A New User-Centric Identity Management Infrastructure for Federated Systems
In todays Information Systems, users present credentials with local significance, to be authenticated and gain access to internal functionality. Users have different login-password combinations for each online service, or even different credentials for different roles within a service. As a result they tend to make poor password choices that are easy to remember, or even repeat the same login-password information on different services. This poses security threats to service providers and a privacy risk for end-users. The solution is to shift to identity management systems. Such a system will issue a digital identity for every user and will be able to control the full life-cycle of these identities, from creation to termination. Another aspect of such a system is the single sign-on mechanism, whereby a single action of user authentication and authorization can permit the user to access multiple services. The benefits are improved security, accountability and privacy protection.