user’s name is the identity,
3.2.4 OpenID while the password is said to be the authentication
credential. In the terminology of Microsoft and others,
The intent of the OpenID framework specifies they are called security tokens and contain one or more
layers that are independent and small enough to be claims. Each claim contains information about the user,
acceptable and adopted by the market [21]. The version like his/her name or home address, etc. In addition, the
1.0 has dealt with http-based URL authentication security token encloses proofs that the claims are

15
correctly emitted by the real user and belong to him. 9 the need for interoperability,
This could be done cryptographically by using 9 the need to respond to regulator, public or
different forms such as X.509 certificates and Kerberos customer pressure to implement solutions based
tickets but unfortunately, it is not practical for on trusted infrastructures that offer security and
transmitting different kinds of claim. As seen before, privacy, and
the standard SAML is the best for this purpose as it can 9 the lack of common interfaces for
be used to define security tokens. identity/networking systems.
Using context providers, directories and
3.2.6 SXIP communication technologies (e.g. Microsoft/IBM, WS-
*, LDAP, email, etc.) can be plugged into the Higgins
The Simple eXtensible Identity Protocol (SXIP) was framework. Higgins has become an Eclipse plug-in,
designed to provide an Internet-scalable and user- and is a project of the Eclipse Foundation. Higgins is
centric identity architecture that imitates real-world suitable for developers, users and enterprises. Higgins
interactions. relieves the developers from knowing all the details of
If a SP has integrated SXIP in his Website, which is multiple identity systems, thanks to one API that
easily done by using SDKs, it is a Membersite. When a supports many protocols and technologies: CardSpace,
subscriber of SXIP would like to have access to this OpenID, XRI, LDAP, etc. Applications written with
Membersite: the Higgins API can integrate the identity, profile, and
a) he types his URL address and clicks on [sxip in], relationship information into these heterogeneous
b) he types his URL identity issued by IdP (called systems. The Higgins Project is supported by IBM and
Homesite), Novell and thwart InfoCard Microsoft’s project.
c) the browser is redirected to the Homesite,
d) he enters his username and password, being 3.2.8 Summary Table
informed that the Membersite has requested data,
selects the related data and verify it and can select The ten requirements are those listed at the end of
to automatically release data for other visit to this Section 2. A White box means that the requirement is
Membersite and confirms, not covered, grey partially and black fully fulfilled.
e) the browser is redirected to the Membersite,
Table 1: Evaluation of Id 2.0 technologies
f) the user has access to the content of the site.
Requirement 1 2 3 4 5 6 7 8 9 10
SXIP 2.0 is a platform based on a fully decentralized
architecture providing an open and simple set of XRI/XDI
processes to exchange identity information. SXIP 2.0 ID/WSF
has significantly reduced the problems resulting from
moving identity data from one site to another. It is an Shibboleth
URL-based protocol that allows a seamless user’s
experience and fits the user-centric paradigm exactly. CardSpace
With this, the user has a full control over his identity OpenID
and has an active role in the exchange of his identity
data. Therefore, he can benefit from the portable SXIP
authentication to connect with many websites.
Thereby, the user has more choices and convenience Higgins
when exchanging his identity data and he indirectly
enables websites to offer enhanced services to their We can remark that Higgins fulfill the maximum of
subscribers. the requirements.

3.2.7 Higgins 4. Conclusion

Higgins is an open source trust framework that Internet is more useful than ever in many fields but it
enables users and enterprises to adopt, share across has intensified the dangers of all risks, because internet
multiple systems and integrate to new or existing was developed without any identity layers. Indeed,
applications, digital identities, profiles, and cross- password fatigue and online fraud is a growing
relationship information. The platform intends to take problem and is shaking users' confidence in the safety
up four challenges: and security of the internet. To ensure those in internet,
9 the need to manage multiple contexts,

16
a mechanism was introduced allowing a mutual [13] J. Merrels, SXIP Identity. DIX: Digital Identity
identification of both the user and the site, and Exchange Protocol. Internet Draft, March 2006.
exploitable by everyone everywhere. Moreover the [14] Higgings Trust Framework project,
user is in the middle of the system. http://www.eclipse.org/higgins/, 2006.
That’s why the identity management systems have
[15] OASIS Working Draft Version 04, “An Introduction to
progressed and really evolved from silo models to
XRIs”, 2005.
federated user-centric models through centralized
models among others. These technologies deal with the [16] Liberty Alliance, Liberty ID-FF Architecture Overview.
problems of digital identity by managing and Liberty Alliance Project, 2005.
disclosing identity information in an open and standard [17] OASIS, Conformance Requirements for the OASIS
way. Security Assertion Markup Language (SAML) V.20, 2005.
All identity systems will coexist and they will all offer
[18] Teruko MIYATA and al., “A Survey on Identity
sufficient unique capabilities that will allow them to Management Protocols and Standards”, IEICE TRANS. INF
grow independently to some extent. In spite of the & SYST, 2006.
unique capabilities, there is a significant degree of
duplication of functionality between the various [19] Shibboleth project, http://shibboleth.internet2.edu/.
systems. A convergence between the systems would [20] Liberty Alliance, “Liberty Developer Tutorial”
eliminate such duplications and result in a simpler http://www.projectliberty.org/.
identity landscape. Indeed, Higgins’ and Liberty
[21] David Recordon VeriSign Inc, Drummond Reed,
Alliance’s projects offer a good convergence. “OpenID 2.0: A Platform for User-Centric Identity
Management”, 2006.
5. References
[22] Yadis, Yadis specification 1.0, http://yadis.org/ .

[1] G. Roussos, U. Patel, “Mobile Identity Management: An

Enacted View”, Birkbeck College, University of London,
City University, London, 2003.
[2] A., Westin, “Privacy and Freedom”. Athenaeum, New
York, NY, 1967.
[3] J. Madelin et al., BT report on: “Comprehensive identity
management Balancing cost, risk and convenience in identity
management”, 2007.
[4] J.-M. Seigneur, “Trust, Security and Privacy in Global
Computing”, PhD Thesis, Trinity College Dublin, 2005.
[5] Introduction to the Liberty Alliance Identity Architecture.
Rev. 1.0, March 2003.
[6] A. Bhargav Spantzel et al. “User Centricity: A Taxonomy
and Open Issues”, IBM Zurich Research Laboratory, 2006.
[7] Independent Center for Privacy Protection (ICPP) and
Studio Notarile Genghini (SNG), “Identity Management
Systems (IMS): Identification and Comparison Study”, 2003.
[8] Cameron, K. “Laws of Identity”, 2005.
[9] A. Jøsang and S. Pope, “User Centric Identity
Management”, AusCERT Conference 2005.
[10] ITU (International Telecommunication Union),
Geneva, http://www.itu.org/.
[11] A. Jøsang, al., “Usability and Privacy in Identity
Management Architectures”, (AISW2007), Ballarat,
Australia, 2007.
[12] Microsoft, A technical ref. for InfoCard in windows
http://msdn.microsoft.com/winfx/reference/infocard/, 2005.

17