Federated dynamic authentication and authorization in daidalos

Abstract

this paper describes a dynamic authentication (AuthN) and authorization (AuthZ) (DAA) scheme based upon a virtual identity concept, as defined in the EU IST integration project Daidalos, in order to protect users' privacy and the integrity of their personal information. For multiple inter-domains, the federation concept is introduced, which states the trust relationship among different domains at different levels. A common framework to coordinate AuthN, AuthZ and users' personal information across different domains is established. The AuthN and AuthZ processes are clearly separated and implemented via SSO (Single Sign On). The Diameter protocol is used to exchange SAML assertions and AuthZ policy statements across domains and different AAA (AuthN, AuthZ and Accounting) solutions to realize service grouping management. A bootstrapping approach is used to ensure security of users' personal information © 2007 Springer.