[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ Skip to main content
Log in

A note on the anatomy of federation

  • Published:
BT Technology Journal

Abstract

Federation can be perceived as a security foundation accommodating federated identity management solutions. In this paper we analyse the structure and function of federations with the aim of revealing the essential elements and architecture principles of federation models. Firstly, we identify some fundamental concepts that underpin the structure and operation of a trust realm. Then we analyse how these aggregate to provide for identity management and trust brokerage in a federation. We then explain various federation models in terms of these concepts. Finally, we examine the current state of Web-based federation standards and products, indicate specific research challenges for the next generation of federation-enabling technology. The paper targets an audience of research professionals and practitioners with some security and software engineering background who wish to find out more about federation models, and it can also be useful to (security) architects and consultants who are considering different federation architecture options for their projects.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (United Kingdom)

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Pearlman L, Welch V, Foster I, Kesselman C and Tuecke S: ‘A Community Authorisation Service for Group Collaboration’, Globus Project (2002) — http://www.globus.org/alliance/publications/

  2. Shibboleth homepage — http://shibboleth.internet2.edu/

  3. OASIS XACML — http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml

  4. W3C Web Services Glossary, W3C Working Group note (February 2004) — http://www.w3.org/TR/ws-gloss/

  5. Shibboleth Identity Provider Deployment Guide (V1.3 / 2005-08) (2005).

  6. Duserick W (Ed): ‘Liberty Alliance: Whitepaper on Liberty Protocol and Identity Theft’, (February 2004).

  7. Bertino E, Bhargav-Spantzel A and Squicciarini A C: ‘Digital Management and Trust Negotiation’, CERIAS Technical Report 2005-46, CERIAS, Purdue University (2005).

  8. Skogsrud H, Benetallah B and Casati F: ‘Trust-Serv: Model Driven Life-cycle Management of Trust Negotiation Policies for Web Services’, Proc of 13th World Wide Web Conference 2004, ACM (May 2004).

  9. Ryutov T, Zhou L, Neuman C, Leithead T and Seamons K E: ‘Adaptive Trust Negotiation and Access Control’, Proc of 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden (2005).

  10. Winsborough W H, Seamons K E and Jones V E: ‘Automated Trust Negotiation’, DARPA Information Survivability Conference and Exposition, IEEE Press (January 2000).

  11. Winslett M, Yu T, Seamons K E, Hess A, Jacobson J, Jarvis R, Smith B and Yu L: ‘Negotiating Trust on the Web’, IEEE Internet Computing, 6, No6, pp 30–37 (2002).

    Article  Google Scholar 

  12. Web Services Trust Specification — http://msdn.microsoft.com/ws/2005/02/ws-trust/

  13. AuthZ, OGSA Authorisation Profile, Global Grid Forum — https://forge.gridforum.org/projects/ogsa-authz

  14. OASIS — http://www.oasis-open.org/specs/index.php

  15. OASIS security services TC: SAML 2.0 specification — http://docs.oasis-open.org/security/saml/v2.0/saml-2.0-os.zip

  16. Web Services Federation Specification (July 2003) — http: //www-128.ibm.com/developerworks/library/specification/ws-fed/

  17. WebSSO Interop — http://schemas.xmlsoap.org/ws/2005/04/ssi/

  18. Oasis XACML Profile for SAML 2.0 — http: //www.oasis-open.org/committees/download.php/5854/wd-xacml-saml-profile-02.pdf

  19. Akenti, Berkley Lab — http://dsd.lbl.gov/Akenti/

  20. Chadwick D, Dimitrakos T, Kleese-Van Dam K, MacRandal D, Matthews B and Otenko A: ‘Multilayer Privilege Management for Dynamic Collaborative Scientific Communities UK’, Workshop on Grid Security Practice (July 2004).

  21. Dimitrakos T, Djordjevic I, MacRandal D: ‘Enabling Dynamic Security Perimeters for Virtual Collaborations’, eChallenges Conference e-2004, IOS press (November 2004).

  22. Lepro R: ‘Cardea: Dynamic Access Control in Distributed Systems’, NAS Technical Report NAS-03-020, NASA Ames Research Center (2003).

  23. Lorch M et al: ‘First Experiences Using XACML for Access Control in Distributed Systems’, ACM Workshop on XML Security, Fairfax, VA, USA (Copyright (C) Sun Microsystems, Inc and Association for Computing Machinery) (October 2003).

  24. Djordjevic I and Dimitrakos T: ‘An Architecture for Dynamic Security Perimeters of Virtual Collaborative Networks’, IFIP/IEEE NOMS (2004).

  25. Gebel G: ‘Multiprotocol Federation Interoperability Demonstration’, Burton Group Identity and Privacy Strategies, Identity Management Technology Thread (November 2005) — http://www.burtongroup.com

  26. Dimitrakos T et al (Eds): ‘Grid and Web Services Security: technology and innovation roadmap’, Internal BT Technical Report, Security Research Centre (October 2005).

  27. Dimitrakos T, Golby D and Kearney P: ‘Towards a Trust and Contract Management Framework for Dynamic Virtual Organisations’, eChallenges Conference e-2004, IOS press, (November 2004).

  28. Dimitrakos T, Wilson M and Ristol S: ‘TrustCoM — A Trust and Contract Management Framework Enabling Secure Collaborations in Dynamic Virtual Organisations’, ERCIM news magazine — Special Issue: ‘Grids — the next generation’ (October 2004).

Download references

Authors

About this article

Cite this article

Djordjevic, I., Dimitrakos, T. A note on the anatomy of federation. BT Technol J 23, 89–106 (2005). https://doi.org/10.1007/s10550-006-0011-3

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10550-006-0011-3

Keywords

Navigation