Abstract

Open and distributed nature of Internet assists users to use online services for the benefits of costs, time and efficiency. ¬¬To avail theses services users are required to submit their credentials for the purpose of registration and further verification. The credentials supplied by a user may not be sufficient enough to grant the access to the requested service and a further verification may need to be carried by demanding some confidential and secret credentials from the user. Much has been talked about federated identity management, which makes possible to utilize the existing Identity management systems for realizing authentication and authorization decisions. In a federated system, identity provider plays an important role and issues the certified credentials which can be utilized at the service provider’s end. The scalability of such system is limited due to the need of identity provider to act as a central authority and maintain credentials of ever growing large number of requesters. As more and more portals are offering online services, there is a strong need to provide authentication and authorization independent of any central authority. This paper proposes a new architecture which eliminates the role of centralized authority for managing and issuing users’ credentials. The proposed architecture allows keeping the right of disclosure of attributes under the sole control of user and also ensures that the user is not able to modify the confidential credentials which have been registered and verified by various trusted authorities. Decentralized diverse attributes based verification architecture can be used as an enabling technology for supporting web based operations.

References

• S. Farrell, An Internet Attribute Certificate Profile for Authorization, http://www.ietf.org/rfc/rfc3281.txt
• Ioannis Mavridis, Christos Georgiadis, George Pangalos, marie Khair, “Access Control based on Attribute certificates for Medical Internet applications”, Journal of medical Internet Research, Vol 3, 2001.
• David Chadwick, “The X.509 Privilege Management Infrastructure”, http://sec.cs.kent.ac.uk/download/X509pmiNATO.pdf, 2002
• David W. Chadwick, Alexander Otenko, and Edward Ball,” Role-Based Access Control With X.509 Attribute Certificates”, IEEE internet computing, march-april 2003, pp. 62 – 69.
• J. F d an d M. F. Hanarejos , “Web-based Authorization based on X.509 Privilege Management Infrastructure “,IEEE Pacific Rim Conference on Communications, Computers and signal Processing, 2003.
• S. Cantor. “Shibboleth Architecture, Protocols and Profiles”, Working Draft 02. 22 September 2004, http://shibboleth.internet2.edu/
• D. Chappell, “Introducing Windows CardSpace”, Microsoft MSDN website, 2006, http://msdn.microsoft.com/enus/library/aa480189.aspx.
• David W Chadwick,” Authorisation using Attributes from Multiple Authorities”, Proceedings of the 15th IEEE International Workshops on Enabling Technologies Infrastructure for Collaborative Enterprises 2006.
• Frikken K, Atallah M, Jiangtao Li, “Attribute-Based Access Control with Hidden Policies and Hidden Credentials”, IEEE Transactions on Computers, Volume 55, Issue 10, Page(s): 1259 – 1270, Oct. 2006.
• Shen Hai Bo, Hong Fan, “An attribute based access control model for web services”, Proceeding of the 7th International Conference on Parallel and Distributed Computing, Applications and Technologies, IEEE 2006
• Nirmal Dagdee, Ruchi Vijaywargiya,” Access control methodology for sharing of open and Domain confined data using Standard Credentials”, International Journal on Computer Science and Engineering Vol.1(3), 2009, 148-155.
• Regina N. Hebig et al., “A Web Service Architecture for Decentralized Identity- and Attribute-based Access Control”, IEEE International Conference on Web Services, 2009
• Michal Prochazka et al., “User Centric Authentication for Web Applications”, IEEE, 2010, 67-74.
• Rajender Nath, Gulshan Ahuja, “A Fine Grained AccessControl Model Based on Diverse Attributes”, Global Journal of Computer Science & Technology, Volume 11 Issue 15 Version 1.0, August-September 2011 USA.